TechSpot

8 step removal guide finshed

By trisha
Feb 2, 2011
  1. hi my computer keeps coming up with virus mesages that my anti virus seems to not able to delete ,also firewall wont come on


    Malwarebytes' Anti-Malware 1.42
    Database version: 3289
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/02/2011 5:12:37 PM
    mbam-log-2011-02-02 (17-12-28).txt

    Scan type: Quick Scan
    Objects scanned: 102759
    Time elapsed: 27 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. trisha

    trisha TS Rookie Topic Starter

    GMER log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-02-02 17:14:01
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD800JD-00JNC0 rev.05.01C05
    Running: z22e2cb7.exe; Driver: C:\DOCUME~1\s\LOCALS~1\Temp\kfncraoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    SSDT spkn.sys ZwEnumerateKey [0xF74AADA4]
    SSDT spkn.sys ZwEnumerateValueKey [0xF74AB132]

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86C9157B
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F73E6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86C9157B
    Device \Driver\atapi \Device\Ide\IdePort0 [F73E6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86C9157B
    Device \Driver\atapi \Device\Ide\IdePort1 [F73E6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86C9157B
    Device \Driver\atapi \Device\Ide\IdePort2 [F73E6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86C9157B
    Device \Driver\atapi \Device\Ide\IdePort3 [F73E6B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\aagkpi0p \Device\Scsi\aagkpi0p1 86B351F8
    Device \Driver\aagkpi0p \Device\Scsi\aagkpi0p1Port4Path0Target0Lun0 86B351F8
    Device 86DD61F8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device 86459500
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD800JD-00JNC0______________________05.01C05#5&1c0c503c&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
     
  3. trisha

    trisha TS Rookie Topic Starter

    DDS log

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/06/2009 6:09:23 PM
    System Uptime: 2/02/2011 7:43:17 PM (0 hours ago)

    Motherboard: Intel Corporation | | D915PGN
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 13.358 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
    Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    Device ID: ACPI\PNP0303\4&2D2D400&0
    Manufacturer: (Standard keyboards)
    Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
    PNP Device ID: ACPI\PNP0303\4&2D2D400&0
    Service: i8042prt

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: MPU-401 Compatible MIDI Device
    Device ID: ROOT\MEDIA\0000
    Manufacturer: Microsoft
    Name: MPU-401 Compatible MIDI Device
    PNP Device ID: ROOT\MEDIA\0000
    Service: ms_mpu401

    ==== System Restore Points ===================

    RP391: 22/01/2011 1:51:38 AM - Created By FixIEDef
    RP392: 25/01/2011 6:31:57 PM - System Checkpoint
    RP393: 28/01/2011 12:41:20 PM - System Checkpoint
    RP394: 30/01/2011 12:23:49 PM - System Checkpoint
    RP395: 1/02/2011 3:53:32 PM - System Checkpoint

    ==== Installed Programs ======================

    ACDSee 6.0 Standard
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 8.1.0
    Age of Empires III
    Age of Empires III - The Asian Dynasties
    Age of Empires III - The WarChiefs
    Akamai NetSession Interface
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    Bonjour
    CCleaner
    DAEMON Tools Toolbar
    Game Booster
    Google Talk Plugin
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) PRO Network Connections 11.2.0.69
    IsoBuster 2.5.5
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java(TM) 6 Update 23
    Junk Mail filter update
    LightScribe 1.4.136.1
    Malwarebytes' Anti-Malware
    Maya 2010
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2000 Premium
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML4 Parser
    Nero 8 Essentials
    neroxml
    NVIDIA Drivers
    Pando Media Booster
    PDF Settings CS5
    Phoenix Viewer 1.5.2.818
    QuickTime
    Realtek High Definition Audio Driver
    Registry Mechanic 5.2
    Restaurant Empire 2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 5.0
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoLAN VLC media player 0.8.6d
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format Runtime
    WinRAR archiver
    WinZip 14.5
    XoftSpySE
    Yahoo! Software Update
    Yahoo!7 Messenger
    ZBrush3

    ==== Event Viewer Messages From Past Week ========

    28/01/2011 8:28:24 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    28/01/2011 2:55:37 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    28/01/2011 2:31:24 PM, error: Service Control Manager [7022] - The Automatic Updates service hung on starting.
    28/01/2011 11:09:50 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    27/01/2011 1:58:03 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
    26/01/2011 5:54:42 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    26/01/2011 5:54:22 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0013209EAF5A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    26/01/2011 5:36:06 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    26/01/2011 5:35:57 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:17 PM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:17 PM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:16 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:16 PM, error: Service Control Manager [7034] - The Nero BackItUp Scheduler 3 service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:16 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:16 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:16 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    2/02/2011 4:10:16 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/02/2011 4:07:35 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000007F' while processing the file 'NeroDigital.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    2/02/2011 3:13:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/02/2011 2:39:32 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2/02/2011 2:38:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/02/2011 2:37:26 PM, error: sptd [4] - Driver detected an internal error in its data structures for .
    2/02/2011 1:29:17 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.

    ==== End Of File ===========================
     
  4. crunchie

    crunchie Malware Helper Posts: 728

    Hi and welcome to TechSpot forums :).

    ====

    Please update MalwareBytesAnti_Malware, run a scan as described in the 8 step guide, reboot and post it's log.
     
  5. trisha

    trisha TS Rookie Topic Starter

    new Malware scan log

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5658

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/02/2011 9:34:09 PM
    mbam-log-2011-02-02 (17-12-28).txt

    Scan type: Quick scan
    Objects scanned: 150128
    Time elapsed: 13 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 3
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\userinit.exe (Heuristics.Shuriken) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\IS2010 (Rogue.InternetSecurity2010) -> No action taken.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{613DDE72-F900-B6EE-1DC6-FDC3296A487F} (Trojan.ZbotR.Gen) -> Value: {613DDE72-F900-B6EE-1DC6-FDC3296A487F} -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{CE845448-760C-501C-5FB2-29AF8710037B} (Trojan.ZbotR.Gen) -> Value: {CE845448-760C-501C-5FB2-29AF8710037B} -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{1457B407-6426-B43A-1138-4471962BC984} (Trojan.ZbotR.Gen) -> Value: {1457B407-6426-B43A-1138-4471962BC984} -> No action taken.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\documents and settings\s\application data\systemproc (Trojan.Agent) -> No action taken.
    c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d} (Worm.Prolaco.M) -> No action taken.
    c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome (Worm.Prolaco.M) -> No action taken.
    c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content (Worm.Prolaco.M) -> No action taken.

    Files Infected:
    c:\WINDOWS\system32\videot.exe (Heuristics.Shuriken) -> No action taken.
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\S0MEBR3K\err.log1185484 (Trojan.FakeAlert) -> No action taken.
    c:\documents and settings\networkservice\local settings\temporary internet files\Content.IE5\S0MEBR3K\nbinveo124dld[1].exe (Trojan.FakeAlert) -> No action taken.
    c:\documents and settings\s\application data\microsoft\internet explorer\quick launch\internet security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
    c:\documents and settings\s\start menu\internet security 2010.lnk (Rogue.InternetSecurity2010) -> No action taken.
    c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome.manifest (Worm.Prolaco.M) -> No action taken.
    c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\install.rdf (Worm.Prolaco.M) -> No action taken.
    c:\program files\mozilla firefox\extensions\{9ce11043-9a15-4207-a565-0c94c42d590d}\chrome\content\timer.xul (Worm.Prolaco.M) -> No action taken.
     
  6. crunchie

    crunchie Malware Helper Posts: 728

    Did you really take no action, or did you remove what was found by MBA-M?
     
  7. trisha

    trisha TS Rookie Topic Starter

    removed

    nope i removed them seemed to work doing another scan now to check
     
  8. crunchie

    crunchie Malware Helper Posts: 728

    No worries. The log shows that no action was taken.

    ==

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
     
  9. trisha

    trisha TS Rookie Topic Starter

    Malware new scan

    this is the lastest log after cleaned ,my anti virus is still detecting a Trojan Horse agent_r.XJ


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5658

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2/02/2011 11:07:57 PM
    mbam-log-2011-02-02 (23-07-56).txt

    Scan type: Quick scan
    Objects scanned: 152725
    Time elapsed: 8 minute(s), 26 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  10. crunchie

    crunchie Malware Helper Posts: 728

    Already replied above.
     
  11. trisha

    trisha TS Rookie Topic Starter

    TDsskiller log

    yes just saw sorry this is the log from the TDsskiller


    2011/02/02 23:22:42.0812 6064 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
    2011/02/02 23:22:44.0046 6064 ================================================================================
    2011/02/02 23:22:44.0046 6064 SystemInfo:
    2011/02/02 23:22:44.0046 6064
    2011/02/02 23:22:44.0046 6064 OS Version: 5.1.2600 ServicePack: 3.0
    2011/02/02 23:22:44.0046 6064 Product type: Workstation
    2011/02/02 23:22:44.0046 6064 ComputerName: S-F0D5347702F94
    2011/02/02 23:22:44.0046 6064 UserName: s
    2011/02/02 23:22:44.0046 6064 Windows directory: C:\WINDOWS
    2011/02/02 23:22:44.0046 6064 System windows directory: C:\WINDOWS
    2011/02/02 23:22:44.0046 6064 Processor architecture: Intel x86
    2011/02/02 23:22:44.0046 6064 Number of processors: 2
    2011/02/02 23:22:44.0046 6064 Page size: 0x1000
    2011/02/02 23:22:44.0046 6064 Boot type: Normal boot
    2011/02/02 23:22:44.0046 6064 ================================================================================
    2011/02/02 23:22:52.0421 6064 Initialize success
    2011/02/02 23:22:57.0406 2144 ================================================================================
    2011/02/02 23:22:57.0406 2144 Scan started
    2011/02/02 23:22:57.0406 2144 Mode: Manual;
    2011/02/02 23:22:57.0406 2144 ================================================================================
    2011/02/02 23:23:08.0953 2144 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/02/02 23:23:09.0687 2144 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/02/02 23:23:10.0937 2144 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/02/02 23:23:11.0781 2144 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/02/02 23:23:18.0500 2144 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/02/02 23:23:19.0515 2144 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/02/02 23:23:21.0515 2144 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/02/02 23:23:23.0375 2144 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/02/02 23:23:24.0515 2144 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    2011/02/02 23:23:26.0218 2144 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    2011/02/02 23:23:27.0296 2144 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    2011/02/02 23:23:28.0500 2144 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    2011/02/02 23:23:29.0343 2144 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    2011/02/02 23:23:30.0828 2144 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    2011/02/02 23:23:32.0250 2144 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    2011/02/02 23:23:33.0281 2144 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    2011/02/02 23:23:35.0109 2144 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/02/02 23:23:36.0437 2144 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/02/02 23:23:38.0125 2144 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/02/02 23:23:38.0937 2144 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/02/02 23:23:39.0640 2144 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/02/02 23:23:41.0343 2144 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/02/02 23:23:44.0500 2144 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/02/02 23:23:46.0015 2144 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/02/02 23:23:48.0375 2144 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/02/02 23:23:50.0031 2144 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/02/02 23:23:51.0015 2144 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/02/02 23:23:52.0765 2144 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/02/02 23:23:53.0328 2144 E100B (5c940a174dfb2c42b9f6ba6edc2baa0b) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2011/02/02 23:23:54.0750 2144 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/02/02 23:23:56.0031 2144 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/02/02 23:23:57.0281 2144 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/02/02 23:23:58.0515 2144 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/02/02 23:24:00.0015 2144 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/02/02 23:24:01.0687 2144 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    2011/02/02 23:24:03.0578 2144 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/02/02 23:24:05.0125 2144 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/02/02 23:24:06.0953 2144 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/02/02 23:24:08.0812 2144 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/02/02 23:24:10.0500 2144 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/02/02 23:24:12.0687 2144 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/02/02 23:24:15.0390 2144 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/02/02 23:24:18.0734 2144 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/02/02 23:24:19.0953 2144 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/02/02 23:24:25.0828 2144 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/02/02 23:24:30.0687 2144 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/02/02 23:24:31.0796 2144 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/02/02 23:24:33.0046 2144 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/02/02 23:24:34.0421 2144 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/02/02 23:24:35.0859 2144 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/02/02 23:24:37.0171 2144 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/02/02 23:24:38.0468 2144 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/02/02 23:24:39.0625 2144 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/02/02 23:24:40.0968 2144 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/02/02 23:24:42.0093 2144 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/02/02 23:24:43.0515 2144 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/02/02 23:24:46.0265 2144 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/02/02 23:24:48.0437 2144 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/02/02 23:24:50.0187 2144 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/02/02 23:24:51.0109 2144 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/02/02 23:24:51.0984 2144 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/02/02 23:24:52.0781 2144 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/02/02 23:24:53.0515 2144 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/02/02 23:24:55.0765 2144 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/02/02 23:24:57.0234 2144 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/02/02 23:24:58.0625 2144 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/02/02 23:25:00.0062 2144 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/02/02 23:25:01.0437 2144 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/02/02 23:25:02.0828 2144 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/02/02 23:25:04.0750 2144 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/02/02 23:25:06.0843 2144 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
    2011/02/02 23:25:08.0687 2144 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/02/02 23:25:10.0031 2144 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/02/02 23:25:11.0453 2144 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/02/02 23:25:12.0765 2144 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/02/02 23:25:14.0312 2144 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/02/02 23:25:16.0250 2144 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/02/02 23:25:17.0468 2144 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/02/02 23:25:19.0265 2144 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/02/02 23:25:20.0671 2144 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/02/02 23:25:22.0671 2144 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/02/02 23:25:24.0718 2144 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/02/02 23:25:32.0703 2144 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/02/02 23:25:43.0515 2144 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/02/02 23:25:44.0906 2144 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/02/02 23:25:46.0109 2144 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/02/02 23:25:47.0906 2144 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/02/02 23:25:49.0140 2144 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/02/02 23:25:50.0281 2144 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/02/02 23:25:52.0109 2144 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    2011/02/02 23:25:52.0859 2144 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/02/02 23:25:57.0359 2144 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys
    2011/02/02 23:25:58.0718 2144 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/02/02 23:25:59.0765 2144 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/02/02 23:26:01.0000 2144 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/02/02 23:26:05.0593 2144 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/02/02 23:26:06.0234 2144 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/02/02 23:26:07.0015 2144 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/02/02 23:26:07.0906 2144 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/02/02 23:26:08.0515 2144 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/02/02 23:26:09.0484 2144 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/02/02 23:26:10.0609 2144 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/02/02 23:26:11.0968 2144 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/02/02 23:26:13.0156 2144 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/02/02 23:26:14.0406 2144 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/02/02 23:26:15.0578 2144 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/02/02 23:26:16.0640 2144 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/02/02 23:26:17.0765 2144 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/02/02 23:26:24.0015 2144 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/02/02 23:26:25.0109 2144 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    2011/02/02 23:26:25.0171 2144 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    2011/02/02 23:26:25.0921 2144 sptd - detected Locked file (1)
    2011/02/02 23:26:27.0406 2144 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/02/02 23:26:28.0515 2144 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/02/02 23:26:30.0062 2144 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/02/02 23:26:31.0500 2144 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/02/02 23:26:34.0609 2144 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/02/02 23:26:35.0671 2144 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/02/02 23:26:36.0796 2144 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/02/02 23:26:37.0312 2144 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/02/02 23:26:37.0953 2144 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/02/02 23:26:40.0375 2144 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/02/02 23:26:42.0000 2144 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/02/02 23:26:43.0015 2144 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/02/02 23:26:44.0281 2144 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/02/02 23:26:45.0250 2144 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/02/02 23:26:46.0062 2144 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/02/02 23:26:46.0750 2144 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/02/02 23:26:47.0406 2144 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/02/02 23:26:48.0187 2144 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/02/02 23:26:50.0937 2144 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/02/02 23:26:52.0171 2144 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/02/02 23:26:53.0140 2144 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/02/02 23:26:54.0515 2144 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/02/02 23:26:55.0562 2144 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/02/02 23:26:56.0765 2144 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/02/02 23:26:57.0828 2144 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    2011/02/02 23:26:58.0156 2144 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/02/02 23:26:58.0171 2144 ================================================================================
    2011/02/02 23:26:58.0171 2144 Scan finished
    2011/02/02 23:26:58.0171 2144 ================================================================================
    2011/02/02 23:26:58.0187 1288 Detected object count: 2
    2011/02/02 23:27:27.0468 1288 Locked file(sptd) - User select action: Skip
    2011/02/02 23:27:28.0156 1288 \HardDisk0 - will be cured after reboot
    2011/02/02 23:27:28.0156 1288 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/02/02 23:27:34.0140 5988 Deinitialize success
     
  12. crunchie

    crunchie Malware Helper Posts: 728

    How are things now?

    I am off to bed, so I will not reply again for a little while. If you are still having the problem, run the following;

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\System32\config\*.sav
    CREATERESTOREPOINT


    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. trisha

    trisha TS Rookie Topic Starter

    thanks

    looks like that did the trick ,thanks so much for your time :)
     
  14. crunchie

    crunchie Malware Helper Posts: 728

    No worries :).

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...