Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Thanks for helping with hihack's


no techy here

Recommended Posts

Logfile of IObit HijackScan v1.0.2.0

Scan saved at 7:50:23, on 2010-11-20

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Spybot

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\QuickTime\QuickTimePlayer.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [VTTimer] VTTimer.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [iObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart

O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O9 - Extra button: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -

O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D}HPDDRev.DDRevision.1 - http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_22 - http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner (avast! Web Scanner) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service (Lavasoft Ad-Aware Service) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Link to comment
Share on other sites

Hi there NTH, and welcome to the forum :wink:

 

Let's look under the hood, to find the nasty bug causing these redirects.

 

Please follow the instructions from Step 3 from the following topic :

http://forums.iobit.com/showthread.php?t=6216

 

Copy and paste the content of both logs produced by DDS. Use two posts ; one for each log (DDS.txt first).

 

Thanks.

 

===

Link to comment
Share on other sites

Dds

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by Terry at 5:47:21.71 on Mon 11/22/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.735.60 [GMT -7:00]

 

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\QTTask.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\System32\mshta.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\MSN\Toolbar\3.0.1203.0\msntask.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Documents and Settings\Terry\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

mRun: [VTTimer] VTTimer.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Hosts: 127.0.0.1 http://www.spywareinfo.com

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\terry\applic~1\mozilla\firefox\profiles\5njgin75.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc2e023&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-21 64288]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-25 165584]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-11-20 532224]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-25 17744]

R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-11-12 72672]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15264]

S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]

S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

 

=============== Created Last 30 ================

 

2010-11-20 14:00:52 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2010-11-20 14:00:51 -------- d-----w- c:\windows\system32\ZoneLabs

2010-11-20 14:00:47 -------- d-----w- c:\program files\Zone Labs

2010-11-20 13:59:08 -------- d-----w- c:\windows\Internet Logs

2010-11-19 21:55:21 -------- d-----w- c:\program files\CCleaner

2010-11-19 20:11:12 -------- d-----w- c:\windows\system32\en

2010-11-19 20:11:12 -------- d-----w- c:\windows\system32\bits

2010-11-19 20:08:45 -------- d-----w- c:\windows\EHome

2010-11-18 23:20:11 -------- d-----w- c:\windows\system32\wbem\repository\FS

2010-11-18 23:20:11 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-18 23:10:33 -------- d-----w- c:\windows\Downloaded Installations

2010-11-18 23:07:15 -------- d-----w- c:\docume~1\terry\applic~1\AVG10

2010-11-18 23:06:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools

2010-11-18 23:06:10 -------- d-----w- c:\program files\Uniblue

2010-11-12 18:46:58 4280320 ----a-w- c:\windows\system32\GPhotos.scr

2010-11-09 05:23:41 47616 ----a-w- c:\program files\windows media player\msoobci.dll

2010-11-05 19:18:12 -------- d-----w- c:\docume~1\terry\applic~1\ElevatedDiagnostics

2010-11-05 18:42:30 84480 -c--a-w- c:\windows\system32\dllcache\ac97via.sys

2010-11-05 18:42:30 84480 ----a-w- c:\windows\system32\drivers\ac97via.sys

2010-11-04 21:02:10 -------- d-----w- c:\windows\system32\scripting

2010-11-04 21:02:04 -------- d-----w- c:\windows\l2schemas

2010-11-04 20:57:15 -------- d-----w- c:\windows\network diagnostic

2010-11-01 06:29:29 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\Sophos

2010-11-01 05:30:56 -------- d-----w- C:\stdtsa

2010-10-25 22:34:00 38848 ----a-w- c:\windows\avastSS.scr

2010-10-25 22:33:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

2010-10-23 17:20:17 -------- d--h--w- C:\$AVG

2010-10-23 17:01:55 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\AVG Security Toolbar

 

==================== Find3M ====================

 

2010-10-15 02:08:34 278 ----a-w- c:\docume~1\terry\applic~1\jsfhjjsd.bat

2010-09-23 07:46:08 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-09-15 10:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-15 08:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-08 17:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 17:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

 

=================== ROOTKIT ====================

 

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD400BB-00JHA0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

 

device: opened successfully

user: MBR read successfully

 

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83B0E446]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x83b14504]; MOV EAX, [0x83b14580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83B4EAB8]

3 CLASSPNP[0xF7AD8FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000060[0x83BAE6B0]

5 ACPI[0xF7A4F620] -> nt!IofCallDriver[0x804E37D5] -> [0x83B94940]

\Driver\atapi[0x83B55CC0] -> IRP_MJ_CREATE -> 0x83B0E446

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [bP+0x0], CL; INC BP; }

detected disk devices:

\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD400BB-00JHA0______________________05.01C05#5&7288e94&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x83B0E292

user != kernel MBR !!!

sectors 78165358 (+255): user != kernel

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

 

============= FINISH: 5:58:06.32 ===============

Link to comment
Share on other sites

text

 

DDS (Ver_10-11-10.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/25/2005 1:35:47 PM

System Uptime: 11/21/2010 9:10:43 AM (20 hours ago)

 

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6734

Processor: AMD Sempron 2200+ | Socket A | 1498/166mhz

 

==== Disk Partitions =========================

 

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 14.538 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart C6300 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart C6300 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

 

==== System Restore Points ===================

 

RP1182: 11/1/2010 5:42:31 PM - Removed Sophos Anti-Virus

RP1183: 11/1/2010 5:43:22 PM - Removed Sophos Anti-Virus

RP1184: 11/1/2010 5:46:23 PM - Removed Sophos AutoUpdate

RP1185: 11/1/2010 10:11:09 PM - Installed Sophos Anti-Virus

RP1186: 11/1/2010 10:14:25 PM - Installed Sophos AutoUpdate

RP1187: 11/2/2010 2:03:42 AM - Removed Sophos Anti-Virus

RP1188: 11/2/2010 2:06:13 AM - Removed Sophos AutoUpdate

RP1189: 11/2/2010 2:07:40 AM - Removed Sophos confic-a Cleanup Tool.

RP1190: 11/3/2010 9:55:36 AM - System Checkpoint

RP1191: 11/4/2010 2:42:53 PM - Software Distribution Service 3.0

RP1192: 11/6/2010 12:29:26 AM - Installed Windows Media Player 11

RP1193: 11/6/2010 12:36:07 AM - Installed Windows XP MSCompPackV1.

RP1194: 11/7/2010 1:10:11 AM - System Checkpoint

RP1195: 11/8/2010 3:14:53 PM - System Checkpoint

RP1196: 11/8/2010 10:21:05 PM - Installed Windows Media Player 10

RP1197: 11/9/2010 10:25:44 AM - Restore Operation

RP1198: 11/10/2010 4:59:16 PM - System Checkpoint

RP1199: 11/14/2010 12:06:52 PM - System Checkpoint

RP1200: 11/16/2010 4:58:54 PM - Software Distribution Service 3.0

RP1201: 11/17/2010 9:52:12 PM - System Checkpoint

RP1202: 11/18/2010 3:00:44 PM - Removed Google Earth.

RP1203: 11/18/2010 4:01:49 PM - Restore Operation

RP1204: 11/19/2010 1:15:39 PM - Restore Operation

RP1205: 11/20/2010 8:49:37 AM - Installed Windows XP -- Software Updates KB952011.

RP1206: 11/21/2010 10:19:03 AM - System Checkpoint

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

Ad-Aware

Ad-Aware Email Scanner for Outlook

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 8.2.5

Advanced SystemCare 3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Free Antivirus

BearShare

Bonjour

BufferChm

C6300

CCleaner

Coby Media Manager

Compatibility Pack for the 2007 Office system

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Driver Diagnostics

HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4

HP Update

IObit Security 360

iTunes

Java Auto Updater

Java 6 Update 22

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Antimalware

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox (3.6.12)

MSN Toolbar

MSVCRT

MSVCSetup

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Network

Picasa 3

Presto! PageManager 7.15.11

PS_AIO_04_C6300_Software_Min

QuickTime

Realtek AC'97 Audio

S3 S3Gamma2

S3 S3Info2

S3 S3Overlay

Safari

Scan

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Segoe UI

Spelling Dictionaries Support For Adobe Reader 8

Spybot - Search & Destroy

SpywareBlaster 4.4

Toolbox

UniChrome Graphics Driver and Utilities

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Internet Explorer 8 (KB980302)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

WebReg

Windows Backup Utility

Windows Defender Signatures

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Sign-in Assistant

Windows Live Upload Tool

Windows Media Format Runtime

Windows Media Player 10

Windows PowerShell 1.0

Windows XP Service Pack 3

ZoneAlarm

 

==== Event Viewer Messages From Past Week ========

 

11/21/2010 9:11:09 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/21/2010 12:06:37 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/20/2010 7:05:43 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/20/2010 6:46:04 AM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/19/2010 12:54:56 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/19/2010 12:54:55 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00223FE87AD1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

11/19/2010 12:53:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

11/19/2010 12:43:13 AM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 00:23:4E:26:00:B0. Network operations on this system may be disrupted as a result.

11/19/2010 1:14:10 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/18/2010 9:35:19 PM, information: Windows File Protection [64005] - The protected system file moviemk.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Terry. The file version of the bad file is unknown.

11/18/2010 9:23:45 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/18/2010 4:26:40 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

11/18/2010 4:26:34 PM, error: Service Control Manager [7023] - The Microsoft Antimalware Service service terminated with the following error: %%2147949456

11/18/2010 4:26:34 PM, error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.

11/18/2010 4:26:20 PM, error: Print [19] - Sharing printer failed + 1722, Printer HP Photosmart C6300 series share name Printer2.

11/18/2010 4:21:36 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/18/2010 3:01:28 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

11/18/2010 12:55:14 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

11/18/2010 12:55:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Lavasoft Ad-Aware Service service to connect.

11/18/2010 12:55:11 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IS360service service to connect.

11/18/2010 12:55:11 PM, error: Service Control Manager [7000] - The Lavasoft Ad-Aware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/18/2010 12:55:11 PM, error: Service Control Manager [7000] - The IS360service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

11/18/2010 12:19:42 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

11/18/2010 11:10:25 PM, error: Service Control Manager [7022] - The WebClient service hung on starting.

11/18/2010 11:07:20 PM, error: Microsoft Antimalware [5101] - Microsoft Antimalware grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled. Expiration Reason: Windows Activation Technologies genuine validation failed Expiration Date (UTC): 1/1/1601 12:00:00 AM Error Code: 0x80092003 Error Description: An error occurred while reading or writing to a file.

11/18/2010 1:43:55 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1929.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

11/18/2010 1:06:15 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.

11/17/2010 2:00:27 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1929.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

11/16/2010 8:23:39 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

11/16/2010 4:59:02 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows XP Service Pack 3 (KB936929).

11/16/2010 11:24:41 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1929.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

11/16/2010 1:59:12 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1929.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

11/15/2010 11:24:11 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1519.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

11/15/2010 1:59:09 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.93.1519.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6301.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally

 

==== End Of File ===========================

Link to comment
Share on other sites

Hi NTH,

 

Yeah, bang on. MBR rootkit it is. Do not execute what is suggested there, because we have other ways that are more efficient.

 

Here we go :

 

Download TDSSKiller.zip from the folllowing link and save it to your Desktop :

http://support.kaspersky.com/downloads/utils/tdsskiller.zip

 

* Extract (unzip) its contents to your Desktop

* Double-click the TDSSKiller Folder on your Desktop

* Important!: Run this fix once and once only

* Double-click TDSSKiller.exe then click Start scan

* A box will appear saying System scan completed

* If any Malicious objects are found, click the default action Cure > Continue > Reboot now

* If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue

* A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 30.09.2010

* Please post the contents of that log in your next reply

 

=====

 

See you soon.

Link to comment
Share on other sites

Hopefully this is the right log you needed

 

2010/11/22 17:39:29.0093 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12

2010/11/22 17:39:29.0093 ================================================================================

2010/11/22 17:39:29.0093 SystemInfo:

2010/11/22 17:39:29.0093

2010/11/22 17:39:29.0093 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/22 17:39:29.0093 Product type: Workstation

2010/11/22 17:39:29.0093 ComputerName: TERRY

2010/11/22 17:39:29.0093 UserName: Terry

2010/11/22 17:39:29.0093 Windows directory: C:\WINDOWS

2010/11/22 17:39:29.0093 System windows directory: C:\WINDOWS

2010/11/22 17:39:29.0093 Processor architecture: Intel x86

2010/11/22 17:39:29.0093 Number of processors: 1

2010/11/22 17:39:29.0093 Page size: 0x1000

2010/11/22 17:39:29.0093 Boot type: Normal boot

2010/11/22 17:39:29.0093 ================================================================================

2010/11/22 17:39:30.0093 Initialize success

2010/11/22 17:39:42.0390 ================================================================================

2010/11/22 17:39:42.0390 Scan started

2010/11/22 17:39:42.0390 Mode: Manual;

2010/11/22 17:39:42.0390 ================================================================================

2010/11/22 17:39:44.0468 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/11/22 17:39:45.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/22 17:39:45.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/11/22 17:39:45.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/22 17:39:46.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/22 17:39:46.0859 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2010/11/22 17:39:47.0125 ALCXWDM (391344370018a87a6c478ab76c7a47a8) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/11/22 17:39:47.0765 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/11/22 17:39:48.0562 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/11/22 17:39:48.0828 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/11/22 17:39:49.0046 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/11/22 17:39:49.0281 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/11/22 17:39:49.0609 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/11/22 17:39:50.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/22 17:39:50.0328 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/22 17:39:50.0968 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/22 17:39:51.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/22 17:39:51.0656 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/22 17:39:52.0000 BrPar (2fe6d5be0629f706197b30c0aa05de30) C:\WINDOWS\System32\drivers\BrPar.sys

2010/11/22 17:39:52.0468 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/22 17:39:53.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/22 17:39:53.0453 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/22 17:39:53.0718 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/22 17:39:55.0281 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/22 17:39:56.0031 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/22 17:39:56.0812 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/22 17:39:57.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/22 17:39:57.0625 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/22 17:39:57.0921 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys

2010/11/22 17:39:58.0359 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys

2010/11/22 17:39:58.0953 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/22 17:39:59.0578 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/22 17:39:59.0953 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/11/22 17:40:00.0328 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2010/11/22 17:40:00.0687 FETNDISB (d3b19a8bae6c20b4d305c7a72e255eb9) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2010/11/22 17:40:01.0046 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/22 17:40:01.0343 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/11/22 17:40:01.0671 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/22 17:40:01.0984 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/22 17:40:02.0359 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/22 17:40:02.0687 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/11/22 17:40:03.0093 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/22 17:40:03.0546 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/22 17:40:04.0000 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/22 17:40:04.0500 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/22 17:40:04.0640 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/22 17:40:05.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/22 17:40:05.0625 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/22 17:40:05.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/22 17:40:06.0218 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/22 17:40:06.0437 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/22 17:40:06.0734 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/22 17:40:06.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/22 17:40:07.0062 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/22 17:40:07.0265 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/11/22 17:40:07.0625 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/22 17:40:07.0937 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/22 17:40:08.0187 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys

2010/11/22 17:40:08.0578 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/11/22 17:40:09.0343 LxrSII1d (7c12f93c005021861a36c11df951891a) C:\WINDOWS\system32\Drivers\LxrSII1d.sys

2010/11/22 17:40:09.0750 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/22 17:40:10.0125 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/22 17:40:10.0375 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2010/11/22 17:40:10.0609 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/22 17:40:10.0703 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/22 17:40:10.0890 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/22 17:40:11.0046 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/11/22 17:40:11.0468 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/22 17:40:11.0890 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/22 17:40:12.0218 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/22 17:40:12.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/22 17:40:12.0921 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/22 17:40:13.0203 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/22 17:40:13.0500 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/22 17:40:13.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/22 17:40:13.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/22 17:40:14.0250 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/22 17:40:14.0546 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/22 17:40:14.0859 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/22 17:40:15.0171 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/22 17:40:15.0281 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/22 17:40:15.0609 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/22 17:40:15.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/22 17:40:16.0125 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/22 17:40:16.0687 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/22 17:40:16.0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/22 17:40:17.0312 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/22 17:40:17.0656 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/11/22 17:40:18.0078 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/22 17:40:18.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/22 17:40:18.0421 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/22 17:40:18.0750 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/11/22 17:40:19.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/22 17:40:20.0109 PRISM_A02 (57e95881e5f014816a8a53ad94ee0c48) C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys

2010/11/22 17:40:20.0375 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/22 17:40:20.0671 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/22 17:40:21.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/22 17:40:21.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/22 17:40:21.0765 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/22 17:40:21.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/22 17:40:22.0234 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/22 17:40:22.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/22 17:40:22.0859 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/22 17:40:23.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/22 17:40:23.0343 RT73 (7436bfd3a542cf6ff55097200031b293) C:\WINDOWS\system32\DRIVERS\rt73.sys

2010/11/22 17:40:23.0687 RTL8023 (3dee06e12bac87168089040d3c86fbea) C:\WINDOWS\system32\DRIVERS\GA311ND5.SYS

2010/11/22 17:40:24.0015 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/22 17:40:24.0328 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/11/22 17:40:24.0593 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/11/22 17:40:24.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/11/22 17:40:25.0390 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/22 17:40:25.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/22 17:40:25.0890 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/22 17:40:26.0234 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2010/11/22 17:40:26.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/22 17:40:26.0687 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/22 17:40:27.0109 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/22 17:40:27.0359 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/22 17:40:27.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/22 17:40:27.0750 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/22 17:40:27.0937 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/22 17:40:28.0359 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

2010/11/22 17:40:28.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/22 17:40:28.0921 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/22 17:40:29.0203 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/11/22 17:40:29.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/22 17:40:29.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/22 17:40:29.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/22 17:40:29.0875 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/22 17:40:30.0046 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/22 17:40:30.0343 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/22 17:40:30.0687 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/22 17:40:30.0937 USRpdA (497f2190e87d58fd68e559e083796edc) C:\WINDOWS\system32\DRIVERS\USRpdA.sys

2010/11/22 17:40:31.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/22 17:40:31.0406 viagfx (29d6a65fdc694cb1ef2cc6bbe5f79b3b) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2010/11/22 17:40:31.0703 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/11/22 17:40:31.0984 VIAudio (819bf44085104be6527b86a88acf856b) C:\WINDOWS\system32\drivers\ac97via.sys

2010/11/22 17:40:32.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/22 17:40:32.0359 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys

2010/11/22 17:40:32.0750 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/22 17:40:32.0984 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/22 17:40:33.0453 Winachcf (ddb6b2d33bb299664f1470ed4e83c389) C:\WINDOWS\system32\DRIVERS\winachcf.sys

2010/11/22 17:40:34.0156 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/22 17:40:34.0296 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/22 17:40:34.0437 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/22 17:40:34.0437 ================================================================================

2010/11/22 17:40:34.0437 Scan finished

2010/11/22 17:40:34.0437 ================================================================================

2010/11/22 17:40:34.0468 Detected object count: 1

2010/11/22 17:41:32.0718 \HardDisk0 - will be cured after reboot

2010/11/22 17:41:32.0718 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/11/22 17:41:38.0609 Deinitialize success

Link to comment
Share on other sites

O My Gosh

 

I think you have led me to the fix, I've been looking for for more than two months......I was just on my home page (msn) and used the (bing) search bar for ESPN sports. Instead of the usual redirects I was getting if I used the link on bing....I actually got to the ESPN site.......you my friend are amazing!!!

Link to comment
Share on other sites

Hi NTH,

 

That's good to hear :wink:

 

These infections are everywhere. If I were to venture a guess as to how you got it, I'd have to say BearShare...

 

Ok, nice job there. You can delete TDSSKiller.zip, the TDSSKiller folder and the log it created on C:\

 

A few more issues to deal with, but nothing major. There's a trace of an infection contracted in mid October that we'll deal with, but also your antivirus situation which is less than ideal. Some old and/or ineffective programs to remove as well :

=====

 

Please go to Control Panel > Add/Remove Programs and uninstall/delete the following :

 

- Ad-Aware (not effective, you'll have to trust me on that one...)

- Ad-Aware Email Scanner for Outlook

- Adobe Reader 8.2.5 (old version, full of security holes)

- BearShare (hey, just a suggestion... malware magnet..)

- Spybot - Search & Destroy (again, trust me... not keeping up with malware..)

 

**As far as Zone Alarm goes, if you have the free version, then you can do a lot better for the same price (meaning $0)... so just ask and I shall suggest.

 

Exit Control Panel when done.

 

Now you should only have one antivirus : Avast!5, which is alright.

Having dumped Ad-Aware and SpyBot, I'll have you run a more modern program (Free version), capable of handling many of today's malware. This one should rid you of malware traces I spotted :

 

Please download MBAM Public Beta 1.50 from the following link and save it to your Desktop :

http://data-cdn.mbamupdates.com/v0/beta/program/data/mbam-setup-1.50-beta.exe

 

- Run the setup file to install the program.

* If you already have another version of MBAM installed, this one will install on top of it, no problems.

- At the end, be sure a checkmark is placed next to the following:

 

* Update Malwarebytes' Anti-Malware

* Launch Malwarebytes' Anti-Malware

 

- Then click Finish.

- If an update is found, it will download and install the latest version.

- Once the program has loaded, select Perform quick scan, then click Scan.

- When the scan is complete, click OK, then Show Results to view the results.

- Be sure that everything is checked, and click Remove Selected.

- When completed, a log will open in Notepad and if required the program will ask you to reboot to remove locked files.

- Save that logfile to your Desktop and allow the program to reboot, if necessary.

- Please Copy/Paste the content of this log here.

 

===

===

 

Edit : I almost forgot... You need the latest version of Adobe Reader (version "X"), which you'll find here >>

http://get.adobe.com/reader/

 

Let me know if there are any other issues with the machine as well.

 

Thanks.

 

==============================

Link to comment
Share on other sites

Malware log...you are so good at this...

 

Malwarebytes' Anti-Malware 1.50 Public Beta

http://www.malwarebytes.org

 

Database version: 5176

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

11/23/2010 11:42:38 AM

mbam-log-2010-11-23 (11-42-38).txt

 

Scan type: Quick scan

Objects scanned: 154661

Time elapsed: 9 minute(s), 54 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\D (Trojan.Agent) -> Quarantined and deleted successfully.

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\documents and settings\Terry\application data\jsfhjjsd.bat (Malware.Trace) -> Quarantined and deleted successfully.

 

 

You know I figured it was the bear share. I have a young man living with us, that we are trying to get back on the right road. The problems began, shortly after he installed this P2P crap. I thought I had removed it...maybe I just deleted the shortcut. It does not appear on the add/remove list????

 

I will gladly accept any suggestions you mave have regarding zone alarm, avast, etc. Another small problem I am having, is that I have no volume whatsoever, when I play wvm. or similar applications on any of the players I have. Perhaps windows media player is corrupted, and I should unintall/reinstall it. I have been trying to use a suggestion from a friend, using run/services/msc and then restarting services. It allows volume for awhile but then it goes away...golly my puter is starting to run like brand new...I have not had one search redirect, since you started to help me...thanks again for your time...sincerely NTH

Link to comment
Share on other sites

Hi NTH,

 

I'm just glad I could help. Nothing worse for the computing experience than getting redirects all the time :evil:

 

And I know what you mean about that young man. Computers make it so easy to get into trouble nowadays, especially for the young and adventurous.

About Bearshare : the only thing I saw in the logs was that entry in "Add/Remove Programs". If it's no longer there, then you may have uninstalled it properly. You can check for the presence of "C:\Program Files\Bearshare" folder ; if found, look inside and try to find an uninstaller file. Run that uninstaller, if found.

 

You're fine with Avast!5 Free. Ad-Aware came with its own antivirus and you don't want two competing antivirus programs on the machine. Ad-Aware just plain doesn't cut it, so best to leave it off the machine.

 

Now for Zone Alarm : the free version has become a real PITA. Annoying reminders to get the Pro version and, worse, they've stripped it down so bad (the free one) it doesn't do much anymore. You have real and modern programs such as Online Armor, Agnitum Outpost and Sunbelt's Personal Firewall that are offered in both Free and Pro versions, with Free versions nicely stacked with goodies. Try them out.

 

The sound problem : not really my cup of tea, but I'm willing to look for you. I need a little more info though. You mentionned WMP having problems and some other players as well ? Does sound work OK for other stuff like streaming videos (YouTube, etc..), music CDs, movies, etc..?

You also mentionned tinkering with some Services ; could you tell me which Services please ?

You could re-install WMP, but if other players are affected, the problem might be elsewhere. Have you updated the sound card software (driver) recently ?

 

Thanks..

 

===============

Link to comment
Share on other sites

You are the BEST

 

My friend, I don't know where you call home, but if your're ever in the western part of the US, give me a shout and I'll take you to dinner. I half suspect you are in the UK, just based on some of the wording you use. We're having Turkey today in the US, Pilgrims, Thanksgiving and the like....I would gladly have you over for some....

 

I went to microsoft and downloaded the realteck driver updates....and...sure enough it brought my volume back to life. I installed the Online Armor...it looked like it was rated about the highest. You have taken care of all the headaches, I've been having for the last two months, in as many days...Thank you again, you are a Godsend...NTH:grin:

Link to comment
Share on other sites

Hi NTH,

 

Those very kind words are all the reward I could hope for. But Thanksgiving dinner sounds... nummy ! Hahaha. I'm somewhere North of the border, so not that far, although a little more East than West. We celebrated Thanksgiving back in early October.

 

I hope you're enjoying a great dinner :grin:

 

I'll stop by later with some spring cleaning instructions. I wouldn't think of making you work on TG evening ;-)

 

===

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...