Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Appear to be infected with iSecuity


  • Please log in to reply
10 replies to this topic

#1 TCsparks

TCsparks

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 26 February 2012 - 09:09 PM

Running Windows XP Pro
My wife had an iSecurity window popup. I happened to be home so went right after it with Malwarebytes free scan in regular mode then safe mode.
It appeared to work but then I realized that the usual Windows Security Center icon in the system tray is missing.

Symptoms? :
The machine will slow dramatically and the processor usage pegs at 100% making it virtually unusable.
I attempted to get to the web and discovered Firefox and IE had been redirected.
I have run Malwarebytes several times and while it shows clear one time, the next time I run it there will be 2-4 malicious files detected. I select remove.
In the end the machine is still obviously compromised.

I have looked over several iSecurity posts, but I'm not comfortable trying someone else's fix on this machine.

I await a response, at your convenience.
Thank you in advance.

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:51 PM

Posted 26 February 2012 - 09:15 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 TCsparks

TCsparks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 27 February 2012 - 08:56 PM

Thank you for the quick response. I have 2 of 3 done. Would have had them all up last night but 'GMER' keeps popping up 'Still scanning, do you wish to continue scan' yes/no - perhaps i started the manual scan too soon. The program seems to be done with it's initial scan on startup fairly quickly - there is no activity on the screen or hard drive that I can see. So I select 'scan' and the windows start popping up. It locked up the computer once, and rebooted the second attempt.
It seems to be a rather lengthy process from what I did see...

I have just opened it and am waiting for a good length of time before I try to scan with the button.

TDSSKiller log:

20:27:58.0142 2084 TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
20:27:58.0642 2084 ============================================================
20:27:58.0642 2084 Current date / time: 2012/02/26 20:27:58.0642
20:27:58.0642 2084 SystemInfo:
20:27:58.0642 2084
20:27:58.0642 2084 OS Version: 5.1.2600 ServicePack: 3.0
20:27:58.0642 2084 Product type: Workstation
20:27:58.0642 2084 ComputerName: T001
20:27:58.0642 2084 UserName: Jerri
20:27:58.0642 2084 Windows directory: C:\WINDOWS
20:27:58.0642 2084 System windows directory: C:\WINDOWS
20:27:58.0642 2084 Processor architecture: Intel x86
20:27:58.0642 2084 Number of processors: 2
20:27:58.0642 2084 Page size: 0x1000
20:27:58.0642 2084 Boot type: Normal boot
20:27:58.0642 2084 ============================================================
20:28:00.0595 2084 Drive \Device\Harddisk0\DR0 - Size: 0x25433D4000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
20:28:00.0626 2084 Drive \Device\Harddisk1\DR1 - Size: 0x1757ACFE00 (93.37 Gb), SectorSize: 0x200, Cylinders: 0x2F9C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
20:28:00.0626 2084 Drive \Device\Harddisk2\DR8 - Size: 0x3BD800000 (14.96 Gb), SectorSize: 0x200, Cylinders: 0x7A1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:28:00.0626 2084 \Device\Harddisk0\DR0:
20:28:00.0626 2084 MBR used
20:28:00.0626 2084 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x6FE3388
20:28:00.0642 2084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x6FE3406, BlocksNum 0xBA356BB
20:28:00.0642 2084 \Device\Harddisk1\DR1:
20:28:00.0642 2084 MBR used
20:28:00.0642 2084 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x50014A7
20:28:00.0658 2084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x5001525, BlocksNum 0x6AB58B6
20:28:00.0658 2084 \Device\Harddisk2\DR8:
20:28:00.0658 2084 MBR used
20:28:00.0658 2084 \Device\Harddisk2\DR8\Partition0: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1DEA080
20:28:00.0767 2084 Initialize success
20:28:00.0767 2084 ============================================================
20:29:16.0142 2412 ============================================================
20:29:16.0142 2412 Scan started
20:29:16.0142 2412 Mode: Manual; TDLFS;
20:29:16.0142 2412 ============================================================
20:29:17.0580 2412 Abiosdsk - ok
20:29:17.0595 2412 abp480n5 - ok
20:29:17.0673 2412 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:29:17.0673 2412 ACPI - ok
20:29:17.0705 2412 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:29:17.0705 2412 ACPIEC - ok
20:29:17.0720 2412 adpu160m - ok
20:29:17.0783 2412 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:29:17.0783 2412 aeaudio - ok
20:29:17.0861 2412 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:29:17.0861 2412 aec - ok
20:29:17.0923 2412 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:29:17.0923 2412 AFD - ok
20:29:17.0939 2412 Aha154x - ok
20:29:17.0970 2412 aic78u2 - ok
20:29:17.0986 2412 aic78xx - ok
20:29:18.0064 2412 AliIde - ok
20:29:18.0111 2412 amsint - ok
20:29:18.0173 2412 asc - ok
20:29:18.0220 2412 asc3350p - ok
20:29:18.0236 2412 asc3550 - ok
20:29:18.0298 2412 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:29:18.0298 2412 AsyncMac - ok
20:29:18.0392 2412 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:29:18.0392 2412 atapi - ok
20:29:18.0423 2412 Atdisk - ok
20:29:18.0455 2412 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:29:18.0470 2412 Atmarpc - ok
20:29:18.0580 2412 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:29:18.0580 2412 audstub - ok
20:29:18.0626 2412 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:29:18.0626 2412 Beep - ok
20:29:18.0673 2412 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:29:18.0673 2412 cbidf2k - ok
20:29:18.0689 2412 cd20xrnt - ok
20:29:18.0720 2412 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:29:18.0720 2412 Cdaudio - ok
20:29:18.0783 2412 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:29:18.0783 2412 Cdfs - ok
20:29:18.0830 2412 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:29:18.0830 2412 Cdrom - ok
20:29:18.0845 2412 Changer - ok
20:29:18.0892 2412 CmdIde - ok
20:29:18.0939 2412 Cpqarray - ok
20:29:18.0955 2412 dac2w2k - ok
20:29:18.0970 2412 dac960nt - ok
20:29:19.0033 2412 DcCam (1b269ed3eb2d81ec11cd5b0544e89962) C:\WINDOWS\system32\DRIVERS\DcCam.sys
20:29:19.0033 2412 DcCam - ok
20:29:19.0095 2412 DcFpoint (bd6ce20068159f9714ebe9e76decab2c) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
20:29:19.0095 2412 DcFpoint - ok
20:29:19.0142 2412 DCFS2K (1315e0b5b6fc1fe930ee3498309700bd) C:\WINDOWS\system32\drivers\dcfs2k.sys
20:29:19.0142 2412 DCFS2K - ok
20:29:19.0158 2412 DcLps (5f5055efb3e0820f349924e7c5bd5af4) C:\WINDOWS\system32\DRIVERS\DcLps.sys
20:29:19.0173 2412 DcLps - ok
20:29:19.0205 2412 DcPTP (31689427da60a724b31a622b35ed21ec) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
20:29:19.0205 2412 DcPTP - ok
20:29:19.0251 2412 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:29:19.0251 2412 Disk - ok
20:29:19.0298 2412 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:29:19.0345 2412 dmboot - ok
20:29:19.0376 2412 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:29:19.0376 2412 dmio - ok
20:29:19.0392 2412 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:29:19.0392 2412 dmload - ok
20:29:19.0455 2412 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:29:19.0455 2412 DMusic - ok
20:29:19.0486 2412 dpti2o - ok
20:29:19.0533 2412 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:29:19.0533 2412 drmkaud - ok
20:29:19.0580 2412 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
20:29:19.0580 2412 ENTECH - ok
20:29:19.0642 2412 Exportit (f85ffdeae43f9e9a7c3f4e3cc5ef09eb) C:\WINDOWS\system32\DRIVERS\exportit.sys
20:29:19.0658 2412 Exportit - ok
20:29:19.0705 2412 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:29:19.0705 2412 Fastfat - ok
20:29:19.0751 2412 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:29:19.0751 2412 Fdc - ok
20:29:19.0783 2412 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:29:19.0783 2412 Fips - ok
20:29:19.0814 2412 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:29:19.0814 2412 Flpydisk - ok
20:29:19.0845 2412 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:29:19.0845 2412 FltMgr - ok
20:29:19.0876 2412 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:29:19.0876 2412 Fs_Rec - ok
20:29:19.0892 2412 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:29:19.0892 2412 Ftdisk - ok
20:29:19.0955 2412 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
20:29:20.0330 2412 gdrv - ok
20:29:20.0423 2412 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:29:20.0423 2412 GEARAspiWDM - ok
20:29:20.0455 2412 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:29:20.0455 2412 Gpc - ok
20:29:20.0517 2412 hpn - ok
20:29:20.0533 2412 hpt3xx - ok
20:29:20.0580 2412 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:29:20.0580 2412 HTTP - ok
20:29:20.0595 2412 i2omgmt - ok
20:29:20.0611 2412 i2omp - ok
20:29:20.0658 2412 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:29:20.0658 2412 i8042prt - ok
20:29:20.0689 2412 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:29:20.0689 2412 Imapi - ok
20:29:20.0767 2412 ini910u - ok
20:29:20.0783 2412 IntelIde - ok
20:29:20.0830 2412 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:29:20.0830 2412 intelppm - ok
20:29:20.0861 2412 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:29:20.0861 2412 ip6fw - ok
20:29:20.0923 2412 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:29:20.0923 2412 IpFilterDriver - ok
20:29:20.0970 2412 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:29:20.0986 2412 IpInIp - ok
20:29:21.0033 2412 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:29:21.0033 2412 IpNat - ok
20:29:21.0111 2412 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:29:21.0111 2412 IPSec - ok
20:29:21.0158 2412 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:29:21.0158 2412 IRENUM - ok
20:29:21.0189 2412 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:29:21.0189 2412 isapnp - ok
20:29:21.0236 2412 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:29:21.0236 2412 Kbdclass - ok
20:29:21.0298 2412 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:29:21.0298 2412 kmixer - ok
20:29:21.0345 2412 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:29:21.0345 2412 KSecDD - ok
20:29:21.0376 2412 L8042pr2 (0f8b7bf7097d1e8d78f2f52a2bea03cd) C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
20:29:21.0376 2412 L8042pr2 - ok
20:29:21.0455 2412 lbrtfdc - ok
20:29:21.0517 2412 LMouFlt2 (aef09673376a4d93c09e8341854f1bf4) C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
20:29:21.0517 2412 LMouFlt2 - ok
20:29:21.0580 2412 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:29:21.0580 2412 mnmdd - ok
20:29:21.0626 2412 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:29:21.0626 2412 Modem - ok
20:29:21.0689 2412 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:29:21.0689 2412 Mouclass - ok
20:29:21.0705 2412 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:29:21.0720 2412 MountMgr - ok
20:29:21.0736 2412 mraid35x - ok
20:29:21.0751 2412 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:29:21.0751 2412 MRxDAV - ok
20:29:21.0814 2412 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:29:21.0814 2412 MRxSmb - ok
20:29:21.0876 2412 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:29:21.0876 2412 Msfs - ok
20:29:21.0908 2412 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:29:21.0908 2412 MSKSSRV - ok
20:29:21.0970 2412 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:29:21.0970 2412 MSPCLOCK - ok
20:29:22.0017 2412 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:29:22.0017 2412 MSPQM - ok
20:29:22.0080 2412 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:29:22.0080 2412 mssmbios - ok
20:29:22.0126 2412 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:29:22.0126 2412 Mup - ok
20:29:22.0158 2412 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:29:22.0158 2412 NDIS - ok
20:29:22.0173 2412 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:29:22.0189 2412 NdisTapi - ok
20:29:22.0205 2412 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:29:22.0205 2412 Ndisuio - ok
20:29:22.0220 2412 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:29:22.0220 2412 NdisWan - ok
20:29:22.0267 2412 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:29:22.0267 2412 NDProxy - ok
20:29:22.0314 2412 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:29:22.0314 2412 NetBIOS - ok
20:29:22.0361 2412 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:29:22.0361 2412 NetBT - ok
20:29:22.0439 2412 nmwcd (cfe3462a9e94a57dcd9676f6b7fe7f67) C:\WINDOWS\system32\drivers\ccdcmb.sys
20:29:22.0439 2412 nmwcd - ok
20:29:22.0501 2412 nmwcdc (8f2a94f991f8c73cec26b4b5620d1edc) C:\WINDOWS\system32\drivers\ccdcmbo.sys
20:29:22.0501 2412 nmwcdc - ok
20:29:22.0517 2412 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:29:22.0517 2412 Npfs - ok
20:29:22.0564 2412 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:29:22.0564 2412 Ntfs - ok
20:29:22.0658 2412 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:29:22.0658 2412 Null - ok
20:29:22.0939 2412 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:29:23.0158 2412 nv - ok
20:29:23.0220 2412 NVR0Dev (9ce1b0e5cfa8223cec3be1c7616e9f63) C:\WINDOWS\nvoclock.sys
20:29:23.0283 2412 NVR0Dev - ok
20:29:23.0330 2412 NVR0FLASHDev (a73f918ec995dddbfb0d0cf1f546089a) C:\WINDOWS\nvflash.sys
20:29:23.0330 2412 NVR0FLASHDev - ok
20:29:23.0408 2412 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:29:23.0408 2412 NwlnkFlt - ok
20:29:23.0455 2412 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:29:23.0455 2412 NwlnkFwd - ok
20:29:23.0517 2412 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:29:23.0517 2412 Parport - ok
20:29:23.0564 2412 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:29:23.0580 2412 PartMgr - ok
20:29:23.0626 2412 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:29:23.0626 2412 ParVdm - ok
20:29:23.0658 2412 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
20:29:23.0658 2412 pccsmcfd - ok
20:29:23.0689 2412 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:29:23.0689 2412 PCI - ok
20:29:23.0720 2412 PCIDump - ok
20:29:23.0767 2412 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:29:23.0767 2412 PCIIde - ok
20:29:23.0814 2412 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:29:23.0830 2412 Pcmcia - ok
20:29:23.0861 2412 PDCOMP - ok
20:29:23.0908 2412 PDFRAME - ok
20:29:23.0939 2412 PDRELI - ok
20:29:24.0017 2412 PDRFRAME - ok
20:29:24.0080 2412 perc2 - ok
20:29:24.0126 2412 perc2hib - ok
20:29:24.0251 2412 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:29:24.0251 2412 PptpMiniport - ok
20:29:24.0283 2412 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:29:24.0283 2412 Processor - ok
20:29:24.0314 2412 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:29:24.0314 2412 PSched - ok
20:29:24.0345 2412 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:29:24.0345 2412 Ptilink - ok
20:29:24.0392 2412 PxHelp20 (db3b30c3a4cdcf07e164c14584d9d0f2) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:29:24.0392 2412 PxHelp20 - ok
20:29:24.0408 2412 ql1080 - ok
20:29:24.0423 2412 Ql10wnt - ok
20:29:24.0439 2412 ql12160 - ok
20:29:24.0486 2412 ql1240 - ok
20:29:24.0501 2412 ql1280 - ok
20:29:24.0548 2412 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:29:24.0548 2412 RasAcd - ok
20:29:24.0595 2412 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:29:24.0595 2412 Rasl2tp - ok
20:29:24.0611 2412 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:29:24.0611 2412 RasPppoe - ok
20:29:24.0626 2412 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:29:24.0626 2412 Raspti - ok
20:29:24.0673 2412 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:29:24.0673 2412 Rdbss - ok
20:29:24.0689 2412 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:29:24.0689 2412 RDPCDD - ok
20:29:24.0736 2412 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:29:24.0751 2412 rdpdr - ok
20:29:24.0798 2412 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:29:24.0798 2412 RDPWD - ok
20:29:24.0830 2412 redbook (f8bd4f5b8d4e871f4c3998c0f9aff0ae) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:29:24.0830 2412 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: f8bd4f5b8d4e871f4c3998c0f9aff0ae, Fake md5: f828dd7e1419b6653894a8f97a0094c5
20:29:24.0830 2412 redbook ( Virus.Win32.ZAccess.c ) - infected
20:29:24.0830 2412 redbook - detected Virus.Win32.ZAccess.c (0)
20:29:24.0908 2412 RivaTuner32 (c0c8909be3ecc9df8089112bf9be954e) C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys
20:29:24.0908 2412 RivaTuner32 - ok
20:29:25.0001 2412 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:29:25.0001 2412 Secdrv - ok
20:29:25.0033 2412 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:29:25.0048 2412 serenum - ok
20:29:25.0064 2412 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:29:25.0064 2412 Serial - ok
20:29:25.0126 2412 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:29:25.0126 2412 Sfloppy - ok
20:29:25.0142 2412 Simbad - ok
20:29:25.0205 2412 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
20:29:25.0205 2412 SISNIC - ok
20:29:25.0236 2412 SiSRaid (4c597e4de6edf6453990059ba0eac7d0) C:\WINDOWS\system32\drivers\SiSRaid.sys
20:29:25.0236 2412 SiSRaid - ok
20:29:25.0267 2412 smwdm (bf208c85119770e6a9b6577019a3d810) C:\WINDOWS\system32\drivers\smwdm.sys
20:29:25.0283 2412 smwdm - ok
20:29:25.0314 2412 Sparrow - ok
20:29:25.0361 2412 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:29:25.0361 2412 splitter - ok
20:29:25.0392 2412 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:29:25.0392 2412 sr - ok
20:29:25.0455 2412 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:29:25.0470 2412 Srv - ok
20:29:25.0517 2412 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:29:25.0533 2412 StillCam - ok
20:29:25.0564 2412 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:29:25.0564 2412 swenum - ok
20:29:25.0595 2412 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:29:25.0595 2412 swmidi - ok
20:29:25.0642 2412 symc810 - ok
20:29:25.0673 2412 symc8xx - ok
20:29:25.0689 2412 sym_hi - ok
20:29:25.0720 2412 sym_u3 - ok
20:29:25.0751 2412 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:29:25.0751 2412 sysaudio - ok
20:29:25.0814 2412 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:29:25.0814 2412 Tcpip - ok
20:29:25.0845 2412 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:29:25.0845 2412 TDPIPE - ok
20:29:25.0876 2412 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:29:25.0876 2412 TDTCP - ok
20:29:25.0923 2412 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:29:25.0923 2412 TermDD - ok
20:29:25.0955 2412 TosIde - ok
20:29:26.0001 2412 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
20:29:26.0001 2412 uagp35 - ok
20:29:26.0033 2412 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:29:26.0048 2412 Udfs - ok
20:29:26.0064 2412 ultra - ok
20:29:26.0095 2412 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:29:26.0095 2412 Update - ok
20:29:26.0142 2412 upperdev (ec01da44b090d2651fc032c8b9257232) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
20:29:26.0142 2412 upperdev - ok
20:29:26.0189 2412 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:29:26.0189 2412 USBAAPL - ok
20:29:26.0251 2412 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:29:26.0251 2412 usbaudio - ok
20:29:26.0314 2412 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:29:26.0314 2412 usbccgp - ok
20:29:26.0392 2412 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:29:26.0392 2412 usbehci - ok
20:29:26.0439 2412 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:29:26.0439 2412 usbhub - ok
20:29:26.0486 2412 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
20:29:26.0486 2412 usbohci - ok
20:29:26.0580 2412 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:29:26.0580 2412 usbscan - ok
20:29:26.0642 2412 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
20:29:26.0642 2412 usbser - ok
20:29:26.0673 2412 UsbserFilt (4abd37cfbd710e64f01f9da8710c73f7) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
20:29:26.0673 2412 UsbserFilt - ok
20:29:26.0751 2412 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:29:26.0751 2412 USBSTOR - ok
20:29:26.0830 2412 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:29:26.0830 2412 VgaSave - ok
20:29:26.0830 2412 ViaIde - ok
20:29:26.0892 2412 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:29:26.0892 2412 VolSnap - ok
20:29:26.0923 2412 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:29:26.0923 2412 Wanarp - ok
20:29:26.0970 2412 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
20:29:26.0970 2412 Wdf01000 - ok
20:29:27.0001 2412 WDICA - ok
20:29:27.0017 2412 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:29:27.0017 2412 wdmaud - ok
20:29:27.0111 2412 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
20:29:27.0111 2412 WinUSB - ok
20:29:27.0173 2412 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
20:29:27.0173 2412 WpdUsb - ok
20:29:27.0236 2412 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:29:27.0236 2412 WudfPf - ok
20:29:27.0267 2412 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:29:27.0267 2412 WudfRd - ok
20:29:27.0314 2412 zumbus (ae279cd76b38fc079eec3ca6d65a5926) C:\WINDOWS\system32\DRIVERS\zumbus.sys
20:29:27.0314 2412 zumbus - ok
20:29:27.0361 2412 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:29:27.0626 2412 \Device\Harddisk0\DR0 - ok
20:29:27.0642 2412 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
20:29:28.0142 2412 \Device\Harddisk1\DR1 - ok
20:29:28.0142 2412 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR8
20:29:30.0283 2412 \Device\Harddisk2\DR8 - ok
20:29:30.0314 2412 Boot (0x1200) (12c9e7216cd3a21200f45885158fbeaf) \Device\Harddisk0\DR0\Partition0
20:29:30.0314 2412 \Device\Harddisk0\DR0\Partition0 - ok
20:29:30.0330 2412 Boot (0x1200) (3a9d1a1d122764181514c95ef875f874) \Device\Harddisk0\DR0\Partition1
20:29:30.0345 2412 \Device\Harddisk0\DR0\Partition1 - ok
20:29:30.0361 2412 Boot (0x1200) (ef0972b6d2a337678eb86944c07fe683) \Device\Harddisk1\DR1\Partition0
20:29:30.0361 2412 \Device\Harddisk1\DR1\Partition0 - ok
20:29:30.0361 2412 Boot (0x1200) (5f8cd8021a093a55becca2f3ea5baadb) \Device\Harddisk1\DR1\Partition1
20:29:30.0361 2412 \Device\Harddisk1\DR1\Partition1 - ok
20:29:30.0376 2412 Boot (0x1200) (da12e3be16729f85c1b2e8d426a318ba) \Device\Harddisk2\DR8\Partition0
20:29:30.0376 2412 \Device\Harddisk2\DR8\Partition0 - ok
20:29:30.0376 2412 ============================================================
20:29:30.0376 2412 Scan finished
20:29:30.0376 2412 ============================================================
20:29:30.0408 2028 Detected object count: 1
20:29:30.0408 2028 Actual detected object count: 1
20:30:48.0767 2028 C:\WINDOWS\system32\DRIVERS\redbook.sys - copied to quarantine
20:30:49.0892 2028 Backup copy found, using it..
20:30:49.0923 2028 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured on reboot
20:30:52.0189 2028 redbook ( Virus.Win32.ZAccess.c ) - User select action: Cure
20:31:06.0705 2172 Deinitialize success


ASW Log:

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-02-27 18:54:54
-----------------------------
18:54:54.750 OS Version: Windows 5.1.2600 Service Pack 3
18:54:54.750 Number of processors: 2 586 0x401
18:54:54.750 ComputerName: T001 UserName:
18:54:55.187 Initialize success
18:55:05.218 AVAST engine defs: 12022701
18:55:33.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\SiSRaid1Port2Path0Target0Lun0
18:55:33.218 Disk 0 Vendor: ST316081 ____ Size: 152627MB BusType: 1
18:55:33.218 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\SiSRaid1Port2Path0Target2Lun0
18:55:33.218 Disk 1 Vendor: Maxtor_6 ____ Size: 95610MB BusType: 1
18:55:33.218 Device \Driver\SiSRaid -> DriverStartIo SCSIPORT.SYS f748540e
18:55:33.234 Disk 0 MBR read successfully
18:55:33.250 Disk 0 MBR scan
18:55:33.265 Disk 0 Windows XP default MBR code
18:55:33.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 57286 MB offset 63
18:55:33.265 Disk 0 Partition - 00 0F Extended LBA 95338 MB offset 117322695
18:55:33.296 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 95338 MB offset 117322758
18:55:33.312 Disk 0 scanning sectors +312576705
18:55:33.390 Disk 0 scanning C:\WINDOWS\system32\drivers
18:55:43.078 Service scanning
18:55:58.765 Modules scanning
18:56:03.718 Disk 0 trace - called modules:
18:56:03.734 ntoskrnl.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll SiSRaid.sys
18:56:03.734 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8efab8]
18:56:03.734 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\Scsi\SiSRaid1Port2Path0Target0Lun0[0x8a8dca38]
18:56:03.984 AVAST engine scan C:\WINDOWS
18:56:16.609 AVAST engine scan C:\WINDOWS\system32
18:56:49.218 File: C:\WINDOWS\system32\jGHhhSg4W.com **INFECTED** Win32:IRCBot-EMN [Trj]
18:56:49.281 File: C:\WINDOWS\system32\jGHhhSg4W.com_ **INFECTED** Win32:IRCBot-EMN [Trj]
18:58:43.640 AVAST engine scan C:\WINDOWS\system32\drivers
18:58:59.875 AVAST engine scan C:\Documents and Settings\Jerri
18:59:21.046 File: C:\Documents and Settings\Jerri\Application Data\Sun\Java\Deployment\cache\6.0\16\4741ead0-65caa282 **INFECTED** Win32:Small-HTWP [Trj]
19:03:32.515 AVAST engine scan C:\Documents and Settings\All Users
19:04:14.812 Scan finished successfully
19:05:19.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jerri\Desktop\MBR.dat"
19:05:19.859 The log file has been saved successfully to "C:\Documents and Settings\Jerri\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:51 PM

Posted 27 February 2012 - 09:12 PM

Boot the PC into safemode with networking by pressing F8 at bootup

Run TDSSkiller once again,let me know if TDSSkiller still finds infections.

Try to run GMER in safemode

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Edited by narenxp, 27 February 2012 - 09:12 PM.


#5 TCsparks

TCsparks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 27 February 2012 - 09:47 PM

TDSSKiller found nothing in safe mode
ESET is doing its thing now...

#6 TCsparks

TCsparks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 27 February 2012 - 11:44 PM

ESET output:

C:\Documents and Settings\Administrator\Local Settings\Temp\Photo.class Java/Exploit.CVE-2011-3544.AU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\I8YTBJ29\score[1].swf SWF/Exploit.Agent.DU trojan cleaned by deleting - quarantined
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\T1YE85WN\field[1].swf SWF/Exploit.Blacole.AA trojan cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinMuollo3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\Jerri\Application Data\Sun\Java\Deployment\cache\6.0\16\4741ead0-65caa282 Win32/TrojanDownloader.Vespula.AF trojan cleaned by deleting - quarantined
C:\Documents and Settings\Jerri\Local Settings\Temp\Photo.class a variant of Java/Exploit.CVE-2011-3544.AU trojan cleaned by deleting - quarantined
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\11MXCGE5\db9ec79273e2ed1ece5c5e3a7bed8d0d[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\TDSSKiller_Quarantine\26.02.2012_20.27.58\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Sirefef.DA trojan cleaned by deleting - quarantined
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys a variant of Win32/Rootkit.Kryptik.JQ trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\jGHhhSg4W.com Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\jGHhhSg4W.com_ Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\hki22732.exe Win32/TrojanClicker.Agent.NEB trojan cleaned by deleting - quarantined
C:\WINDOWS\Temp\urarrk\setup.exe a variant of Win32/Kryptik.ABEE trojan cleaned by deleting - quarantined
E:\Archive\NeroBackItUp4\Nero_BackItUp-4.2.16.0_update.exe Win32/Toolbar.AskSBar application deleted - quarantined

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:51 PM

Posted 28 February 2012 - 04:50 AM

Try to run GMER in safemode

good luck

#8 TCsparks

TCsparks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 29 February 2012 - 07:23 AM

OK finally got a complete run of GMER and here's the log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-29 06:14:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\SiSRaid1Port2Path0Target0Lun0 ST316081 rev.____
Running: cdm2dwwn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdipog.sys


---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB16533$\2719857594 0 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349 0 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\cfg.ini 279 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\L 0 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\L\akygdmgo 57600 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\oemid 197 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U 0 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB16533$\72369349\version 847 bytes

---- EOF - GMER 1.0.15 ----

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:51 PM

Posted 29 February 2012 - 10:06 AM

You're infected by zero access rootkit which needs advanced tools

Read the guide on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

Edited by narenxp, 29 February 2012 - 10:06 AM.


#10 TCsparks

TCsparks
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:51 PM

Posted 29 February 2012 - 09:39 PM

Thank you for your time, I'll continue towards the solution

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:51 PM

Posted 01 March 2012 - 02:29 AM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users