Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zero access rootkit and tidserv


  • This topic is locked This topic is locked
10 replies to this topic

#1 olmec2k

olmec2k

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 13 February 2012 - 12:39 PM

a few days ago Norton security suite started with the manual removal pop ups saying i was infected and needed manual removal. i ran their zero access fix and it wont run upon restart and the tdss fix will blue screen upon restart if i don't run in safe mode when i start the process. even when it runs it doesn't detect anything. Ive tried typical removals like updated Norton scans which don't find it and malwarebytes which also doesn't find it. i thought i would look online for a fix and i now realize i need to be walked through this by an expert. help plz

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 16 February 2012 - 10:47 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 19 February 2012 - 01:46 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 olmec2k

olmec2k
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 20 February 2012 - 04:42 PM

hi im sorry about the long response time i may have fixed the problem one day i ran malware byte because i noticed my internet was being even slower than before and thought i would at least clean up the other spy/mal ware being loaded onto my computer and the third run of the day picked up one of the two infections and i havent had pop ups from norton saying tidserv infection detected. anyway to make sure it IS gone your the expert and i would like to have you take a look. so here is the dds logs thank you for your time!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25
Run by Eric at 13:30:56 on 2012-02-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1017 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\program files\steam\steam.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\5.2.0.13\ips\IPSBHO.DLL
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\5.2.0.13\coIEPlg.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF6584CE-15D5-4CE8-8327-650EC4BF34D0} : DhcpNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coffplgn_2011_7_5_2\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\eric\application data\mozilla\firefox\profiles\hz0udmys.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\eric\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\documents and settings\eric\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\IPSFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\DivXHTML5
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\coFFPlgn_2011_7_5_2
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\eric\application data\Move Networks
.
============= SERVICES / DRIVERS ===============
.
R0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2012-2-12 32808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0502000.00d\symds.sys [2012-2-7 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0502000.00d\symefa.sys [2012-2-7 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2010-1-26 13696]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys [2012-2-7 136312]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\iobit\advanced systemcare 5\ASCService.exe [2011-12-20 494424]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-12-23 21992]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-11-30 2253120]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120217.003\IDSXpx86.sys [2012-2-17 356280]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120220.001\NAVENG.SYS [2012-2-20 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\virusdefs\20120220.001\NAVEX15.SYS [2012-2-20 1576312]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-4-5 517632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-9 135664]
S2 N360;Norton Security Suite;c:\program files\norton security suite\engine\5.2.0.13\ccsvchst.exe [2012-2-7 130008]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\toolbarbroker.exe --> c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-9 135664]
.
=============== Created Last 30 ================
.
2012-02-13 07:06:34 32808 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-02-13 06:34:32 -------- d-----w- c:\documents and settings\eric\application data\Tific
2012-02-12 05:53:17 -------- d-----w- c:\documents and settings\eric\local settings\application data\NPE
2012-02-11 20:30:36 -------- d-----w- C:\sh4ldr
2012-02-11 20:30:36 -------- d-----w- c:\program files\Enigma Software Group
2012-02-11 20:30:22 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 18:40:54 -------- d-----w- c:\documents and settings\eric\application data\FixZeroAccess
2012-02-11 18:37:30 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 03:31:42 369784 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdi.sys
2012-02-08 03:31:42 331384 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symtdiv.sys
2012-02-08 03:31:42 299640 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symnets.sys
2012-02-08 03:31:41 744568 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symefa.sys
2012-02-08 03:31:41 516216 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtsp.sys
2012-02-08 03:31:41 50168 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\srtspx.sys
2012-02-08 03:31:41 340088 ----a-w- c:\windows\system32\drivers\n360\0502000.00d\symds.sys
2012-02-08 03:31:41 136312 ----a-r- c:\windows\system32\drivers\n360\0502000.00d\ironx86.sys
2012-02-08 03:31:26 -------- d-----w- c:\windows\system32\drivers\n360\0502000.00D
2012-02-05 19:35:43 -------- d-----w- c:\documents and settings\eric\local settings\application data\THQ
2012-01-24 19:05:56 -------- d-----w- c:\program files\Winamp Detect
2012-01-24 19:05:39 59888 ------w- c:\windows\system32\pxwma.dll
.
==================== Find3M ====================
.
2011-12-23 00:52:09 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-23 00:52:09 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-22 18:33:03 285224 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-12-22 18:33:03 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-12-22 18:15:43 285224 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-12-10 23:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 13:31:50.50 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/26/2010 8:44:18 PM
System Uptime: 2/20/2012 1:26:36 PM (0 hours ago)
.
Motherboard: BIOSTAR Group | | A770 A2+
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2100/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 265.481 GiB free.
G: is FIXED (NTFS) - 298 GiB total, 161.189 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_23071565&REV_02\4&18AA4E52&0&0038
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_23071565&REV_02\4&18AA4E52&0&0038
Service: RTLE8023xp
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD_RW_ND-2500A____________________1.06____\5&24C9F32&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD_RW ND-2500A
PNP Device ID: IDE\CDROM_NEC_DVD_RW_ND-2500A____________________1.06____\5&24C9F32&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.7
Advanced SystemCare 5
Alien Swarm
Amazon MP3 Downloader 1.0.12
Ask Toolbar
Battlefield: Bad Company 2
Belkin N Wireless USB Adapter Setup
BitTorrent
BitTorrentBar Toolbar
Blood Bowl: Dark Elves Edition
CCleaner
Coby Media Manager
Commandos 3: Destination Berlin
Company of Heroes
Company of Heroes: Tales of Valor
Counter-Strike
CPUID CPU-Z 1.58
Crimecraft: BLEEDOUT
CureROM Pro 2.0.3.3
Darksiders
DarksidersInstaller
Dead Island
Defense Grid: The Awakening Demo
DivX Setup
DocProc
DocProcQFolder
Dota 2
Dual-Core Optimizer
Evil Genius
Google Chrome
Google Update Helper
Groove Games\Land Of The Dead
Heroes of Newerth
Hitman Blood Money
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java™ 6 Update 25
K-Lite Mega Codec Pack 5.6.1
Killing Floor
Killing Floor Mod: Defence Alliance 2
League of Legends
Left 4 Dead
Left 4 Dead 2
Machinarium
Magic: The Gathering — Duels of the Planeswalkers 2012 - Demo
Malwarebytes Anti-Malware version 1.60.1.1000
Media Player Classic - Home Cinema v. 1.3.1249.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft IntelliPoint 7.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Move Media Player
Mozilla Firefox (3.6.27)
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
Norton Security Suite
NVIDIA Control Panel 285.58
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA Install Application
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA Performance
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA System Monitor
NVIDIA System Update
NVIDIA Update 1.5.20
NVIDIA Update Components
OCR Software by I.R.I.S. 10.0
Orcs Must Die!
Overlord
Pando Media Booster
Peggle Extreme
Plants vs. Zombies Demo
Portal
Portal 2
PunkBuster Services
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Serious Sam HD: The First Encounter Demo
Steam
Team Fortress 2
The Sims™ 3
Tropico 3 1.00
Tseries BIOS Update
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
VC80CRTRedist - 8.0.50727.6195
Ventrilo Client
Warcraft III Reign of Chaos & The Frozen Throne
Warhammer 40,000: Dawn of War II
Warhammer 40,000: Dawn of War II - Chaos Rising
Warhammer® 40,000®: Dawn of War® II – Retribution™
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Presentation Foundation
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 8:12:34 AM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 001CDF68C165 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2/14/2012 2:03:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi
2/14/2012 2:03:37 PM, error: Service Control Manager [7023] - The Usb20l service terminated with the following error: The specified module could not be found.
2/14/2012 12:13:34 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi redbook
2/13/2012 11:16:08 AM, error: Service Control Manager [7023] - The Mxssvr service terminated with the following error: The specified module could not be found.
.
==== End Of File ===========================

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 20 February 2012 - 05:39 PM

Hello

No problem - I will give you a good checking over anyway just to be sure

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 olmec2k

olmec2k
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 21 February 2012 - 10:46 AM

Well good thing we made sure rootkit was still there here is the combo fix log. i haven't noticed much difference in internet speed or system speeds.


ComboFix 12-02-21.01 - Eric 02/20/2012 21:56:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1620 [GMT -8:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB12896$
c:\windows\$NtUninstallKB12896$\180631716\@
c:\windows\$NtUninstallKB12896$\180631716\cfg.ini
c:\windows\$NtUninstallKB12896$\180631716\Desktop.ini
c:\windows\$NtUninstallKB12896$\180631716\L\ajbyouya
c:\windows\$NtUninstallKB12896$\180631716\oemid
c:\windows\$NtUninstallKB12896$\180631716\U\00000001.@
c:\windows\$NtUninstallKB12896$\180631716\U\00000002.@
c:\windows\$NtUninstallKB12896$\180631716\U\00000004.@
c:\windows\$NtUninstallKB12896$\180631716\U\80000000.@
c:\windows\$NtUninstallKB12896$\180631716\U\80000004.@
c:\windows\$NtUninstallKB12896$\180631716\U\80000032.@
c:\windows\$NtUninstallKB12896$\180631716\version
c:\windows\$NtUninstallKB12896$\977646441
.
c:\windows\system32\drivers\cdrom.sys . . . is missing!!
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-21 to 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-13 07:06 . 2012-02-13 07:06 32808 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys
2012-02-13 06:34 . 2012-02-13 06:34 -------- d-----w- c:\documents and settings\Eric\Application Data\Tific
2012-02-12 05:53 . 2012-02-12 06:29 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\NPE
2012-02-11 20:30 . 2012-02-12 04:24 -------- d-----w- C:\sh4ldr
2012-02-11 20:30 . 2012-02-11 20:30 -------- d-----w- c:\program files\Enigma Software Group
2012-02-11 20:30 . 2012-02-12 04:24 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 19:17 . 2012-02-11 19:17 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2012-02-11 18:40 . 2012-02-11 18:40 -------- d-----w- c:\documents and settings\Eric\Application Data\FixZeroAccess
2012-02-11 18:37 . 2012-02-14 21:40 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-08 03:31 . 2012-02-08 17:00 -------- d-----w- c:\windows\system32\drivers\N360\0502000.00D
2012-02-05 19:35 . 2012-02-05 19:35 -------- d-----w- c:\documents and settings\Eric\Local Settings\Application Data\THQ
2012-01-24 19:05 . 2012-01-24 19:05 -------- d-----w- c:\program files\Winamp Detect
2012-01-24 19:05 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2012-01-24 19:05 . 2012-01-24 19:11 -------- d-----w- c:\documents and settings\Eric\Application Data\Winamp
2012-01-24 19:05 . 2012-01-24 19:06 -------- d-----w- c:\program files\Winamp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 00:52 . 2011-12-22 19:05 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-12-23 00:52 . 2011-12-22 19:05 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-12-10 23:24 . 2011-04-14 14:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 13:25 . 2008-04-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 12:00 . 19DD19FB992D6BF67811913B6FEAE577 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[-] 2008-04-14 12:00 . 19DD19FB992D6BF67811913B6FEAE577 . 75264 . . [------] . . c:\windows\system32\drivers\ipsec.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 03:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2011-08-02 1242448]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-01-26 647544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 16126464]
"SkyTel"="SkyTel.EXE" [2007-04-05 1822720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-05 1468256]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(7a8):
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\defense grid demo\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe"=
"c:\\Program Files\\Heroes of Newerth\\hon.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\serious sam hd the first encounter\\Bin\\SamHD_Demo.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blood bowl\\BB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\blood bowl\\Manual.pdf"=
"c:\\Program Files\\Steam\\steamapps\\common\\blood bowl\\StrategyGuide.pdf"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos 3 destination berlin\\commandos3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commandos 3 destination berlin\\readme.rtf"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war 2\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\darksiders\\DarksidersPC.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\Frozen Throne.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\Warcraft III.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\Support\\EA Help\\Electronic_Arts_Technical_Support.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\portal 2\\portal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\evil genius\\EvilGeniusLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crimecraft\\SteamLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crimecraft\\Binaries\\CrimeCraft.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\Peggle Extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war ii - retribution\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"58323:TCP"= 58323:TCP:Pando Media Booster
"58323:UDP"= 58323:UDP:Pando Media Booster
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6112:TCP"= 6112:TCP:wc3.exe
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
.
R0 FixZeroAccess;Zero Access Fixtool driver;c:\windows\system32\drivers\FixZeroAccess.sys [2/12/2012 11:06 PM 32808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/7/2012 7:31 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/7/2012 7:31 PM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2/15/2012 5:21 PM 820344]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [1/26/2010 9:13 PM 13696]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/7/2012 7:31 PM 136312]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [12/20/2011 8:13 AM 494424]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/23/2011 2:55 PM 21992]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\5.2.0.13\ccsvchst.exe [2/7/2012 7:31 PM 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [11/30/2011 9:44 PM 2253120]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\System32\svchost.exe -k netsvcs [4/14/2008 4:00 AM 14336]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/4/2012 7:15 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120217.003\IDSXpx86.sys [2/17/2012 4:31 PM 356280]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2012 8:49 AM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2012 8:49 AM 135664]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/11/2010 10:26 PM 691696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
RPCQT
sskbfd
StkAMini
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 16:49]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-09 16:49]
.
2012-02-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 03:29]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\hz0udmys.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec Intrusion Prevention: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Eric\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 22:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-839522115-789336058-1801674531-1003\Software\SecuROM\License information*]
"datasecu"=hex:7b,e1,e0,e0,91,84,ed,fa,62,52,84,1a,80,b6,40,a7,b5,97,6c,6a,f8,
d6,7d,92,73,75,65,66,6a,37,fa,a1,2d,18,e2,91,6b,d4,5f,d1,f0,4f,34,7f,14,fb,\
"rkeysecu"=hex:98,be,9d,b9,2b,b2,f2,67,5d,ac,a0,cd,19,f0,a7,7f
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\System Update\UpdateCenterService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2012-02-20 22:20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-21 06:20
.
Pre-Run: 284,957,978,624 bytes free
Post-Run: 285,934,362,624 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 7745F6118393F0523C32578E3D82BF6C

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 21 February 2012 - 04:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 olmec2k

olmec2k
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 22 February 2012 - 03:25 AM

OK here's the logs i didn't fix anything on the 2nd scan didn't know if i had too.



00:01:54.0562 1996 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
00:01:55.0406 1996 ============================================================
00:01:55.0406 1996 Current date / time: 2012/02/22 00:01:55.0406
00:01:55.0406 1996 SystemInfo:
00:01:55.0406 1996
00:01:55.0406 1996 OS Version: 5.1.2600 ServicePack: 3.0
00:01:55.0406 1996 Product type: Workstation
00:01:55.0406 1996 ComputerName: MINERS-COMP
00:01:55.0406 1996 UserName: Eric
00:01:55.0406 1996 Windows directory: C:\WINDOWS
00:01:55.0406 1996 System windows directory: C:\WINDOWS
00:01:55.0406 1996 Processor architecture: Intel x86
00:01:55.0406 1996 Number of processors: 2
00:01:55.0406 1996 Page size: 0x1000
00:01:55.0406 1996 Boot type: Normal boot
00:01:55.0406 1996 ============================================================
00:01:57.0937 1996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:01:57.0937 1996 \Device\Harddisk0\DR0:
00:01:57.0968 1996 MBR used
00:01:57.0968 1996 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
00:01:57.0984 1996 Initialize success
00:01:57.0984 1996 ============================================================
00:02:10.0015 1852 ============================================================
00:02:10.0015 1852 Scan started
00:02:10.0015 1852 Mode: Manual;
00:02:10.0015 1852 ============================================================
00:02:10.0375 1852 Abiosdsk - ok
00:02:10.0453 1852 abp480n5 - ok
00:02:10.0500 1852 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:02:10.0500 1852 ACPI - ok
00:02:10.0531 1852 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:02:10.0531 1852 ACPIEC - ok
00:02:10.0546 1852 adpu160m - ok
00:02:10.0578 1852 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:02:10.0578 1852 aec - ok
00:02:10.0609 1852 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
00:02:10.0625 1852 AegisP - ok
00:02:10.0656 1852 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:02:10.0656 1852 AFD - ok
00:02:10.0671 1852 Aha154x - ok
00:02:10.0671 1852 aic78u2 - ok
00:02:10.0687 1852 aic78xx - ok
00:02:10.0703 1852 AliIde - ok
00:02:10.0734 1852 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
00:02:10.0734 1852 AmdLLD - ok
00:02:10.0765 1852 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
00:02:10.0765 1852 AmdPPM - ok
00:02:10.0781 1852 amsint - ok
00:02:10.0812 1852 AN983 (116bff96077a4a724e0aab800525ceb5) C:\WINDOWS\system32\DRIVERS\AN983.sys
00:02:10.0812 1852 AN983 - ok
00:02:10.0828 1852 asc - ok
00:02:10.0828 1852 asc3350p - ok
00:02:10.0843 1852 asc3550 - ok
00:02:10.0875 1852 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:02:10.0875 1852 AsyncMac - ok
00:02:10.0890 1852 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:02:10.0890 1852 atapi - ok
00:02:10.0906 1852 Atdisk - ok
00:02:10.0921 1852 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:02:10.0921 1852 Atmarpc - ok
00:02:10.0968 1852 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:02:10.0968 1852 audstub - ok
00:02:11.0031 1852 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:02:11.0031 1852 Beep - ok
00:02:11.0187 1852 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
00:02:11.0203 1852 BHDrvx86 - ok
00:02:11.0250 1852 BIOS (be5d50529799b9bab6be879ec768b6cf) C:\WINDOWS\system32\drivers\BIOS.sys
00:02:11.0296 1852 BIOS - ok
00:02:11.0312 1852 catchme - ok
00:02:11.0343 1852 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:02:11.0359 1852 cbidf2k - ok
00:02:11.0406 1852 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:02:11.0406 1852 CCDECODE - ok
00:02:11.0421 1852 cd20xrnt - ok
00:02:11.0453 1852 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:02:11.0453 1852 Cdaudio - ok
00:02:11.0484 1852 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:02:11.0484 1852 Cdfs - ok
00:02:11.0484 1852 Cdrom - ok
00:02:11.0500 1852 Changer - ok
00:02:11.0515 1852 CmdIde - ok
00:02:11.0531 1852 Cpqarray - ok
00:02:11.0562 1852 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\WINDOWS\system32\drivers\cpuz135_x32.sys
00:02:11.0562 1852 cpuz135 - ok
00:02:11.0578 1852 dac2w2k - ok
00:02:11.0578 1852 dac960nt - ok
00:02:11.0609 1852 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:02:11.0609 1852 Disk - ok
00:02:11.0671 1852 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:02:11.0671 1852 dmboot - ok
00:02:11.0687 1852 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:02:11.0687 1852 dmio - ok
00:02:11.0718 1852 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:02:11.0718 1852 dmload - ok
00:02:11.0781 1852 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:02:11.0781 1852 DMusic - ok
00:02:11.0796 1852 dpti2o - ok
00:02:11.0843 1852 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:02:11.0843 1852 drmkaud - ok
00:02:11.0859 1852 EagleXNt - ok
00:02:11.0953 1852 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
00:02:11.0953 1852 eeCtrl - ok
00:02:11.0968 1852 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
00:02:11.0984 1852 EraserUtilRebootDrv - ok
00:02:12.0015 1852 esgiguard - ok
00:02:12.0031 1852 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:02:12.0046 1852 Fastfat - ok
00:02:12.0078 1852 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
00:02:12.0078 1852 Fdc - ok
00:02:12.0093 1852 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:02:12.0093 1852 Fips - ok
00:02:12.0125 1852 FixZeroAccess (de42504d4cf8f1536251fbfb4b44f63b) C:\WINDOWS\system32\drivers\FixZeroAccess.sys
00:02:12.0125 1852 FixZeroAccess - ok
00:02:12.0156 1852 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
00:02:12.0156 1852 Flpydisk - ok
00:02:12.0187 1852 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:02:12.0187 1852 FltMgr - ok
00:02:12.0203 1852 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:02:12.0203 1852 Fs_Rec - ok
00:02:12.0218 1852 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:02:12.0218 1852 Ftdisk - ok
00:02:12.0234 1852 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
00:02:12.0234 1852 GEARAspiWDM - ok
00:02:12.0265 1852 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:02:12.0281 1852 Gpc - ok
00:02:12.0281 1852 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:02:12.0296 1852 HDAudBus - ok
00:02:12.0343 1852 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:02:12.0343 1852 hidusb - ok
00:02:12.0359 1852 hpn - ok
00:02:12.0406 1852 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:02:12.0421 1852 HTTP - ok
00:02:12.0421 1852 i2omgmt - ok
00:02:12.0437 1852 i2omp - ok
00:02:12.0500 1852 IDSxpx86 (cfbc1ce72e5353d428704659199147b1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120218.003\IDSxpx86.sys
00:02:12.0531 1852 IDSxpx86 - ok
00:02:12.0578 1852 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:02:12.0578 1852 Imapi - ok
00:02:12.0640 1852 ini910u - ok
00:02:12.0750 1852 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:02:12.0828 1852 IntcAzAudAddService - ok
00:02:12.0843 1852 IntelIde - ok
00:02:12.0859 1852 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:02:12.0859 1852 Ip6Fw - ok
00:02:12.0890 1852 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:02:12.0890 1852 IpFilterDriver - ok
00:02:12.0906 1852 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:02:12.0906 1852 IpInIp - ok
00:02:12.0937 1852 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:02:12.0937 1852 IpNat - ok
00:02:12.0953 1852 IPSec (19dd19fb992d6bf67811913b6feae577) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:02:12.0968 1852 IPSec ( Virus.Win32.ZAccess.c ) - infected
00:02:12.0968 1852 IPSec - detected Virus.Win32.ZAccess.c (0)
00:02:13.0000 1852 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:02:13.0000 1852 IRENUM - ok
00:02:13.0031 1852 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:02:13.0046 1852 isapnp - ok
00:02:13.0062 1852 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:02:13.0062 1852 Kbdclass - ok
00:02:13.0062 1852 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:02:13.0062 1852 kbdhid - ok
00:02:13.0078 1852 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:02:13.0093 1852 kmixer - ok
00:02:13.0125 1852 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:02:13.0125 1852 KSecDD - ok
00:02:13.0140 1852 lbrtfdc - ok
00:02:13.0171 1852 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:02:13.0171 1852 mnmdd - ok
00:02:13.0187 1852 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:02:13.0187 1852 Modem - ok
00:02:13.0234 1852 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:02:13.0234 1852 Mouclass - ok
00:02:13.0265 1852 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:02:13.0265 1852 mouhid - ok
00:02:13.0281 1852 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:02:13.0281 1852 MountMgr - ok
00:02:13.0281 1852 mraid35x - ok
00:02:13.0312 1852 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:02:13.0328 1852 MRxDAV - ok
00:02:13.0359 1852 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:02:13.0375 1852 MRxSmb - ok
00:02:13.0390 1852 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:02:13.0390 1852 Msfs - ok
00:02:13.0421 1852 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:02:13.0437 1852 MSKSSRV - ok
00:02:13.0437 1852 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:02:13.0437 1852 MSPCLOCK - ok
00:02:13.0453 1852 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:02:13.0453 1852 MSPQM - ok
00:02:13.0468 1852 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:02:13.0468 1852 mssmbios - ok
00:02:13.0500 1852 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:02:13.0500 1852 MSTEE - ok
00:02:13.0562 1852 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:02:13.0593 1852 Mup - ok
00:02:13.0625 1852 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:02:13.0640 1852 NABTSFEC - ok
00:02:13.0718 1852 NAVENG (862f55824ac81295837b0ab63f91071f) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120221.018\NAVENG.SYS
00:02:13.0718 1852 NAVENG - ok
00:02:13.0765 1852 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120221.018\NAVEX15.SYS
00:02:13.0781 1852 NAVEX15 - ok
00:02:13.0796 1852 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:02:13.0796 1852 NDIS - ok
00:02:13.0812 1852 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:02:13.0812 1852 NdisIP - ok
00:02:13.0843 1852 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:02:13.0843 1852 NdisTapi - ok
00:02:13.0890 1852 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:02:13.0890 1852 Ndisuio - ok
00:02:13.0906 1852 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:02:13.0906 1852 NdisWan - ok
00:02:13.0937 1852 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:02:13.0937 1852 NDProxy - ok
00:02:13.0953 1852 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:02:13.0953 1852 NetBIOS - ok
00:02:13.0968 1852 NetBT (40e65c560013869f14eceb904f15390d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:02:13.0968 1852 NetBT ( Virus.Win32.ZAccess.c ) - infected
00:02:13.0968 1852 NetBT - detected Virus.Win32.ZAccess.c (0)
00:02:14.0046 1852 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:02:14.0046 1852 Npfs - ok
00:02:14.0109 1852 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:02:14.0125 1852 Ntfs - ok
00:02:14.0140 1852 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:02:14.0140 1852 Null - ok
00:02:14.0406 1852 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:02:14.0875 1852 nv - ok
00:02:14.0921 1852 NVR0Dev (a2189fc364062aa336e3fc934e46e147) C:\WINDOWS\nvoclock.sys
00:02:14.0921 1852 NVR0Dev - ok
00:02:14.0937 1852 NVR0FLASHDev (d429e370a8581b80a3eaadfd88ce867b) C:\WINDOWS\nvflash.sys
00:02:14.0953 1852 NVR0FLASHDev - ok
00:02:14.0984 1852 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:02:14.0984 1852 NwlnkFlt - ok
00:02:15.0000 1852 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:02:15.0000 1852 NwlnkFwd - ok
00:02:15.0046 1852 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:02:15.0046 1852 Parport - ok
00:02:15.0125 1852 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:02:15.0125 1852 PartMgr - ok
00:02:15.0171 1852 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:02:15.0171 1852 ParVdm - ok
00:02:15.0203 1852 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:02:15.0203 1852 PCI - ok
00:02:15.0218 1852 PCIDump - ok
00:02:15.0234 1852 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:02:15.0234 1852 PCIIde - ok
00:02:15.0265 1852 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:02:15.0281 1852 Pcmcia - ok
00:02:15.0281 1852 PDCOMP - ok
00:02:15.0296 1852 PDFRAME - ok
00:02:15.0296 1852 PDRELI - ok
00:02:15.0312 1852 PDRFRAME - ok
00:02:15.0312 1852 perc2 - ok
00:02:15.0328 1852 perc2hib - ok
00:02:15.0390 1852 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
00:02:15.0390 1852 Point32 - ok
00:02:15.0406 1852 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:02:15.0406 1852 PptpMiniport - ok
00:02:15.0453 1852 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
00:02:15.0453 1852 Processor - ok
00:02:15.0484 1852 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:02:15.0500 1852 PSched - ok
00:02:15.0578 1852 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:02:15.0609 1852 Ptilink - ok
00:02:15.0640 1852 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:02:15.0640 1852 PxHelp20 - ok
00:02:15.0656 1852 ql1080 - ok
00:02:15.0671 1852 Ql10wnt - ok
00:02:15.0671 1852 ql12160 - ok
00:02:15.0687 1852 ql1240 - ok
00:02:15.0687 1852 ql1280 - ok
00:02:15.0718 1852 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:02:15.0718 1852 RasAcd - ok
00:02:15.0734 1852 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:02:15.0734 1852 Rasl2tp - ok
00:02:15.0734 1852 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:02:15.0750 1852 RasPppoe - ok
00:02:15.0750 1852 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:02:15.0750 1852 Raspti - ok
00:02:15.0765 1852 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:02:15.0765 1852 Rdbss - ok
00:02:15.0796 1852 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:02:15.0796 1852 RDPCDD - ok
00:02:15.0812 1852 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:02:15.0812 1852 rdpdr - ok
00:02:15.0859 1852 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:02:15.0859 1852 RDPWD - ok
00:02:15.0875 1852 redbook (f8bd4f5b8d4e871f4c3998c0f9aff0ae) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:02:15.0875 1852 redbook ( Virus.Win32.ZAccess.c ) - infected
00:02:15.0875 1852 redbook - detected Virus.Win32.ZAccess.c (0)
00:02:15.0953 1852 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys
00:02:15.0968 1852 rt2870 - ok
00:02:16.0015 1852 RTLE8023xp (b2961a8861da27c4562282c3707250f5) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
00:02:16.0015 1852 RTLE8023xp - ok
00:02:16.0046 1852 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:02:16.0046 1852 Secdrv - ok
00:02:16.0093 1852 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:02:16.0093 1852 serenum - ok
00:02:16.0156 1852 Serial (2e2fc3a9d9f5f9a938cf3e1af52ce8f2) C:\WINDOWS\system32\DRIVERS\serial.sys
00:02:16.0156 1852 Serial ( Virus.Win32.ZAccess.c ) - infected
00:02:16.0156 1852 Serial - detected Virus.Win32.ZAccess.c (0)
00:02:16.0171 1852 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:02:16.0171 1852 Sfloppy - ok
00:02:16.0187 1852 Simbad - ok
00:02:16.0218 1852 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:02:16.0218 1852 SLIP - ok
00:02:16.0234 1852 Sparrow - ok
00:02:16.0250 1852 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:02:16.0265 1852 splitter - ok
00:02:16.0312 1852 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\System32\Drivers\sptd.sys
00:02:16.0312 1852 sptd - ok
00:02:16.0343 1852 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:02:16.0359 1852 sr - ok
00:02:16.0453 1852 SRTSP (83726cf02eced69138948083e06b6eac) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS
00:02:16.0515 1852 SRTSP - ok
00:02:16.0562 1852 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS
00:02:16.0609 1852 SRTSPX - ok
00:02:16.0656 1852 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:02:16.0671 1852 Srv - ok
00:02:16.0703 1852 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
00:02:16.0703 1852 StillCam - ok
00:02:16.0703 1852 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:02:16.0718 1852 streamip - ok
00:02:16.0750 1852 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:02:16.0750 1852 swenum - ok
00:02:16.0765 1852 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:02:16.0765 1852 swmidi - ok
00:02:16.0781 1852 symc810 - ok
00:02:16.0781 1852 symc8xx - ok
00:02:16.0828 1852 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS
00:02:16.0828 1852 SymDS - ok
00:02:16.0859 1852 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS
00:02:16.0875 1852 SymEFA - ok
00:02:16.0921 1852 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
00:02:16.0921 1852 SymEvent - ok
00:02:16.0968 1852 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS
00:02:16.0968 1852 SymIRON - ok
00:02:17.0015 1852 SYMTDI (336cace58f0359d5cbb1ae6b8a2fb205) C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS
00:02:17.0031 1852 SYMTDI - ok
00:02:17.0031 1852 sym_hi - ok
00:02:17.0046 1852 sym_u3 - ok
00:02:17.0078 1852 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:02:17.0078 1852 sysaudio - ok
00:02:17.0140 1852 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:02:17.0140 1852 Tcpip - ok
00:02:17.0171 1852 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:02:17.0171 1852 TDPIPE - ok
00:02:17.0203 1852 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:02:17.0203 1852 TDTCP - ok
00:02:17.0234 1852 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:02:17.0234 1852 TermDD - ok
00:02:17.0250 1852 TosIde - ok
00:02:17.0296 1852 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:02:17.0312 1852 Udfs - ok
00:02:17.0312 1852 ultra - ok
00:02:17.0328 1852 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:02:17.0343 1852 Update - ok
00:02:17.0390 1852 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:02:17.0390 1852 usbaudio - ok
00:02:17.0421 1852 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:02:17.0421 1852 usbccgp - ok
00:02:17.0515 1852 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:02:17.0515 1852 usbehci - ok
00:02:17.0593 1852 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:02:17.0593 1852 usbhub - ok
00:02:17.0625 1852 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:02:17.0625 1852 usbohci - ok
00:02:17.0656 1852 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:02:17.0656 1852 usbprint - ok
00:02:17.0671 1852 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:02:17.0671 1852 usbscan - ok
00:02:17.0734 1852 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:02:17.0734 1852 USBSTOR - ok
00:02:17.0765 1852 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:02:17.0765 1852 usbvideo - ok
00:02:17.0828 1852 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:02:17.0843 1852 VgaSave - ok
00:02:17.0843 1852 ViaIde - ok
00:02:17.0890 1852 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:02:17.0906 1852 VolSnap - ok
00:02:17.0921 1852 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:02:17.0921 1852 Wanarp - ok
00:02:17.0953 1852 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:02:17.0968 1852 Wdf01000 - ok
00:02:17.0968 1852 WDICA - ok
00:02:18.0000 1852 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:02:18.0015 1852 wdmaud - ok
00:02:18.0078 1852 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:02:18.0078 1852 WS2IFSL - ok
00:02:18.0109 1852 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:02:18.0109 1852 WSTCODEC - ok
00:02:18.0156 1852 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:02:18.0156 1852 WudfPf - ok
00:02:18.0187 1852 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:02:18.0187 1852 WudfRd - ok
00:02:18.0218 1852 xusb21 (a640c90b007762939507c28a021be3b3) C:\WINDOWS\system32\DRIVERS\xusb21.sys
00:02:18.0218 1852 xusb21 - ok
00:02:18.0250 1852 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
00:02:18.0468 1852 \Device\Harddisk0\DR0 - ok
00:02:18.0515 1852 Boot (0x1200) (280b3e192dcec89eb600f8f8f6a136d6) \Device\Harddisk0\DR0\Partition0
00:02:18.0515 1852 \Device\Harddisk0\DR0\Partition0 - ok
00:02:18.0515 1852 ============================================================
00:02:18.0515 1852 Scan finished
00:02:18.0515 1852 ============================================================
00:02:18.0515 4076 Detected object count: 4
00:02:18.0515 4076 Actual detected object count: 4
00:02:26.0453 4076 C:\WINDOWS\system32\DRIVERS\ipsec.sys - copied to quarantine
00:02:26.0500 4076 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\ipsec.sys) error 1813
00:02:27.0734 4076 Backup copy found, using it..
00:02:27.0890 4076 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured on reboot
00:02:29.0562 4076 IPSec ( Virus.Win32.ZAccess.c ) - User select action: Cure
00:02:29.0609 4076 C:\WINDOWS\system32\DRIVERS\netbt.sys - copied to quarantine
00:02:29.0640 4076 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\netbt.sys) error 1813
00:02:33.0750 4076 Backup copy found, using it..
00:02:33.0906 4076 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured on reboot
00:02:35.0156 4076 NetBT ( Virus.Win32.ZAccess.c ) - User select action: Cure
00:02:35.0250 4076 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine
00:02:35.0265 4076 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\redbook.sys) error 1813
00:02:35.0906 4076 Backup copy found, using it..
00:02:36.0125 4076 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
00:02:37.0546 4076 redbook ( Virus.Win32.ZAccess.c ) - User select action: Cure
00:02:37.0656 4076 C:\WINDOWS\system32\DRIVERS\serial.sys - copied to quarantine
00:02:37.0671 4076 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys) error 1813
00:02:37.0703 4076 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\serial.sys_backup) error 1813
00:02:40.0265 4076 Backup copy found, using it..
00:02:40.0484 4076 C:\WINDOWS\system32\DRIVERS\serial.sys - will be cured on reboot
00:02:41.0750 4076 Serial ( Virus.Win32.ZAccess.c ) - User select action: Cure
00:02:50.0343 3292 Deinitialize success






aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-22 00:08:44
-----------------------------
00:08:44.140 OS Version: Windows 5.1.2600 Service Pack 3
00:08:44.140 Number of processors: 2 586 0x6B01
00:08:44.140 ComputerName: MINERS-COMP UserName: Eric
00:08:45.921 Initialize success
00:14:07.484 AVAST engine defs: 12022101
00:14:10.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
00:14:10.734 Disk 0 Vendor: WDC_WD5000AAKS-00V1A0 05.01D05 Size: 476940MB BusType: 3
00:14:10.750 Disk 0 MBR read successfully
00:14:10.750 Disk 0 MBR scan
00:14:10.765 Disk 0 Windows XP default MBR code
00:14:10.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
00:14:10.781 Disk 0 scanning sectors +976752000
00:14:10.875 Disk 0 scanning C:\WINDOWS\system32\drivers
00:14:17.375 File: C:\WINDOWS\system32\drivers\serial.sys_backup **INFECTED** Win32:Aluroot-B [Rtk]
00:14:20.390 Disk 0 trace - called modules:
00:14:20.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:14:20.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aad6ab8]
00:14:20.406 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000077[0x8aada510]
00:14:20.406 5 ACPI.sys[f7347620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aaeb940]
00:14:21.796 AVAST engine scan C:\WINDOWS
00:14:31.343 AVAST engine scan C:\WINDOWS\system32
00:17:29.437 AVAST engine scan C:\WINDOWS\system32\drivers
00:17:38.593 File: C:\WINDOWS\system32\drivers\serial.sys_backup **INFECTED** Win32:Aluroot-B [Rtk]
00:17:51.843 AVAST engine scan C:\Documents and Settings\Eric
00:21:39.953 AVAST engine scan C:\Documents and Settings\All Users
00:22:23.265 Scan finished successfully
00:22:40.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat"
00:22:40.296 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 22 February 2012 - 06:18 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\WINDOWS\system32\drivers\serial.sys_backup
c:\windows\system32\dds_trash_log.cmd

Folder::
c:\program files\BitTorrentBar

Firefox::
FF - ProfilePath - c:\documents and settings\Eric\Application Data\Mozilla\Firefox\Profiles\hz0udmys.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 25 February 2012 - 12:48 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:17 PM

Posted 28 February 2012 - 12:28 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users