Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems Running TDSSKiller


  • Please log in to reply
15 replies to this topic

#1 brianbli

brianbli

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 12:13 AM

Hi,

I am experiencing problems with TDSSKiller.exe while attempting to remove System Fix. In doing so, I followed the steps set out in here and the instructions in here to remove TDSS. However no matter what I rename the file tdsskiller.exe as, it refuses to run. I have also run DeFogger and disabled CD emulation programs but that has not helped either. Despite this, I carried on with the rest of the steps as set out in the first link, and now my system is working normally, however I am still suffering from Google Redirects.

I seem unable to download DDS via the link provided.

I have been able to run GMER however when I click Rootkit/Malware, most of the items on the right hand side are shaded out, barring Services, Registry, Files, and ADS.

I am unsure how to continue. Can someone advise please? Thanks.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 12:41 AM

Download

FixTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot you may be asked to repair MBR ,click on repair.

Run tdsskiller now

Download

http://public.avast.com/~gmerek/aswMBR.exe

Launch it, allow it to download latest Avast! virus definitions

Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 01:29 AM

Thanks. Log says this.

----------

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 05:54:41
-----------------------------
05:54:41.953 OS Version: Windows 5.1.2600 Service Pack 3
05:54:41.953 Number of processors: 2 586 0x1C02
05:54:41.953 ComputerName: BL3 UserName: BL4
05:54:42.484 Initialize success
05:58:39.921 AVAST engine defs: 12020701
06:17:15.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:17:15.312 Disk 0 Vendor: FUJITSU_MHZ2160BH 00000009 Size: 152627MB BusType: 3
06:17:15.734 Disk 0 MBR read successfully
06:17:15.750 Disk 0 MBR scan
06:17:15.781 Disk 0 unknown MBR code
06:17:15.781 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 4000 MB offset 63
06:17:15.812 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 40005 MB offset 8193150
06:17:15.828 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108619 MB offset 90124650
06:17:15.843 Disk 0 scanning sectors +312581792
06:17:15.890 Disk 0 scanning C:\WINDOWS\system32\drivers
06:17:24.484 Service scanning
06:17:25.593 Modules scanning
06:17:25.921 Module: C:\WINDOWS\system32\KDCOM.DLL **SUSPICIOUS**
06:17:28.562 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
06:17:29.531 Disk 0 trace - called modules:
06:17:29.546 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
06:17:29.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86bc6ab8]
06:17:29.578 3 CLASSPNP.SYS[f7673fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b8ed98]
06:17:30.031 AVAST engine scan C:\WINDOWS
06:17:42.296 AVAST engine scan C:\WINDOWS\system32
06:19:40.203 AVAST engine scan C:\WINDOWS\system32\drivers
06:19:51.906 AVAST engine scan C:\Documents and Settings\BL4
06:21:53.250 AVAST engine scan C:\Documents and Settings\All Users
06:22:20.265 Scan finished successfully
06:26:51.671 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\BL4\Desktop\MBR.dat"
06:26:51.687 The log file has been saved successfully to "C:\Documents and Settings\BL4\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 08:15 AM

I still see symptoms of rootkit

Did you run FIXTDSS and TDSSkiller? Can you post the logs of TDSSkiller?

#5 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 09:08 AM

Shall I run it under Safe Mode, or just Normal Mode?

Shall I change the parameters to include Driver Digital Signatures and TDLFS?

Edited by brianbli, 08 February 2012 - 09:10 AM.


#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 09:27 AM

I want you to run FIXTDSS first(safemode)

and then TDSSkiller (just select TDLFS alone)

#7 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 09:50 AM

I have run both again, and the log from TDSSkiller is below.

----------


14:46:00.0953 3788 TDSS rootkit removing tool 2.7.10.0 Feb 7 2012 15:14:46
14:46:00.0984 3788 ============================================================
14:46:00.0984 3788 Current date / time: 2012/02/08 14:46:00.0984
14:46:00.0984 3788 SystemInfo:
14:46:00.0984 3788
14:46:00.0984 3788 OS Version: 5.1.2600 ServicePack: 3.0
14:46:00.0984 3788 Product type: Workstation
14:46:00.0984 3788 ComputerName: BL3
14:46:00.0984 3788 UserName: BL4
14:46:00.0984 3788 Windows directory: C:\WINDOWS
14:46:00.0984 3788 System windows directory: C:\WINDOWS
14:46:00.0984 3788 Processor architecture: Intel x86
14:46:00.0984 3788 Number of processors: 2
14:46:00.0984 3788 Page size: 0x1000
14:46:00.0984 3788 Boot type: Normal boot
14:46:00.0984 3788 ============================================================
14:46:02.0796 3788 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:46:02.0812 3788 \Device\Harddisk0\DR0:
14:46:02.0812 3788 MBR used
14:46:02.0812 3788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x7D047E, BlocksNum 0x4E22CEC
14:46:02.0812 3788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x55F316A, BlocksNum 0xD425957
14:46:03.0015 3788 Initialize success
14:46:03.0015 3788 ============================================================
14:46:13.0218 3808 ============================================================
14:46:13.0218 3808 Scan started
14:46:13.0218 3808 Mode: Manual; TDLFS;
14:46:13.0218 3808 ============================================================
14:46:13.0484 3808 Abiosdsk - ok
14:46:13.0500 3808 abp480n5 - ok
14:46:13.0546 3808 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:46:13.0546 3808 ACPI - ok
14:46:13.0562 3808 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:46:13.0562 3808 ACPIEC - ok
14:46:13.0593 3808 adpu160m - ok
14:46:13.0640 3808 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:46:13.0640 3808 aec - ok
14:46:13.0703 3808 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
14:46:13.0703 3808 AFD - ok
14:46:13.0718 3808 Aha154x - ok
14:46:13.0734 3808 aic78u2 - ok
14:46:13.0750 3808 aic78xx - ok
14:46:13.0765 3808 AliIde - ok
14:46:13.0796 3808 amsint - ok
14:46:13.0812 3808 asc - ok
14:46:13.0828 3808 asc3350p - ok
14:46:13.0843 3808 asc3550 - ok
14:46:13.0875 3808 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:46:13.0875 3808 AsyncMac - ok
14:46:13.0890 3808 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:46:13.0906 3808 atapi - ok
14:46:13.0906 3808 Atdisk - ok
14:46:13.0953 3808 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:46:13.0953 3808 Atmarpc - ok
14:46:13.0984 3808 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:46:13.0984 3808 audstub - ok
14:46:14.0015 3808 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:46:14.0015 3808 Beep - ok
14:46:14.0078 3808 BLKWGU(Belkin) - ok
14:46:14.0125 3808 BMLoad (d002033c1a37f6af51b5f0ba6d0211bc) C:\WINDOWS\system32\drivers\BMLoad.sys
14:46:14.0125 3808 BMLoad - ok
14:46:14.0171 3808 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:46:14.0171 3808 cbidf2k - ok
14:46:14.0187 3808 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:46:14.0187 3808 CCDECODE - ok
14:46:14.0203 3808 cd20xrnt - ok
14:46:14.0265 3808 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:46:14.0265 3808 Cdaudio - ok
14:46:14.0312 3808 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:46:14.0312 3808 Cdfs - ok
14:46:14.0328 3808 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:46:14.0328 3808 Cdrom - ok
14:46:14.0343 3808 Changer - ok
14:46:14.0406 3808 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:46:14.0406 3808 CmBatt - ok
14:46:14.0421 3808 CmdIde - ok
14:46:14.0453 3808 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:46:14.0453 3808 Compbatt - ok
14:46:14.0500 3808 Cpqarray - ok
14:46:14.0562 3808 dac2w2k - ok
14:46:14.0578 3808 dac960nt - ok
14:46:14.0609 3808 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:46:14.0609 3808 Disk - ok
14:46:14.0671 3808 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:46:14.0687 3808 dmboot - ok
14:46:14.0718 3808 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:46:14.0718 3808 dmio - ok
14:46:14.0750 3808 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:46:14.0750 3808 dmload - ok
14:46:14.0796 3808 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:46:14.0796 3808 DMusic - ok
14:46:14.0828 3808 dpti2o - ok
14:46:14.0843 3808 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:46:14.0843 3808 drmkaud - ok
14:46:14.0890 3808 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:46:14.0906 3808 Fastfat - ok
14:46:14.0953 3808 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:46:14.0953 3808 Fdc - ok
14:46:15.0015 3808 filtertdidriver (f8946c6d013fc9e6db03fbcf32294799) C:\WINDOWS\system32\drivers\ewfiltertdidriver.sys
14:46:15.0015 3808 filtertdidriver - ok
14:46:15.0031 3808 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:46:15.0031 3808 Fips - ok
14:46:15.0062 3808 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:46:15.0062 3808 Flpydisk - ok
14:46:15.0078 3808 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:46:15.0093 3808 FltMgr - ok
14:46:15.0125 3808 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:46:15.0125 3808 Fs_Rec - ok
14:46:15.0140 3808 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:46:15.0140 3808 Ftdisk - ok
14:46:15.0187 3808 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:46:15.0187 3808 GEARAspiWDM - ok
14:46:15.0218 3808 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:46:15.0234 3808 Gpc - ok
14:46:15.0250 3808 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:46:15.0250 3808 HDAudBus - ok
14:46:15.0312 3808 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:46:15.0328 3808 HidUsb - ok
14:46:15.0359 3808 hpn - ok
14:46:15.0421 3808 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:46:15.0421 3808 HTTP - ok
14:46:15.0468 3808 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
14:46:15.0484 3808 hwdatacard - ok
14:46:15.0515 3808 hwusbfake (9be5caeabc6b2eb98b3a4839a55d47a0) C:\WINDOWS\system32\DRIVERS\ewusbfake.sys
14:46:15.0515 3808 hwusbfake - ok
14:46:15.0531 3808 i2omgmt - ok
14:46:15.0546 3808 i2omp - ok
14:46:15.0578 3808 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:46:15.0578 3808 i8042prt - ok
14:46:15.0812 3808 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:46:15.0968 3808 ialm - ok
14:46:16.0000 3808 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:46:16.0015 3808 Imapi - ok
14:46:16.0031 3808 ini910u - ok
14:46:16.0218 3808 IntcAzAudAddService (12cd9f66b64b25cbe18f1bb2c6f54832) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:46:16.0359 3808 IntcAzAudAddService - ok
14:46:16.0375 3808 IntelIde - ok
14:46:16.0390 3808 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:46:16.0390 3808 intelppm - ok
14:46:16.0437 3808 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:46:16.0437 3808 Ip6Fw - ok
14:46:16.0453 3808 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:46:16.0453 3808 IpFilterDriver - ok
14:46:16.0468 3808 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:46:16.0484 3808 IpInIp - ok
14:46:16.0515 3808 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:46:16.0531 3808 IpNat - ok
14:46:16.0546 3808 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:46:16.0562 3808 IPSec - ok
14:46:16.0609 3808 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:46:16.0609 3808 IRENUM - ok
14:46:16.0656 3808 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:46:16.0656 3808 isapnp - ok
14:46:16.0703 3808 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:46:16.0703 3808 Kbdclass - ok
14:46:16.0734 3808 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:46:16.0734 3808 kmixer - ok
14:46:16.0765 3808 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:46:16.0765 3808 KSecDD - ok
14:46:16.0796 3808 lbrtfdc - ok
14:46:16.0859 3808 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:46:16.0859 3808 mnmdd - ok
14:46:16.0890 3808 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:46:16.0890 3808 Modem - ok
14:46:16.0921 3808 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:46:16.0921 3808 Mouclass - ok
14:46:16.0968 3808 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:46:16.0968 3808 mouhid - ok
14:46:17.0000 3808 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:46:17.0015 3808 MountMgr - ok
14:46:17.0031 3808 mraid35x - ok
14:46:17.0046 3808 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:46:17.0062 3808 MRxDAV - ok
14:46:17.0109 3808 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:46:17.0140 3808 MRxSmb - ok
14:46:17.0156 3808 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:46:17.0156 3808 Msfs - ok
14:46:17.0203 3808 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:46:17.0203 3808 MSKSSRV - ok
14:46:17.0234 3808 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:46:17.0234 3808 MSPCLOCK - ok
14:46:17.0250 3808 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:46:17.0265 3808 MSPQM - ok
14:46:17.0296 3808 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:46:17.0296 3808 mssmbios - ok
14:46:17.0328 3808 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
14:46:17.0328 3808 MSTEE - ok
14:46:17.0359 3808 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:46:17.0359 3808 Mup - ok
14:46:17.0421 3808 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:46:17.0421 3808 NABTSFEC - ok
14:46:17.0484 3808 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:46:17.0500 3808 NDIS - ok
14:46:17.0546 3808 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:46:17.0546 3808 NdisIP - ok
14:46:17.0578 3808 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:46:17.0578 3808 NdisTapi - ok
14:46:17.0625 3808 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:46:17.0625 3808 Ndisuio - ok
14:46:17.0656 3808 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:46:17.0656 3808 NdisWan - ok
14:46:17.0734 3808 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:46:17.0734 3808 NDProxy - ok
14:46:17.0781 3808 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:46:17.0781 3808 NetBIOS - ok
14:46:17.0812 3808 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:46:17.0812 3808 NetBT - ok
14:46:17.0859 3808 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:46:17.0859 3808 Npfs - ok
14:46:17.0937 3808 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:46:17.0968 3808 Ntfs - ok
14:46:18.0015 3808 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:46:18.0015 3808 Null - ok
14:46:18.0046 3808 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:46:18.0046 3808 NwlnkFlt - ok
14:46:18.0109 3808 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:46:18.0109 3808 NwlnkFwd - ok
14:46:18.0171 3808 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:46:18.0171 3808 Parport - ok
14:46:18.0203 3808 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:46:18.0203 3808 PartMgr - ok
14:46:18.0234 3808 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:46:18.0234 3808 ParVdm - ok
14:46:18.0250 3808 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:46:18.0250 3808 PCI - ok
14:46:18.0265 3808 PCIDump - ok
14:46:18.0281 3808 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:46:18.0281 3808 PCIIde - ok
14:46:18.0328 3808 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:46:18.0328 3808 Pcmcia - ok
14:46:18.0343 3808 PDCOMP - ok
14:46:18.0359 3808 PDFRAME - ok
14:46:18.0375 3808 PDRELI - ok
14:46:18.0390 3808 PDRFRAME - ok
14:46:18.0406 3808 perc2 - ok
14:46:18.0437 3808 perc2hib - ok
14:46:18.0500 3808 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:46:18.0500 3808 PptpMiniport - ok
14:46:18.0515 3808 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:46:18.0515 3808 PSched - ok
14:46:18.0546 3808 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:46:18.0546 3808 Ptilink - ok
14:46:18.0609 3808 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:46:18.0609 3808 PxHelp20 - ok
14:46:18.0640 3808 ql1080 - ok
14:46:18.0656 3808 Ql10wnt - ok
14:46:18.0671 3808 ql12160 - ok
14:46:18.0687 3808 ql1240 - ok
14:46:18.0703 3808 ql1280 - ok
14:46:18.0734 3808 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:46:18.0734 3808 RasAcd - ok
14:46:18.0750 3808 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:46:18.0750 3808 Rasl2tp - ok
14:46:18.0781 3808 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:46:18.0781 3808 RasPppoe - ok
14:46:18.0796 3808 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:46:18.0812 3808 Raspti - ok
14:46:18.0843 3808 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:46:18.0843 3808 Rdbss - ok
14:46:18.0875 3808 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:46:18.0875 3808 RDPCDD - ok
14:46:18.0921 3808 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:46:18.0937 3808 RDPWD - ok
14:46:18.0984 3808 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:46:18.0984 3808 redbook - ok
14:46:19.0031 3808 RSUSBSTOR (680a7aba84a7863c89b5440c9c1e0895) C:\WINDOWS\system32\Drivers\RTS5121.sys
14:46:19.0031 3808 RSUSBSTOR - ok
14:46:19.0109 3808 RT80x86 (f591f71883424f5b31e3348ea4454466) C:\WINDOWS\system32\DRIVERS\RT2860.sys
14:46:19.0125 3808 RT80x86 - ok
14:46:19.0203 3808 RTLE8023xp (7174f20ad9b7b7878a51ecca03c499c2) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:46:19.0203 3808 RTLE8023xp - ok
14:46:19.0250 3808 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:46:19.0250 3808 Secdrv - ok
14:46:19.0296 3808 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
14:46:19.0296 3808 Serial - ok
14:46:19.0343 3808 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:46:19.0343 3808 Sfloppy - ok
14:46:19.0390 3808 Simbad - ok
14:46:19.0406 3808 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:46:19.0406 3808 SLIP - ok
14:46:19.0437 3808 Sparrow - ok
14:46:19.0468 3808 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:46:19.0468 3808 splitter - ok
14:46:19.0500 3808 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:46:19.0500 3808 sr - ok
14:46:19.0546 3808 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:46:19.0562 3808 Srv - ok
14:46:19.0625 3808 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:46:19.0640 3808 streamip - ok
14:46:19.0656 3808 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:46:19.0656 3808 swenum - ok
14:46:19.0687 3808 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:46:19.0687 3808 swmidi - ok
14:46:19.0734 3808 symc810 - ok
14:46:19.0750 3808 symc8xx - ok
14:46:19.0765 3808 SymIM - ok
14:46:19.0781 3808 SymIMMP - ok
14:46:19.0796 3808 sym_hi - ok
14:46:19.0812 3808 sym_u3 - ok
14:46:19.0843 3808 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:46:19.0859 3808 sysaudio - ok
14:46:19.0921 3808 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:46:19.0937 3808 Tcpip - ok
14:46:19.0968 3808 tcpipBM (dcfeb82ca988598ceb8f83148616038e) C:\WINDOWS\system32\drivers\tcpipBM.sys
14:46:19.0968 3808 tcpipBM - ok
14:46:20.0015 3808 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:46:20.0015 3808 TDPIPE - ok
14:46:20.0078 3808 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:46:20.0078 3808 TDTCP - ok
14:46:20.0109 3808 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:46:20.0125 3808 TermDD - ok
14:46:20.0140 3808 TosIde - ok
14:46:20.0187 3808 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
14:46:20.0187 3808 tosporte - ok
14:46:20.0250 3808 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
14:46:20.0250 3808 tosrfbd - ok
14:46:20.0265 3808 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
14:46:20.0265 3808 tosrfbnp - ok
14:46:20.0281 3808 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
14:46:20.0296 3808 Tosrfcom - ok
14:46:20.0312 3808 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
14:46:20.0312 3808 Tosrfhid - ok
14:46:20.0343 3808 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
14:46:20.0343 3808 tosrfnds - ok
14:46:20.0375 3808 TosRfSnd (156d63f6898e4d95f2962f2b72862868) C:\WINDOWS\system32\drivers\tosrfsnd.sys
14:46:20.0375 3808 TosRfSnd - ok
14:46:20.0406 3808 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
14:46:20.0406 3808 Tosrfusb - ok
14:46:20.0453 3808 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:46:20.0453 3808 Udfs - ok
14:46:20.0468 3808 ultra - ok
14:46:20.0515 3808 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:46:20.0531 3808 Update - ok
14:46:20.0609 3808 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:46:20.0609 3808 USBAAPL - ok
14:46:20.0640 3808 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:46:20.0640 3808 usbccgp - ok
14:46:20.0656 3808 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:46:20.0656 3808 usbehci - ok
14:46:20.0703 3808 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:46:20.0703 3808 usbhub - ok
14:46:20.0734 3808 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:46:20.0734 3808 usbprint - ok
14:46:20.0765 3808 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:46:20.0765 3808 usbscan - ok
14:46:20.0781 3808 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:46:20.0781 3808 usbstor - ok
14:46:20.0812 3808 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:46:20.0812 3808 usbuhci - ok
14:46:20.0859 3808 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:46:20.0859 3808 usbvideo - ok
14:46:20.0906 3808 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:46:20.0906 3808 VgaSave - ok
14:46:20.0937 3808 ViaIde - ok
14:46:20.0968 3808 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:46:20.0968 3808 VolSnap - ok
14:46:21.0015 3808 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:46:21.0015 3808 Wanarp - ok
14:46:21.0046 3808 WDICA - ok
14:46:21.0078 3808 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:46:21.0078 3808 wdmaud - ok
14:46:21.0125 3808 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:46:21.0125 3808 WmiAcpi - ok
14:46:21.0171 3808 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:46:21.0171 3808 WpdUsb - ok
14:46:21.0218 3808 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:46:21.0218 3808 WSTCODEC - ok
14:46:21.0250 3808 ZDPSp50 - ok
14:46:21.0296 3808 MBR (0x1B8) (8819727bf7611558384a82ff02c2b141) \Device\Harddisk0\DR0
14:46:21.0625 3808 \Device\Harddisk0\DR0 - ok
14:46:21.0640 3808 Boot (0x1200) (ded673de31585bd038c6521d6bf751a1) \Device\Harddisk0\DR0\Partition0
14:46:21.0640 3808 \Device\Harddisk0\DR0\Partition0 - ok
14:46:21.0671 3808 Boot (0x1200) (f0f14310c06494998994e8e7f98a9e39) \Device\Harddisk0\DR0\Partition1
14:46:21.0671 3808 \Device\Harddisk0\DR0\Partition1 - ok
14:46:21.0671 3808 ============================================================
14:46:21.0671 3808 Scan finished
14:46:21.0671 3808 ============================================================
14:46:21.0687 3800 Detected object count: 0
14:46:21.0687 3800 Actual detected object count: 0

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 10:08 AM

Restart the PC and run aswmbr again and post the log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#9 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 11:09 AM

aswMBR log is attached below. ESET did not find any threat.

----------


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-08 15:11:24
-----------------------------
15:11:24.375 OS Version: Windows 5.1.2600 Service Pack 3
15:11:24.375 Number of processors: 2 586 0x1C02
15:11:24.375 ComputerName: BL3 UserName: BL4
15:11:24.640 Initialize success
15:11:38.953 AVAST engine defs: 12020701
15:11:44.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:11:44.015 Disk 0 Vendor: FUJITSU_MHZ2160BH 00000009 Size: 152627MB BusType: 3
15:11:44.031 Disk 0 MBR read successfully
15:11:44.046 Disk 0 MBR scan
15:11:44.078 Disk 0 unknown MBR code
15:11:44.078 Disk 0 Partition 1 00 12 Compaq diag MSDOS5.0 4000 MB offset 63
15:11:44.109 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 40005 MB offset 8193150
15:11:44.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 108619 MB offset 90124650
15:11:44.140 Disk 0 scanning sectors +312576705
15:11:44.265 Disk 0 scanning C:\WINDOWS\system32\drivers
15:11:53.000 Service scanning
15:11:54.156 Modules scanning
15:11:57.984 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**
15:11:59.078 Disk 0 trace - called modules:
15:11:59.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:11:59.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b6eab8]
15:11:59.156 3 CLASSPNP.SYS[f7673fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86b70d98]
15:11:59.421 AVAST engine scan C:\WINDOWS
15:12:11.578 AVAST engine scan C:\WINDOWS\system32
15:14:10.734 AVAST engine scan C:\WINDOWS\system32\drivers
15:14:22.546 AVAST engine scan C:\Documents and Settings\BL4
15:16:29.171 AVAST engine scan C:\Documents and Settings\All Users
15:16:55.406 Scan finished successfully
15:18:41.296 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
15:18:41.343 The log file has been saved successfully to "E:\aswMBR3.txt"

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 11:16 AM

Go to

https://www.virustotal.com/

CLick on choose file,browse to

C:\WINDOWS\System32\drivers\dxgthk.sys

Select it,and SCAN it,post the generated link here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Do you still face redirects?

#11 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 11:28 AM

Google redirects seem to have been fixed. Thanks.

Scan result

----------

https://www.virustotal.com/file/c36486504c3a596fdca487143f6d3b43c0bee01321f6f1f3071976556533c419/analysis/1328717938/


Toolbox result

----------


MiniToolBox by Farbar Version: 18-01-2012
Ran by BL4 (administrator) on 08-02-2012 at 16:23:48
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

802.11bgn 1T2R Mini Card Wireless Adapter = Wireless Network Connection (Connected)
Realtek RTL8102E Family PCI-E Fast Ethernet NIC = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : BL3 Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Peer-Peer IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cable.virginmedia.netEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Realtek RTL8102E Family PCI-E Fast Ethernet NIC Physical Address. . . . . . . . . : 00-24-21-64-BF-47Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : cable.virginmedia.net Description . . . . . . . . . . . : 802.11bgn 1T2R Mini Card Wireless Adapter Physical Address. . . . . . . . . : 00-24-21-49-D2-2C Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.1 DHCP Server . . . . . . . . . . . : 192.168.0.1 DNS Servers . . . . . . . . . . . : 192.168.0.1 Lease Obtained. . . . . . . . . . : 08 February 2012 15:20:03 Lease Expires . . . . . . . . . . : 19 January 2038 03:14:07Server: dir-615
Address: 192.168.0.1

Name: google.com
Addresses: 209.85.147.99, 209.85.147.106, 209.85.147.147, 209.85.147.104
209.85.147.103, 209.85.147.105

Pinging google.com [209.85.147.106] with 32 bytes of data:Reply from 209.85.147.106: bytes=32 time=132ms TTL=54Reply from 209.85.147.106: bytes=32 time=163ms TTL=52Ping statistics for 209.85.147.106: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 132ms, Maximum = 163ms, Average = 147msServer: dir-615
Address: 192.168.0.1

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 72.30.2.43

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:Reply from 98.139.180.149: bytes=32 time=202ms TTL=48Reply from 98.139.180.149: bytes=32 time=231ms TTL=48Ping statistics for 98.139.180.149: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 202ms, Maximum = 231ms, Average = 216msServer: dir-615
Address: 192.168.0.1

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Request timed out.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x3 ...00 24 21 64 bf 47 ...... Realtek RTL8102E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
0x20002 ...00 24 21 49 d2 2c ...... 802.11bgn 1T2R Mini Card Wireless Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20
192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20
224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20
255.255.255.255 255.255.255.255 192.168.0.100 3 1
255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/07/2012 03:51:51 AM) (Source: Application Hang) (User: )
Description: Hanging application IEXPLORE.EXE, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/07/2012 02:38:22 AM) (Source: Application Error) (User: )
Description: Faulting application IEXPLORE.EXE, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x00bf8c67.
Processing media-specific event for [IEXPLORE.EXE!ws!]

Error: (02/05/2012 10:27:58 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/01/2012 04:59:34 PM) (Source: Application Error) (User: )
Description: Faulting application avantix_traveller.exe, version 1.7.9.0, faulting module coreapp.dll, version 1.2.3.0, fault address 0x000042a6.
Processing media-specific event for [avantix_traveller.exe!ws!]

Error: (01/31/2012 06:45:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2297

Error: (01/31/2012 06:45:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2297

Error: (01/31/2012 06:45:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/31/2012 06:21:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2031

Error: (01/31/2012 06:21:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2031

Error: (01/31/2012 06:21:41 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (02/08/2012 03:10:01 PM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.0.100 for the Network Card with network address 00242149D22C has been
denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

Error: (02/08/2012 02:41:59 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/08/2012 02:41:29 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/08/2012 02:34:34 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (02/08/2012 02:32:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
tcpipBM
Tosrfcom

Error: (02/08/2012 02:32:55 PM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31

Error: (02/08/2012 02:32:55 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (02/08/2012 02:32:55 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31

Error: (02/08/2012 02:32:55 PM) (Source: Service Control Manager) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31

Error: (02/08/2012 02:32:55 PM) (Source: Service Control Manager) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31


Microsoft Office Sessions:
=========================
Error: (02/07/2012 03:51:51 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE6.0.2900.5512hungapp0.0.0.000000000

Error: (02/07/2012 02:38:22 AM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE6.0.2900.5512unknown0.0.0.000bf8c67

Error: (02/05/2012 10:27:58 AM) (Source: Application Hang)(User: )
Description: firefox.exe1.9.2.3667hungapp0.0.0.000000000

Error: (02/01/2012 04:59:34 PM) (Source: Application Error)(User: )
Description: avantix_traveller.exe1.7.9.0coreapp.dll1.2.3.0000042a6

Error: (01/31/2012 06:45:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2297

Error: (01/31/2012 06:45:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2297

Error: (01/31/2012 06:45:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/31/2012 06:21:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2031

Error: (01/31/2012 06:21:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2031

Error: (01/31/2012 06:21:41 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 10 Plugin (Version: 10.0.45.2)
Adobe Reader 9.3.4 (Version: 9.3.4)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Avantix Traveller - NFM10 (Version: 01.03.00)
Bluetooth Stack for Windows by Toshiba (Version: v6.00.03)
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON Scan
EPSON SX130 Series Printer Uninstall
ESET Online Scanner v3
Google Chrome (Version: 16.0.912.77)
GPL Ghostscript 8.70
GSview 4.9
Intel® Graphics Media Accelerator Driver
iTunes (Version: 10.5.3.3)
Java™ 6 Update 16 (Version: 6.0.160)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MATLAB Student R2009a (Version: 7.8)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook Connector (Version: 14.0.6106.5001)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MiKTeX 2.8 (Version: 2.8)
Mozilla Firefox (3.6) (Version: 3.6 (en-GB))
MSN
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
OpenOffice.org 3.1 (Version: 3.1.9420)
QuickTime (Version: 7.65.17.80)
Ralink RT2860 Wireless LAN Card (Version: 1.0.5.0)
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0001)
Realtek High Definition Audio Driver (Version: 5.10.0.5618)
RealUpgrade 1.0 (Version: 1.0.0)
Segoe UI (Version: 14.0.4327.805)
System Control Manager (Version: 2.0208.1009.OE001.13)
T-Mobile Internet Manager (Version: 11.301.05.17.55)
TeXnicCenter Version 1.0 Stable RC1 (Version: Version 1.0 Stable RC1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
USB 2.0 Card Reader (Version: 1.0.0.0)
VoiceOver Kit (Version: 1.42.128.0)
WebFldrs XP (Version: 9.50.7523)
Winamp (Version: 5.572 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format Runtime
WinRAR archiver
Xvid 1.2.2 final uninstall (Version: 1.2)

========================= Memory info: ===================================

Percentage of memory in use: 49%
Total physical RAM: 1013.23 MB
Available physical RAM: 510.2 MB
Total Pagefile: 2440.3 MB
Available Pagefile: 2031.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.18 MB

========================= Partitions: =====================================

1 Drive c: (OS_Install) (Fixed) (Total:39.07 GB) (Free:20.62 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:106.07 GB) (Free:105.3 GB) NTFS
3 Drive e: (STICK 9) (Removable) (Total:3.73 GB) (Free:1.34 GB) FAT32

========================= Users: ========================================

User accounts for \\BL3

Administrator BL4 Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 11:39 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://support.microsoft.com/kb/310405

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 brianbli

brianbli
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 08 February 2012 - 12:04 PM

Thank you very much for your time. :thumbsup:

Problem now fixed and I will be more careful next time.

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:01:56 PM

Posted 08 February 2012 - 12:30 PM

You're most welcome :thumbsup:

#15 PF-Flyer

PF-Flyer

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 09 February 2012 - 02:27 PM

Very helpful. I did a DDS scan and it resulted in "Possible TDL3 rootkit infection !"
I searched for help here at BC for TDL3 Rootkit and came to this forum.
I also found that a simple Google search for 'Possible TDL3 rootkit infection' redirected me to all sorts of ad sites.

Narenxp, after I downloaded and ran FixTDSS, it fixed the Google redirect issue immediately.

I'll run TDSSKiller and some of these others you recommend here.

Thanks for this discussion thread.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users