Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm pretty sure I'm infected but malwarebytes says I'm clean?


  • Please log in to reply
4 replies to this topic

#1 boho2112

boho2112

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 23 November 2013 - 11:08 AM

I think I have a deep insidious rootkit.  A few people have said they got the hello email spam from my name but it was not my email address?

 

Also IE 9 was/is locking up up and taking forever on some downloads when I have a 10mb pipe.  So I tried updating the browser to IE 11 and it was taking hours for Windows update to download and install this 50mb patch (at least that's what it said it was while trying the patch), so after 3-4 hours of supposedly downloading I canceled, rebooted and logged in to a local Admin account and tried to do the update again, and it started off fast but then slowed down again heavily, like a rootkit grabbed the install and was slowing it down.  it finally installed IE 11 and rebooted into the normal domain account and within IE it still is not fully right, I've booted IE into safe mode and have disabled extensions but sure seems like a virus.

 

I found your forum on the Hello Virus and ran the DDS file and in the bottom of the text file it says, Warning: possible TDL3 rootkit infection !

 

So I tried to download and install the gmer tool and it would not allow the random name file nor the direct name file from that site, I could not even go to that site gmer.net nor can I still, went on another computer, downloaded and copied to my computer and have tried running the tool multiple times and it always crashes at the volume shadow copy portion.

 

I have a Dell latitude E6501 with an I5 processor 4gb of ram running win 7 pro 32bit.

 

I called Dell tech support to rule out hardware (and we did) and with Dell we even went into MSCONFIG and turned off  services and startup items not needed but still having issues.

What's next to find and kill this rootkit or malware?

 

Thanks,

 

Dan



BC AdBot (Login to Remove)

 


#2 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 23 November 2013 - 06:32 PM

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#3 boho2112

boho2112
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 23 November 2013 - 09:26 PM

The tool did not find anything?  So I ran the DDS tool and here are the logs from that:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by Shanon at 18:21:06 on 2013-11-23
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.2985.1096 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\aestsrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Novatel Wireless\Gobi\QDLService\GobiQDLService.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\srvany.exe
C:\Program Files\Dantz\Client\Remotsvc.exe
C:\Windows\system32\SDIOAssist.exe
C:\Program Files\Dantz\Client\retroclient.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Sage\LS1\ServiceHost\1.1\Sage.LS1.ServiceHost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Dell\Dell Mobile Broadband Manager\WirelessManager.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Novatel Wireless\MobiLink3\MobiLink3.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Users\Shanon\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
C:\Users\Shanon\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Shanon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_152_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.facebook.com/#!/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WirelessManager] "c:\program files\dell\dell mobile broadband manager\WirelessManager.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MobiLink 3] c:\program files\novatel wireless\mobilink3\MobiLink3.exe
uRun: [Akamai NetSession Interface] "c:\users\shanon\appdata\local\akamai\netsession_win.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [FreeFallProtection] c:\program files\stmicroelectronics\accelerometerp11\FF_Protection.exe
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dw wlan card\WLTRAY.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\70d03472-2721-4f22-bf8d-4b0c2522248a.exe /check
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NUSB3MON] "c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
StartupFolder: c:\users\shanon\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shanon\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cinefo~1.lnk - c:\program files\cineform\tools\GoProCineFormStatusViewer.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellsy~1.lnk - c:\program files\dell\dell system manager\DCPSysMgr.exe
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Trusted Zone: citrixonline.com
Trusted Zone: dell.com
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1058
TCP: Interfaces\{1391535E-D181-4191-9A66-EECEFFF9C840} : DHCPNameServer = 172.16.1.1
TCP: Interfaces\{2880073D-1B9F-4FDA-8AA6-991DE30105BA} : NameServer = 66.1.61.7 68.29.1.7
TCP: Interfaces\{80A135AB-9EA0-4795-A918-B8863FC2C4F9} : NameServer = 192.168.1.3,192.168.1.2
TCP: Interfaces\{80A135AB-9EA0-4795-A918-B8863FC2C4F9} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\windows\system32\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-8-16 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-8-16 178304]
R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2013-3-11 25376]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\drivers\stdcfltn.sys [2012-10-5 17648]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-8-16 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-8-16 403440]
R1 nvkflt;nvkflt;c:\windows\system32\drivers\nvkflt.sys [2013-3-11 197920]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\idt\wdm\AEstSrv.exe [2012-10-5 81920]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-8-16 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-8-16 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-23 50344]
R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-2 1678040]
R2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\dell\dell system manager\DCPSysMgrSvc.exe [2011-1-20 388464]
R2 GobiQDLService;Novatel Wireless Gobi Download Service;c:\program files\novatel wireless\gobi\qdlservice\GobiQDLService.exe [2011-2-23 324440]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2012-10-5 110752]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-9-23 47640]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-11-22 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-11-22 701512]
R2 NvtlService;NovaCore SDK Service;c:\program files\novatel wireless\novacore\server\NvtlSrvr.exe [2011-2-11 92504]
R2 O2SDIOAssist;O2SDIOAssist;c:\windows\system32\srvany.exe [2012-10-5 8192]
R2 Retrospect Client;Retrospect Client;c:\program files\dantz\client\RemotSvc.exe [2012-10-18 57344]
R2 Sage.LS1.ServiceHost.1.1;Sage Service Host (v1.1);c:\program files\common files\sage\ls1\servicehost\1.1\Sage.LS1.ServiceHost.exe [2008-12-16 106496]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-10 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-10-5 2656280]
R2 Viewpoint Service;Viewpoint Service;c:\program files\viewpoint\common\ViewpointService.exe [2012-10-8 30152]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2012-10-5 43888]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-2 174936]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\drivers\btwampfl.sys [2013-10-2 144600]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-10-6 33320]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-11-22 22856]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2012-10-5 41088]
R3 nwdelgobi3kfilter;Dell Wireless Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\drivers\nwdelgobi3kfilter.sys [2010-12-25 27264]
R3 nwdelgobimbb;Dell Wireless Gobi 3000 Mobile Broadband Network Adapter Service;c:\windows\system32\drivers\nwdelgobimbb.sys [2011-2-23 330240]
R3 nwdelserial;Dell Wireless Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\nwdelserial.sys [2011-2-23 191488]
R3 O2MDRRDR;O2MDRRDR;c:\windows\system32\drivers\O2MDRw7.sys [2011-1-4 62440]
R3 O2SDJRDR;O2SDJRDR;c:\windows\system32\drivers\o2sdjw7.sys [2011-1-4 63848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-20 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-25 14848]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-25 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-25 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-10-6 1343400]
.
=============== Created Last 30 ================
.
2013-11-24 00:39:37 62576 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72ffb0e1-d5ab-4b71-a398-f653fb2e2301}\offreg.dll
2013-11-23 22:04:04 -------- d-----w- c:\users\shanon\appdata\roaming\AVAST Software
2013-11-23 08:06:58 -------- d-----w- c:\program files\CCleaner
2013-11-23 07:46:11 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-23 07:46:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-23 07:20:15 -------- d-----w- c:\program files\My Dell
2013-11-22 13:27:25 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{72ffb0e1-d5ab-4b71-a398-f653fb2e2301}\mpengine.dll
2013-11-13 15:54:58 1796096 ------w- c:\windows\system32\authui.dll
2013-11-09 18:48:03 -------- d-----w- c:\users\shanon\appdata\roaming\Dell
2013-11-09 18:46:31 -------- d-----w- c:\programdata\PCDr
2013-11-09 18:41:16 -------- d-----w- c:\users\shanon\appdata\roaming\PCDr
2013-11-09 17:55:37 -------- d-----w- c:\windows\pss
2013-11-09 17:46:46 -------- d-----w- c:\programdata\Citrix
2013-11-09 17:45:55 103272 ----a-w- c:\users\shanon\GoToAssistDownloadHelper.exe
2013-11-07 18:21:36 -------- d-----w- c:\program files\iPod
2013-11-07 18:21:35 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-11-07 18:21:35 -------- d-----w- c:\program files\iTunes
2013-11-03 14:21:38 94632 ------w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M  ====================
.
2013-11-23 21:55:46 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-23 21:55:46 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-23 21:55:46 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-23 21:55:46 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-23 21:55:46 43152 ----a-w- c:\windows\avastSS.scr
2013-11-23 21:55:46 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-13 22:55:08 71048 ------w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-13 22:55:08 692616 ------w- c:\windows\system32\FlashPlayerApp.exe
2013-11-11 13:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-28 18:02:24 86888 ------w- c:\windows\system32\LMIRfsClientNP.dll
2013-10-28 18:02:23 53064 ------w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-10-28 18:02:21 31560 ------w- c:\windows\system32\LMIport.dll
2013-10-28 18:02:20 85832 ------w- c:\windows\system32\LMIinit.dll
2013-10-12 02:03:08 656896 ------w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41 679424 ------w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25 216576 ------w- c:\windows\system32\FWPUCLNT.DLL
2013-10-10 20:35:10 9584 ------w- c:\windows\system32\ractrlkeyhook.dll
2013-10-05 19:57:25 1168384 ------w- c:\windows\system32\crypt32.dll
2013-10-04 01:58:50 152576 ------w- c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ------w- c:\windows\system32\credui.dll
2013-10-03 01:58:07 305152 ------w- c:\windows\system32\gdi32.dll
2013-10-03 01:02:14 60120 ------w- c:\windows\system32\btwdi.dll
2013-10-03 01:02:14 1678040 ------w- c:\windows\system32\BtwRSupportService.exe
2013-10-03 01:02:12 174936 ------w- c:\windows\system32\drivers\bcbtums.sys
2013-10-03 01:02:12 1640152 ------w- c:\windows\system32\BcmBtRSupport.dll
2013-10-03 01:02:12 144600 ------w- c:\windows\system32\drivers\btwampfl.sys
2013-09-25 02:01:08 136640 ------w- c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06 67520 ------w- c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46 99840 ------w- c:\windows\system32\sspicli.dll
2013-09-25 01:57:26 22016 ------w- c:\windows\system32\secur32.dll
2013-09-25 01:57:24 247808 ------w- c:\windows\system32\schannel.dll
2013-09-25 01:56:42 220160 ------w- c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02 1038848 ------w- c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20 22016 ------w- c:\windows\system32\lsass.exe
2013-09-25 00:49:18 15872 ------w- c:\windows\system32\sspisrv.dll
2013-09-14 00:48:58 338944 ------w- c:\windows\system32\drivers\afd.sys
2013-09-08 02:07:12 1294272 ------w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58 231424 ------w- c:\windows\system32\mswsock.dll
2013-09-04 01:15:32 258560 ------w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 01:14:52 76288 ------w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 01:14:52 284672 ------w- c:\windows\system32\drivers\usbport.sys
2013-09-04 01:14:45 43008 ------w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 01:14:45 20480 ------w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 01:14:43 24064 ------w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 01:14:40 6016 ------w- c:\windows\system32\drivers\usbd.sys
2013-08-29 01:51:45 3969472 ------w- c:\windows\system32\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ------w- c:\windows\system32\ntoskrnl.exe
2013-08-29 01:50:30 1289096 ------w- c:\windows\system32\ntdll.dll
2013-08-29 01:50:16 619520 ------w- c:\windows\system32\tdh.dll
2013-08-29 01:48:17 640512 ------w- c:\windows\system32\advapi32.dll
2013-08-28 01:04:30 2348544 ------w- c:\windows\system32\win32k.sys
2013-08-28 00:57:20 434688 ------w- c:\windows\system32\scavengeui.dll
.
============= FINISH: 18:21:44.46 ===============

 

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/5/2012 8:17:55 PM
System Uptime: 11/23/2013 2:39:46 PM (4 hours ago)
.
Motherboard: Dell Inc. |  | 0J4TFW
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz | CPU 1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 165.615 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Controller
Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108
Manufacturer: Microsoft
Name: High Definition Audio Controller
PNP Device ID: PCI\VEN_10DE&DEV_0E08&SUBSYS_14941028&REV_A1\4&143E46F0&0&0108
Service: HDAudBus
.
Class GUID:
Description: Broadcom USH
Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Manufacturer:
Name: Broadcom USH
PNP Device ID: USB\VID_0A5C&PID_5800&MI_00\7&66DE6C9&0&0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: DW1530 Wireless-N WLAN Half-Mini Card
Device ID: PCI\VEN_14E4&DEV_4359&SUBSYS_00111028&REV_00\4&3A9F0C31&0&00E1
Manufacturer: Broadcom
Name: DW1530 Wireless-N WLAN Half-Mini Card
PNP Device ID: PCI\VEN_14E4&DEV_4359&SUBSYS_00111028&REV_00\4&3A9F0C31&0&00E1
Service: BCM43XX
.
==== System Restore Points ===================
.
RP156: 11/19/2013 10:12:45 AM - Windows Update
RP157: 11/20/2013 9:42:23 PM - Windows Update
RP159: 11/23/2013 1:45:19 PM - avast! antivirus system restore point
.
==== Installed Programs ======================
.
AccelerometerP11
Adobe Acrobat  9 Standard - English, Français, Deutsch
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Dell Mobile Broadband Manager
Dell Mobile Broadband Utility
Dell System Manager
Dell Wireless 5630 Mobile Broadband Drivers
Dropbox
DW WLAN Card Utility
FileMaker Pro 5.5
Google Chrome
Google Update Helper
GoPro CineForm Studio 1.3.2
HomeManage 2011
iCloud
IDT Audio
InstallVC90Support
Intel® Management Engine Components
Intel® Network Connections 15.7.176.1
Intel® Processor Graphics
iSEEK AnswerWorks English Runtime
iTunes
Java 7 Update 45
Java Auto Updater
join.me
KONICA MINOLTA PageScope Network Setup
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Diagnostic Tool
MotoHelper MergeModules
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
NVIDIA 3D Vision Driver 311.00
NVIDIA Control Panel 311.00
NVIDIA Graphics Driver 311.00
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA nView 136.53
NVIDIA Optimus 1.11.3
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
O2Micro Flash Memory Card Windows Driver
ORGdesign version Auto Update
Quicken 2013
QuickTime
Renesas Electronics USB 3.0 Host Controller Driver
Retrospect Client 7.0
Sage Master Builder 15
Sage Master Builder Licensing 1.1
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
WIDCOMM Bluetooth Software
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 )
.
==== Event Viewer Messages From Past Week ========
.
11/23/2013 8:17:06 AM, Error: Service Control Manager [7034]  - The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
11/23/2013 8:15:39 AM, Error: Service Control Manager [7022]  - The NVIDIA Update Service Daemon service hung on starting.
11/23/2013 8:11:37 AM, Error: Service Control Manager [7031]  - The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
11/23/2013 8:11:37 AM, Error: Service Control Manager [7024]  - The Windows Search service terminated with service-specific error %%-1073473535.
11/23/2013 6:09:43 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067]  - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
11/23/2013 6:07:10 PM, Error: NETLOGON [5719]  - This computer was not able to set up a secure session with a domain controller in domain MDB due to the following:  There are currently no logon servers available to service the logon request.  This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.   ADDITIONAL INFO  If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
11/23/2013 4:39:03 PM, Error: Service Control Manager [7031]  - The avast! Antivirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
11/23/2013 2:04:07 PM, Error: NetBT [4307]  - Initialization failed because the transport refused to open initial addresses.
11/23/2013 2:03:29 PM, Error: Microsoft-Windows-GroupPolicy [1129]  - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
11/23/2013 1:55:53 PM, Error: Service Control Manager [7030]  - The avast! Antivirus service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================

 



#4 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 5,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:09:59 AM

Posted 23 November 2013 - 10:25 PM

If you are still having problems with your computer after completing these instructions, then please follow the steps outlined in the topic linked below:

 

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

 

....starting at step 6....however you have already downloaded and run DDS, so simply post the log there .

 

Good Luck !

 


Condobloke ...Outback Australian  

 

fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

 

Microsoft gives you Windows, Linux gives you the whole house...

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

#5 boho2112

boho2112
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:59 PM

Posted 26 November 2013 - 01:21 PM

Ok Now I'm back to see if I have any malware installed or not??

 

Ran the above links and it found no malware, but today someone I know received another Hello Virus email from my Name but not my email?

 

IE 11 is still not responding or is very slow to going to new pages....

 

I posted this info at this link as no one responded since Saturday/Sunday.  And I'm not sure if this topic should be back here or not?

 

http://www.bleepingcomputer.com/forums/t/515213/ran-the-tdl-killer-and-found-nothingbut-still-not-running-right/






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users