Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG Finds Trojans/Internet doesn't work


  • Please log in to reply
7 replies to this topic

#1 A. Linenberger

A. Linenberger

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 11 March 2012 - 06:18 PM

Hello all-

I'm hoping you can help me. My computer had been acting up, so I ran a full AVG scan, and it told me that I had 5-6 trojans/viruses. I told it to Quarantine the items, which it did, and then ran a Malwarebytes scan, which turned up clean. After I rebooted my computer, I received quite a few AVG notifications that there were trojans still present, and when I went to go online, Firefox and IE will not connect. I tried disabling my wired connection, which didn't do anything, and when I tell Windows to repair the connection, I receive this message:

"Windows could not finish repairing the problem because the following action cannot be completed: Failed to query TCP/IP settings of the connection. Cannot proceed."

Furthermore, I get a notification that my firewall is turned off via Windows Security Center

Any help you can give is appreciated. While not entirely computer illiterate, this is the first time I've used a forum...I'm stumped.

I am using Windows XP with Service Pack 3.

Thanks!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 AM

Posted 11 March 2012 - 06:20 PM

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

#3 A. Linenberger

A. Linenberger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 11 March 2012 - 06:37 PM

Here is the log:

Farbar Service Scanner Version: 01-03-2012
Ran by EZ-PC Customer (administrator) on 11-03-2012 at 18:34:25
Running from "C:\Documents and Settings\EZ-PC Customer\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys
[2008-04-14 07:00] - [2008-04-14 07:00] - 0075264 ____A () 1B51F79FB940043B2CC5C99100D94911

C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Avgtdix(9) Gpc(4) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x0A00000006000000010000000200000003000000040000000500000056000000090000000700000008000000
Attention! IpSec Tag value should be 6. Attention! IpSec Tag value is missing and it should be 6.

**** End of log ****



Also, after it ran, an AVG alert popped up that stated: A threat was detected File Name: c:\WINDOWS\system32\drivers\ipsec.sys
Threat Name: Trojan horse Agent_r.ASB

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 AM

Posted 12 March 2012 - 07:33 PM

copy the tools from a clean pc

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#5 A. Linenberger

A. Linenberger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 13 March 2012 - 07:46 AM

TDSSKiller

19:44:32.0187 5052 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
19:44:32.0203 5052 ============================================================
19:44:32.0203 5052 Current date / time: 2012/03/12 19:44:32.0203
19:44:32.0203 5052 SystemInfo:
19:44:32.0203 5052
19:44:32.0203 5052 OS Version: 5.1.2600 ServicePack: 3.0
19:44:32.0203 5052 Product type: Workstation
19:44:32.0203 5052 ComputerName: OWNER-8FBB05830
19:44:32.0203 5052 UserName: EZ-PC Customer
19:44:32.0203 5052 Windows directory: C:\WINDOWS
19:44:32.0203 5052 System windows directory: C:\WINDOWS
19:44:32.0203 5052 Processor architecture: Intel x86
19:44:32.0203 5052 Number of processors: 4
19:44:32.0203 5052 Page size: 0x1000
19:44:32.0203 5052 Boot type: Normal boot
19:44:32.0203 5052 ============================================================
19:44:33.0609 5052 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:44:33.0609 5052 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:44:33.0609 5052 \Device\Harddisk0\DR0:
19:44:33.0609 5052 MBR used
19:44:33.0609 5052 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:44:33.0609 5052 \Device\Harddisk1\DR1:
19:44:33.0609 5052 MBR used
19:44:33.0609 5052 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A380D41
19:44:33.0640 5052 Initialize success
19:44:33.0640 5052 ============================================================
19:44:53.0546 6044 ============================================================
19:44:53.0546 6044 Scan started
19:44:53.0546 6044 Mode: Manual; TDLFS;
19:44:53.0546 6044 ============================================================
19:44:54.0359 6044 Abiosdsk - ok
19:44:54.0375 6044 abp480n5 - ok
19:44:54.0406 6044 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:44:54.0406 6044 ACPI - ok
19:44:54.0437 6044 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:44:54.0437 6044 ACPIEC - ok
19:44:54.0437 6044 adpu160m - ok
19:44:54.0468 6044 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:44:54.0484 6044 aec - ok
19:44:54.0500 6044 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
19:44:54.0500 6044 AFD - ok
19:44:54.0515 6044 Aha154x - ok
19:44:54.0515 6044 aic78u2 - ok
19:44:54.0531 6044 aic78xx - ok
19:44:54.0531 6044 AliIde - ok
19:44:54.0546 6044 amsint - ok
19:44:54.0562 6044 asc - ok
19:44:54.0562 6044 asc3350p - ok
19:44:54.0578 6044 asc3550 - ok
19:44:54.0609 6044 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:44:54.0609 6044 AsyncMac - ok
19:44:54.0625 6044 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:44:54.0625 6044 atapi - ok
19:44:54.0640 6044 Atdisk - ok
19:44:54.0656 6044 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:44:54.0656 6044 Atmarpc - ok
19:44:54.0687 6044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:44:54.0687 6044 audstub - ok
19:44:54.0703 6044 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
19:44:54.0703 6044 AVGIDSDriver - ok
19:44:54.0718 6044 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
19:44:54.0718 6044 AVGIDSEH - ok
19:44:54.0734 6044 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
19:44:54.0734 6044 AVGIDSFilter - ok
19:44:54.0765 6044 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
19:44:54.0765 6044 AVGIDSShim - ok
19:44:54.0765 6044 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
19:44:54.0781 6044 Avgldx86 - ok
19:44:54.0781 6044 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
19:44:54.0781 6044 Avgmfx86 - ok
19:44:54.0796 6044 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
19:44:54.0796 6044 Avgrkx86 - ok
19:44:54.0828 6044 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
19:44:54.0828 6044 Avgtdix - ok
19:44:54.0843 6044 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
19:44:54.0843 6044 BANTExt - ok
19:44:54.0859 6044 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:44:54.0859 6044 Beep - ok
19:44:54.0875 6044 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:44:54.0890 6044 cbidf2k - ok
19:44:54.0890 6044 cd20xrnt - ok
19:44:54.0906 6044 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:44:54.0906 6044 Cdaudio - ok
19:44:54.0921 6044 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:44:54.0921 6044 Cdfs - ok
19:44:54.0937 6044 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:44:54.0937 6044 Cdrom - ok
19:44:54.0953 6044 Changer - ok
19:44:54.0953 6044 CmdIde - ok
19:44:54.0968 6044 Cpqarray - ok
19:44:54.0984 6044 dac2w2k - ok
19:44:55.0000 6044 dac960nt - ok
19:44:55.0000 6044 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:44:55.0015 6044 Disk - ok
19:44:55.0062 6044 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:44:55.0078 6044 dmboot - ok
19:44:55.0109 6044 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:44:55.0109 6044 dmio - ok
19:44:55.0125 6044 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:44:55.0125 6044 dmload - ok
19:44:55.0140 6044 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:44:55.0140 6044 DMusic - ok
19:44:55.0156 6044 dpti2o - ok
19:44:55.0156 6044 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:44:55.0156 6044 drmkaud - ok
19:44:55.0171 6044 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:44:55.0187 6044 Fastfat - ok
19:44:55.0187 6044 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:44:55.0187 6044 Fdc - ok
19:44:55.0203 6044 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:44:55.0203 6044 Fips - ok
19:44:55.0218 6044 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:44:55.0218 6044 Flpydisk - ok
19:44:55.0250 6044 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
19:44:55.0250 6044 FltMgr - ok
19:44:55.0265 6044 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:44:55.0265 6044 Fs_Rec - ok
19:44:55.0281 6044 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:44:55.0281 6044 Ftdisk - ok
19:44:55.0312 6044 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
19:44:55.0312 6044 GEARAspiWDM - ok
19:44:55.0328 6044 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:44:55.0328 6044 Gpc - ok
19:44:55.0343 6044 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:44:55.0343 6044 HDAudBus - ok
19:44:55.0359 6044 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:44:55.0375 6044 HidUsb - ok
19:44:55.0375 6044 hpn - ok
19:44:55.0406 6044 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:44:55.0406 6044 HPZid412 - ok
19:44:55.0453 6044 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:44:55.0453 6044 HPZipr12 - ok
19:44:55.0484 6044 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:44:55.0484 6044 HPZius12 - ok
19:44:55.0531 6044 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
19:44:55.0531 6044 HTTP - ok
19:44:55.0546 6044 i2omgmt - ok
19:44:55.0562 6044 i2omp - ok
19:44:55.0578 6044 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:44:55.0578 6044 i8042prt - ok
19:44:55.0593 6044 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:44:55.0593 6044 Imapi - ok
19:44:55.0609 6044 ini910u - ok
19:44:55.0703 6044 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:44:55.0781 6044 IntcAzAudAddService - ok
19:44:55.0781 6044 IntelIde - ok
19:44:55.0796 6044 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:44:55.0796 6044 intelppm - ok
19:44:55.0812 6044 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
19:44:55.0812 6044 Ip6Fw - ok
19:44:55.0843 6044 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:44:55.0843 6044 IpFilterDriver - ok
19:44:55.0843 6044 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:44:55.0843 6044 IpInIp - ok
19:44:55.0875 6044 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:44:55.0875 6044 IpNat - ok
19:44:55.0906 6044 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
19:44:55.0906 6044 irda - ok
19:44:55.0953 6044 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:44:55.0953 6044 IRENUM - ok
19:44:55.0968 6044 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
19:44:55.0968 6044 irsir - ok
19:44:55.0984 6044 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:44:56.0000 6044 isapnp - ok
19:44:56.0015 6044 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:44:56.0015 6044 Kbdclass - ok
19:44:56.0031 6044 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:44:56.0031 6044 kbdhid - ok
19:44:56.0046 6044 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:44:56.0046 6044 kmixer - ok
19:44:56.0062 6044 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
19:44:56.0078 6044 KSecDD - ok
19:44:56.0078 6044 lbrtfdc - ok
19:44:56.0109 6044 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:44:56.0109 6044 mnmdd - ok
19:44:56.0140 6044 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:44:56.0156 6044 Modem - ok
19:44:56.0156 6044 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:44:56.0156 6044 Mouclass - ok
19:44:56.0171 6044 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:44:56.0171 6044 mouhid - ok
19:44:56.0187 6044 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:44:56.0187 6044 MountMgr - ok
19:44:56.0203 6044 mraid35x - ok
19:44:56.0234 6044 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:44:56.0234 6044 MRxDAV - ok
19:44:56.0265 6044 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:44:56.0265 6044 MRxSmb - ok
19:44:56.0281 6044 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:44:56.0281 6044 Msfs - ok
19:44:56.0312 6044 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:44:56.0312 6044 MSKSSRV - ok
19:44:56.0328 6044 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:44:56.0328 6044 MSPCLOCK - ok
19:44:56.0343 6044 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:44:56.0359 6044 MSPQM - ok
19:44:56.0375 6044 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:44:56.0375 6044 mssmbios - ok
19:44:56.0390 6044 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
19:44:56.0406 6044 Mup - ok
19:44:56.0421 6044 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:44:56.0421 6044 NDIS - ok
19:44:56.0453 6044 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:44:56.0468 6044 NdisTapi - ok
19:44:56.0500 6044 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:44:56.0500 6044 Ndisuio - ok
19:44:56.0531 6044 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:44:56.0531 6044 NdisWan - ok
19:44:56.0546 6044 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
19:44:56.0546 6044 NDProxy - ok
19:44:56.0562 6044 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:44:56.0562 6044 NetBIOS - ok
19:44:56.0593 6044 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:44:56.0593 6044 NetBT - ok
19:44:56.0609 6044 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:44:56.0609 6044 Npfs - ok
19:44:56.0640 6044 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:44:56.0656 6044 Ntfs - ok
19:44:56.0671 6044 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:44:56.0671 6044 Null - ok
19:44:56.0843 6044 nv (18c9b152da7bea76b2f9e4b6412e0aaf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:44:57.0000 6044 nv - ok
19:44:57.0031 6044 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:44:57.0046 6044 NwlnkFlt - ok
19:44:57.0046 6044 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:44:57.0046 6044 NwlnkFwd - ok
19:44:57.0062 6044 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:44:57.0062 6044 Parport - ok
19:44:57.0078 6044 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:44:57.0078 6044 PartMgr - ok
19:44:57.0093 6044 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:44:57.0093 6044 ParVdm - ok
19:44:57.0109 6044 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:44:57.0109 6044 PCI - ok
19:44:57.0125 6044 PCIDump - ok
19:44:57.0140 6044 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:44:57.0140 6044 PCIIde - ok
19:44:57.0156 6044 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:44:57.0156 6044 Pcmcia - ok
19:44:57.0171 6044 PDCOMP - ok
19:44:57.0171 6044 PDFRAME - ok
19:44:57.0187 6044 PDRELI - ok
19:44:57.0187 6044 PDRFRAME - ok
19:44:57.0203 6044 perc2 - ok
19:44:57.0203 6044 perc2hib - ok
19:44:57.0250 6044 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:44:57.0250 6044 PptpMiniport - ok
19:44:57.0265 6044 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:44:57.0265 6044 PSched - ok
19:44:57.0265 6044 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:44:57.0265 6044 Ptilink - ok
19:44:57.0281 6044 ql1080 - ok
19:44:57.0296 6044 Ql10wnt - ok
19:44:57.0296 6044 ql12160 - ok
19:44:57.0312 6044 ql1240 - ok
19:44:57.0312 6044 ql1280 - ok
19:44:57.0328 6044 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:44:57.0343 6044 RasAcd - ok
19:44:57.0359 6044 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
19:44:57.0359 6044 Rasirda - ok
19:44:57.0375 6044 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:44:57.0375 6044 Rasl2tp - ok
19:44:57.0390 6044 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:44:57.0390 6044 RasPppoe - ok
19:44:57.0390 6044 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:44:57.0390 6044 Raspti - ok
19:44:57.0421 6044 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:44:57.0421 6044 Rdbss - ok
19:44:57.0421 6044 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:44:57.0421 6044 RDPCDD - ok
19:44:57.0453 6044 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:44:57.0453 6044 rdpdr - ok
19:44:57.0484 6044 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
19:44:57.0484 6044 RDPWD - ok
19:44:57.0500 6044 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:44:57.0500 6044 redbook - ok
19:44:57.0531 6044 RTL8023xp (223d721e1334425df479b58123c9e886) C:\WINDOWS\system32\DRIVERS\EG1032xp.sys
19:44:57.0531 6044 RTL8023xp - ok
19:44:57.0578 6044 RTLE8023xp (e47c52f0380f0950e2bc9f1bcdc0de9b) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
19:44:57.0578 6044 RTLE8023xp - ok
19:44:57.0609 6044 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:44:57.0609 6044 Secdrv - ok
19:44:57.0625 6044 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:44:57.0625 6044 serenum - ok
19:44:57.0640 6044 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:44:57.0640 6044 Serial - ok
19:44:57.0656 6044 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:44:57.0656 6044 Sfloppy - ok
19:44:57.0687 6044 Sftfs (0692e5bf83b1f10102ba9bd240110b4e) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
19:44:57.0687 6044 Sftfs - ok
19:44:57.0718 6044 Sftplay (07bec1b450fd93dfce7341d41d422ab1) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
19:44:57.0734 6044 Sftplay - ok
19:44:57.0750 6044 Sftredir (3e65185232697f2190bd618ad050034a) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
19:44:57.0750 6044 Sftredir - ok
19:44:57.0781 6044 Sftvol (f372506bc97f14a41fb81bbe3223906b) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
19:44:57.0781 6044 Sftvol - ok
19:44:57.0796 6044 Simbad - ok
19:44:57.0812 6044 Sparrow - ok
19:44:57.0843 6044 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:44:57.0843 6044 splitter - ok
19:44:57.0875 6044 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
19:44:57.0875 6044 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
19:44:57.0875 6044 sptd ( LockedFile.Multi.Generic ) - warning
19:44:57.0875 6044 sptd - detected LockedFile.Multi.Generic (1)
19:44:57.0906 6044 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:44:57.0906 6044 sr - ok
19:44:57.0937 6044 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
19:44:57.0937 6044 Srv - ok
19:44:57.0953 6044 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
19:44:57.0953 6044 StillCam - ok
19:44:57.0968 6044 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:44:57.0968 6044 swenum - ok
19:44:57.0984 6044 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:44:57.0984 6044 swmidi - ok
19:44:58.0000 6044 symc810 - ok
19:44:58.0000 6044 symc8xx - ok
19:44:58.0015 6044 sym_hi - ok
19:44:58.0031 6044 sym_u3 - ok
19:44:58.0031 6044 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:44:58.0031 6044 sysaudio - ok
19:44:58.0062 6044 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:44:58.0062 6044 Tcpip - ok
19:44:58.0093 6044 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:44:58.0093 6044 TDPIPE - ok
19:44:58.0109 6044 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:44:58.0109 6044 TDTCP - ok
19:44:58.0125 6044 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:44:58.0125 6044 TermDD - ok
19:44:58.0140 6044 TosIde - ok
19:44:58.0171 6044 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:44:58.0171 6044 Udfs - ok
19:44:58.0171 6044 ultra - ok
19:44:58.0203 6044 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:44:58.0218 6044 Update - ok
19:44:58.0250 6044 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
19:44:58.0250 6044 USBAAPL - ok
19:44:58.0265 6044 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:44:58.0265 6044 usbccgp - ok
19:44:58.0296 6044 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:44:58.0296 6044 usbehci - ok
19:44:58.0312 6044 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:44:58.0312 6044 usbhub - ok
19:44:58.0328 6044 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:44:58.0343 6044 usbprint - ok
19:44:58.0390 6044 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:44:58.0390 6044 usbscan - ok
19:44:58.0437 6044 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:44:58.0437 6044 USBSTOR - ok
19:44:58.0453 6044 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:44:58.0453 6044 usbuhci - ok
19:44:58.0468 6044 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:44:58.0468 6044 VgaSave - ok
19:44:58.0484 6044 ViaIde - ok
19:44:58.0500 6044 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:44:58.0500 6044 VolSnap - ok
19:44:58.0546 6044 W8335XP (f0bdc2b474e26117ee77bfdba051fb3c) C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys
19:44:58.0546 6044 W8335XP - ok
19:44:58.0562 6044 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:44:58.0562 6044 Wanarp - ok
19:44:58.0562 6044 WDICA - ok
19:44:58.0593 6044 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:44:58.0609 6044 wdmaud - ok
19:44:58.0625 6044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:44:58.0828 6044 \Device\Harddisk0\DR0 - ok
19:44:58.0859 6044 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:44:59.0375 6044 \Device\Harddisk1\DR1 - ok
19:44:59.0375 6044 Boot (0x1200) (d38961c8519bf83755cb360ae3701c49) \Device\Harddisk0\DR0\Partition0
19:44:59.0375 6044 \Device\Harddisk0\DR0\Partition0 - ok
19:44:59.0375 6044 Boot (0x1200) (ca61ad7e121883e767abf74d1d253ee8) \Device\Harddisk1\DR1\Partition0
19:44:59.0375 6044 \Device\Harddisk1\DR1\Partition0 - ok
19:44:59.0375 6044 ============================================================
19:44:59.0375 6044 Scan finished
19:44:59.0375 6044 ============================================================
19:44:59.0390 2988 Detected object count: 1
19:44:59.0390 2988 Actual detected object count: 1
19:45:07.0531 2988 sptd ( LockedFile.Multi.Generic ) - skipped by user
19:45:07.0531 2988 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
19:46:44.0140 4532 Deinitialize success

GMER
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-13 06:47:13
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17 ST3500410SV rev.CV12
Running: tht5i3qq.exe; Driver: C:\DOCUME~1\EZ-PCC~1\LOCALS~1\Temp\kwpcqpoc.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7EBE0D0]
SSDT sptd.sys ZwEnumerateKey [0xB7EC3FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xB7EC4340]
SSDT sptd.sys ZwOpenKey [0xB7EBE0B0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB34BAF3C]
SSDT sptd.sys ZwQueryKey [0xB7EC4418]
SSDT sptd.sys ZwQueryValueKey [0xB7EC4298]
SSDT sptd.sys ZwSetValueKey [0xB7EC44AA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB34BAFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB34BB080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB34BB11C]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB72E53A0, 0x5FE082, 0xE8000020]
.text USBPORT.SYS!DllUnload B727A8AC 5 Bytes JMP 8AB0E3F0
? System32\Drivers\a71wfobk.SYS The system cannot find the path specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EBEAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EBEC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EBEB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EBF748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EBF61E] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AC4B1E8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \FatCdrom 89E65790
Device \FileSystem\Udfs \UdfsCdRom 89DEB1E8
Device \FileSystem\Udfs \UdfsDisk 89DEB1E8
Device \Driver\usbuhci \Device\USBPDO-0 8ABAA410
Device \Driver\usbuhci \Device\USBPDO-1 8ABAA410
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8ACC21E8
Device \Driver\dmio \Device\DmControl\DmConfig 8ACC21E8
Device \Driver\dmio \Device\DmControl\DmPnP 8ACC21E8
Device \Driver\dmio \Device\DmControl\DmInfo 8ACC21E8
Device \Driver\usbuhci \Device\USBPDO-2 8ABAA410
Device \Driver\usbuhci \Device\USBPDO-3 8ABAA410
Device \Driver\usbehci \Device\USBPDO-4 8AB16790
Device \Driver\Ftdisk \Device\HarddiskVolume1 8AC4D1E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8AC4D1E8
Device \Driver\Cdrom \Device\CdRom0 8AACD1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B7E12B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8AACD1E8
Device \Driver\Cdrom \Device\CdRom2 8AACD1E8
Device \Driver\Cdrom \Device\CdRom3 8AACD1E8
Device \Driver\Cdrom \Device\CdRom4 8AACD1E8
Device \Driver\USBSTOR \Device\00000090 89EC2790
Device \Driver\USBSTOR \Device\00000091 89EC2790
Device \Driver\PCI_NTPNP4220 \Device\0000004e sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 8ABAA410
Device \Driver\usbuhci \Device\USBFDO-1 8ABAA410
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89EF9790
Device \Driver\usbuhci \Device\USBFDO-2 8ABAA410
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89EF9790
Device \Driver\usbuhci \Device\USBFDO-3 8ABAA410
Device \Driver\usbehci \Device\USBFDO-4 8AB16790
Device \Driver\Ftdisk \Device\FtControl 8AC4D1E8
Device \Driver\a71wfobk \Device\Scsi\a71wfobk1Port3Path0Target2Lun0 8AAC61E8
Device \Driver\a71wfobk \Device\Scsi\a71wfobk1Port3Path0Target0Lun0 8AAC61E8
Device \Driver\a71wfobk \Device\Scsi\a71wfobk1 8AAC61E8
Device \Driver\a71wfobk \Device\Scsi\a71wfobk1Port3Path0Target1Lun0 8AAC61E8
Device \Driver\a71wfobk \Device\Scsi\a71wfobk1Port3Path0Target3Lun0 8AAC61E8
Device \FileSystem\Fastfat \Fat 89E65790

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs 89A1C790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0x41 0x9F 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x38 0x8A 0x7B 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x77 0xA5 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEB 0xF0 0x5D 0xF9 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0xD2 0xA1 0x04 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x42 0x25 0x35 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x3E 0x41 0x9F 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x38 0x8A 0x7B 0x92 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x11 0x77 0xA5 0x68 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xEB 0xF0 0x5D 0xF9 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xD6 0xD2 0xA1 0x04 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x42 0x25 0x35 0x1F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB41398$\2263785007 0 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319 0 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\cfg.ini 184 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\Desktop.ini 4608 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\L 0 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\L\lytiiuka 75264 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U 0 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U\00000001.@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U\00000002.@ 224768 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U\00000004.@ 1024 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U\80000000.@ 66560 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U\80000004.@ 12800 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\U\80000032.@ 73216 bytes
File C:\WINDOWS\$NtUninstallKB41398$\3209240319\version 858 bytes

---- EOF - GMER 1.0.15 ----

aswMBR

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-13 06:47:31
-----------------------------
06:47:31.984 OS Version: Windows 5.1.2600 Service Pack 3
06:47:31.984 Number of processors: 4 586 0x1707
06:47:31.984 ComputerName: OWNER-8FBB05830 UserName: EZ-PC Customer
06:47:43.906 Initialize success
06:47:51.781 AVAST engine download error: 0
06:49:29.921 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
06:49:29.921 Disk 0 Vendor: WDC_WD5000AAKB-00YSA0 12.01C02 Size: 476940MB BusType: 3
06:49:29.921 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T1L0-17
06:49:29.921 Disk 1 Vendor: ST3500410SV CV12 Size: 476940MB BusType: 3
06:49:30.125 Disk 1 MBR read successfully
06:49:30.125 Disk 1 MBR scan
06:49:30.125 Disk 1 Windows XP default MBR code
06:49:30.250 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63
06:49:30.250 Disk 1 scanning sectors +976752000
06:49:30.593 Disk 1 scanning C:\WINDOWS\system32\drivers
06:49:49.750 Service scanning
06:49:55.937 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
06:49:58.031 Modules scanning
06:50:10.921 Disk 1 trace - called modules:
06:50:10.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x8ac6d8ac]<<
06:50:10.953 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8ac1aab8]
06:50:10.953 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000073[0x8acb79e8]
06:50:10.953 5 ACPI.sys[b7e7d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-17[0x8abf6b00]
06:50:10.953 Scan finished successfully
06:50:48.062 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\EZ-PC Customer\Desktop\MBR.dat"
06:50:48.062 The log file has been saved successfully to "C:\Documents and Settings\EZ-PC Customer\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 AM

Posted 15 March 2012 - 07:43 AM

You're infected by zero access rootkit.We need advanced tools to remove it

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#7 A. Linenberger

A. Linenberger
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 15 March 2012 - 07:54 AM

Thanks for your help!

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:39 AM

Posted 16 March 2012 - 07:24 AM

You're welcome




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users