also @ TechSpot: Intel says Haswell will improve battery life by 50 percent

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

IE8 and Google Chrome redirects

Discussion in 'Virus and Malware Removal' started by spanner monkey, Dec 24, 2011.

Post New Reply

Page 1 of 2

spanner monkey Newcomer, in training Posts: 21

When using IE8 and google chrome if i use google search engine when i click on it it re-directs to a different page

spanner monkey, Dec 24, 2011

#1
Broni Malware Annihilator Posts: 39,391 +177
Welcome aboard

Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Broni, Dec 24, 2011

#2
spanner monkey Newcomer, in training Posts: 21

After running the malwarebytes scan

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122405

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25/12/2011 08:22:59
mbam-log-2011-12-25 (08-22-59).txt

Scan type: Quick scan
Objects scanned: 245883
Time elapsed: 41 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D8FBA6-D90F-40A9-AC55-84896F79CA69} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_project.bho_object.1 (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{4555A2F2-15C0-2878-0E2F-D670364F3080} (Trojan.ZbotR.Gen) -> Value: {4555A2F2-15C0-2878-0E2F-D670364F3080} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> Value: Regedit32 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\RECYCLER\s-1-5-21-861567501-1659004503-1801674531-1004\Dc37.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\daddy (ipod)\local settings\Temp\tmp23ef0ab6.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\documents and settings\daddy (ipod)\local settings\Temp\icreinstall_pdfreadersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\D7.tmp (Malware.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.06683929404814637.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.12677480397815566.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.23150276553479676.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.2121109062247032.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.3279306866598143.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.6101848792243324.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\0.711823672086316.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

23:55:52 Daddy (ipod) MESSAGE Protection started successfully
23:56:11 Daddy (ipod) MESSAGE IP Protection started successfully
23:56:11 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:14 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:20 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:32 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:32 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:35 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:41 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:53 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:56:56 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:57:02 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:57:14 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
23:57:17 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)

07:24:16 Daddy (ipod) ERROR Scheduled update failed: No address found failed with error code 11004
08:26:31 Daddy (ipod) MESSAGE Protection started successfully
08:27:04 Daddy (ipod) MESSAGE IP Protection started successfully
08:28:09 Daddy (ipod) DETECTION C:\Program Files\PDFReader\Uninstall\Uninstall.exe Adware.Agent QUARANTINE
08:28:09 Daddy (ipod) DETECTION C:\PROGRAM FILES\PDFREADER\UNINSTALL\UNINSTALL.EXE Adware.Agent DENY
08:35:57 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
08:36:00 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
08:36:04 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
08:36:06 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)

spanner monkey, Dec 25, 2011

#3
spanner monkey Newcomer, in training Posts: 21

After running GMER

07:24:16 Daddy (ipod) ERROR Scheduled update failed: No address found failed with error code 11004
08:26:31 Daddy (ipod) MESSAGE Protection started successfully
08:27:04 Daddy (ipod) MESSAGE IP Protection started successfully
08:28:09 Daddy (ipod) DETECTION C:\Program Files\PDFReader\Uninstall\Uninstall.exe Adware.Agent QUARANTINE
08:28:09 Daddy (ipod) DETECTION C:\PROGRAM FILES\PDFREADER\UNINSTALL\UNINSTALL.EXE Adware.Agent DENY
08:35:57 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
08:36:00 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
08:36:04 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)
08:36:06 Daddy (ipod) IP-BLOCK 83.133.124.250 (Type: outgoing)

spanner monkey, Dec 25, 2011

#4
spanner monkey Newcomer, in training Posts: 21

DDS

when i click run to start DDS it briefly flash's a notepad page that dissapears. Is this because i have a script blocker running? If so how do i find my script blocker?

Thankyou

spanner monkey, Dec 25, 2011

#5

Broni Malware Annihilator Posts: 39,391 +177

Skip DDS for now.

Broni, Dec 25, 2011

#6

spanner monkey Newcomer, in training Posts: 21

Ok. I have posted the scan results on the thread after each scan & skipped DDS. Anything else now?

Thank you

spanner monkey, Dec 26, 2011

#7
Broni Malware Annihilator Posts: 39,391 +177

I still need GMER log.

Broni, Dec 26, 2011

#8
spanner monkey Newcomer, in training Posts: 21

GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-26 16:41:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541680J9SA00 rev.SB2OC74P
Running: 8ced8uv8.exe; Driver: C:\DOCUME~1\DADDY(~1\LOCALS~1\Temp\pxxyikow.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 84AA331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 84AA331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 84AA331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 84AA331B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 84AA331B

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

spanner monkey, Dec 26, 2011

#9
Broni Malware Annihilator Posts: 39,391 +177
Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
Broni, Dec 26, 2011

#10
spanner monkey Newcomer, in training Posts: 21

TDSSKiller log

17:02:35.0468 3504 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
17:02:35.0703 3504 ============================================================
17:02:35.0703 3504 Current date / time: 2011/12/26 17:02:35.0703
17:02:35.0703 3504 SystemInfo:
17:02:35.0703 3504
17:02:35.0703 3504 OS Version: 5.1.2600 ServicePack: 3.0
17:02:35.0703 3504 Product type: Workstation
17:02:35.0703 3504 ComputerName: USER-599DAAA9C5
17:02:35.0734 3504 UserName: Daddy (ipod)
17:02:35.0734 3504 Windows directory: C:\WINDOWS
17:02:35.0734 3504 System windows directory: C:\WINDOWS
17:02:35.0734 3504 Processor architecture: Intel x86
17:02:35.0734 3504 Number of processors: 2
17:02:35.0734 3504 Page size: 0x1000
17:02:35.0734 3504 Boot type: Normal boot
17:02:35.0734 3504 ============================================================
17:02:38.0281 3504 Initialize success
17:04:25.0343 1964 ============================================================
17:04:25.0343 1964 Scan started
17:04:25.0343 1964 Mode: Manual;
17:04:25.0343 1964 ============================================================
17:04:26.0671 1964 Abiosdsk - ok
17:04:26.0687 1964 abp480n5 - ok
17:04:26.0765 1964 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:04:26.0781 1964 ACPI - ok
17:04:26.0812 1964 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
17:04:26.0828 1964 ACPIEC - ok
17:04:26.0828 1964 adpu160m - ok
17:04:26.0890 1964 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:04:26.0890 1964 aec - ok
17:04:26.0953 1964 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
17:04:26.0953 1964 AFD - ok
17:04:26.0968 1964 Aha154x - ok
17:04:26.0984 1964 aic78u2 - ok
17:04:26.0984 1964 aic78xx - ok
17:04:27.0000 1964 AliIde - ok
17:04:27.0015 1964 amsint - ok
17:04:27.0078 1964 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
17:04:27.0078 1964 Arp1394 - ok
17:04:27.0093 1964 asc - ok
17:04:27.0093 1964 asc3350p - ok
17:04:27.0109 1964 asc3550 - ok
17:04:27.0156 1964 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:04:27.0156 1964 AsyncMac - ok
17:04:27.0171 1964 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:04:27.0171 1964 atapi - ok
17:04:27.0171 1964 Atdisk - ok
17:04:27.0328 1964 ati2mtag (3b88b6466896cc1a3a7e3287d72aca85) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:04:27.0437 1964 ati2mtag - ok
17:04:27.0562 1964 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:04:27.0562 1964 Atmarpc - ok
17:04:27.0609 1964 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:04:27.0609 1964 audstub - ok
17:04:27.0671 1964 AVGIDSDriver (2d18221aab3db2d408d6c55c0f23090a) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
17:04:27.0671 1964 AVGIDSDriver - ok
17:04:27.0734 1964 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
17:04:27.0734 1964 AVGIDSEH - ok
17:04:27.0750 1964 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
17:04:27.0750 1964 AVGIDSFilter - ok
17:04:27.0765 1964 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
17:04:27.0781 1964 AVGIDSShim - ok
17:04:27.0828 1964 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
17:04:27.0843 1964 Avgldx86 - ok
17:04:27.0921 1964 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
17:04:27.0921 1964 Avgmfx86 - ok
17:04:27.0937 1964 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
17:04:27.0937 1964 Avgrkx86 - ok
17:04:28.0000 1964 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
17:04:28.0015 1964 Avgtdix - ok
17:04:28.0078 1964 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
17:04:28.0078 1964 b57w2k - ok
17:04:28.0171 1964 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
17:04:28.0203 1964 BCM43XX - ok
17:04:28.0343 1964 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:04:28.0343 1964 Beep - ok
17:04:28.0406 1964 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:04:28.0406 1964 cbidf2k - ok
17:04:28.0406 1964 cd20xrnt - ok
17:04:28.0421 1964 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:04:28.0421 1964 Cdaudio - ok
17:04:28.0484 1964 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:04:28.0484 1964 Cdfs - ok
17:04:28.0515 1964 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:04:28.0515 1964 Cdrom - ok
17:04:28.0531 1964 Changer - ok
17:04:28.0578 1964 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:04:28.0593 1964 CmBatt - ok
17:04:28.0593 1964 CmdIde - ok
17:04:28.0609 1964 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:04:28.0609 1964 Compbatt - ok
17:04:28.0625 1964 Cpqarray - ok
17:04:28.0640 1964 dac2w2k - ok
17:04:28.0671 1964 dac960nt - ok
17:04:28.0687 1964 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:04:28.0687 1964 Disk - ok
17:04:28.0734 1964 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:04:28.0750 1964 dmboot - ok
17:04:28.0859 1964 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:04:28.0875 1964 dmio - ok
17:04:28.0906 1964 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:04:28.0906 1964 dmload - ok
17:04:28.0953 1964 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:04:28.0953 1964 DMusic - ok
17:04:28.0968 1964 dpti2o - ok
17:04:28.0968 1964 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:04:28.0984 1964 drmkaud - ok
17:04:29.0015 1964 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:04:29.0031 1964 Fastfat - ok
17:04:29.0062 1964 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:04:29.0062 1964 Fdc - ok
17:04:29.0078 1964 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:04:29.0078 1964 Fips - ok
17:04:29.0187 1964 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:04:29.0187 1964 Flpydisk - ok
17:04:29.0234 1964 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:04:29.0234 1964 FltMgr - ok
17:04:29.0265 1964 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:04:29.0265 1964 Fs_Rec - ok
17:04:29.0296 1964 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:04:29.0312 1964 Ftdisk - ok
17:04:29.0359 1964 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:04:29.0375 1964 GEARAspiWDM - ok
17:04:29.0390 1964 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:04:29.0390 1964 Gpc - ok
17:04:29.0421 1964 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:04:29.0421 1964 HDAudBus - ok
17:04:29.0437 1964 hpn - ok
17:04:29.0500 1964 HSFHWAZL (290cdbb05903742ea06b7203c5a662f5) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:04:29.0500 1964 HSFHWAZL - ok
17:04:29.0640 1964 HSF_DPV (7ab812355f98858b9ecdd46e6fcc221f) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:04:29.0656 1964 HSF_DPV - ok
17:04:29.0781 1964 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:04:29.0781 1964 HTTP - ok
17:04:29.0796 1964 i2omgmt - ok
17:04:29.0796 1964 i2omp - ok
17:04:29.0843 1964 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:04:29.0843 1964 i8042prt - ok
17:04:29.0890 1964 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:04:29.0890 1964 Imapi - ok
17:04:29.0906 1964 ini910u - ok
17:04:29.0921 1964 IntelIde - ok
17:04:29.0968 1964 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:04:29.0984 1964 Ip6Fw - ok
17:04:30.0109 1964 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:04:30.0109 1964 IpFilterDriver - ok
17:04:30.0109 1964 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:04:30.0125 1964 IpInIp - ok
17:04:30.0171 1964 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:04:30.0171 1964 IpNat - ok
17:04:30.0203 1964 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:04:30.0203 1964 IPSec - ok
17:04:30.0250 1964 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:04:30.0250 1964 IRENUM - ok
17:04:30.0343 1964 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:04:30.0343 1964 isapnp - ok
17:04:30.0375 1964 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:04:30.0375 1964 Kbdclass - ok
17:04:30.0531 1964 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:04:30.0531 1964 kmixer - ok
17:04:30.0562 1964 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
17:04:30.0562 1964 KSecDD - ok
17:04:30.0578 1964 lbrtfdc - ok
17:04:30.0640 1964 LgBttPort (4dd47b5af0b24871ebb9efc012a7474e) C:\WINDOWS\system32\DRIVERS\lgbtport.sys
17:04:30.0640 1964 LgBttPort - ok
17:04:30.0656 1964 lgbusenum (1d038ca6c529203087a990e5e97887b4) C:\WINDOWS\system32\DRIVERS\lgbtbus.sys
17:04:30.0656 1964 lgbusenum - ok
17:04:30.0687 1964 LGVMODEM (26f1976a330195d62a6224c76968cf0d) C:\WINDOWS\system32\DRIVERS\lgvmodem.sys
17:04:30.0687 1964 LGVMODEM - ok
17:04:30.0718 1964 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
17:04:30.0718 1964 MBAMProtector - ok
17:04:30.0734 1964 MBAMSwissArmy - ok
17:04:30.0781 1964 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:04:30.0781 1964 mdmxsdk - ok
17:04:30.0906 1964 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:04:30.0906 1964 mnmdd - ok
17:04:30.0921 1964 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:04:30.0921 1964 Modem - ok
17:04:30.0984 1964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:04:30.0984 1964 Mouclass - ok
17:04:31.0046 1964 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:04:31.0046 1964 MountMgr - ok
17:04:31.0046 1964 mraid35x - ok
17:04:31.0062 1964 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:04:31.0078 1964 MRxDAV - ok
17:04:31.0125 1964 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:04:31.0125 1964 MRxSmb - ok
17:04:31.0218 1964 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:04:31.0218 1964 Msfs - ok
17:04:31.0281 1964 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:04:31.0281 1964 MSKSSRV - ok
17:04:31.0296 1964 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:04:31.0296 1964 MSPCLOCK - ok
17:04:31.0296 1964 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:04:31.0296 1964 MSPQM - ok
17:04:31.0343 1964 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:04:31.0343 1964 mssmbios - ok
17:04:31.0359 1964 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:04:31.0359 1964 Mup - ok
17:04:31.0375 1964 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:04:31.0390 1964 NDIS - ok
17:04:31.0406 1964 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:04:31.0406 1964 NdisTapi - ok
17:04:31.0453 1964 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:04:31.0468 1964 Ndisuio - ok
17:04:31.0500 1964 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:04:31.0500 1964 NdisWan - ok
17:04:31.0515 1964 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:04:31.0515 1964 NDProxy - ok
17:04:31.0546 1964 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:04:31.0546 1964 NetBIOS - ok
17:04:31.0656 1964 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:04:31.0656 1964 NetBT - ok
17:04:31.0687 1964 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
17:04:31.0687 1964 NIC1394 - ok
17:04:31.0703 1964 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:04:31.0703 1964 Npfs - ok
17:04:31.0781 1964 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:04:31.0812 1964 Ntfs - ok
17:04:31.0953 1964 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:04:31.0953 1964 Null - ok
17:04:32.0000 1964 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:04:32.0000 1964 NwlnkFlt - ok
17:04:32.0015 1964 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:04:32.0015 1964 NwlnkFwd - ok
17:04:32.0062 1964 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
17:04:32.0062 1964 ohci1394 - ok
17:04:32.0109 1964 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:04:32.0109 1964 Parport - ok
17:04:32.0125 1964 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:04:32.0125 1964 PartMgr - ok
17:04:32.0156 1964 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:04:32.0156 1964 ParVdm - ok
17:04:32.0171 1964 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:04:32.0171 1964 PCI - ok
17:04:32.0187 1964 PCIDump - ok
17:04:32.0203 1964 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:04:32.0203 1964 PCIIde - ok
17:04:32.0218 1964 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:04:32.0218 1964 Pcmcia - ok
17:04:32.0281 1964 PDCOMP - ok
17:04:32.0296 1964 PDFRAME - ok
17:04:32.0312 1964 PDRELI - ok
17:04:32.0312 1964 PDRFRAME - ok
17:04:32.0328 1964 perc2 - ok
17:04:32.0343 1964 perc2hib - ok
17:04:32.0390 1964 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:04:32.0390 1964 PptpMiniport - ok
17:04:32.0437 1964 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
17:04:32.0437 1964 Processor - ok
17:04:32.0453 1964 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:04:32.0453 1964 PSched - ok
17:04:32.0484 1964 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:04:32.0484 1964 Ptilink - ok
17:04:32.0515 1964 ql1080 - ok
17:04:32.0531 1964 Ql10wnt - ok
17:04:32.0531 1964 ql12160 - ok
17:04:32.0546 1964 ql1240 - ok
17:04:32.0562 1964 ql1280 - ok
17:04:32.0593 1964 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:04:32.0593 1964 RasAcd - ok
17:04:32.0656 1964 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:04:32.0656 1964 Rasl2tp - ok
17:04:32.0671 1964 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:04:32.0671 1964 RasPppoe - ok
17:04:32.0687 1964 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:04:32.0687 1964 Raspti - ok
17:04:32.0781 1964 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:04:32.0781 1964 Rdbss - ok
17:04:32.0796 1964 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:04:32.0796 1964 RDPCDD - ok
17:04:32.0843 1964 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:04:32.0843 1964 rdpdr - ok
17:04:32.0875 1964 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:04:32.0875 1964 RDPWD - ok
17:04:32.0921 1964 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:04:32.0921 1964 redbook - ok
17:04:32.0984 1964 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:04:32.0984 1964 Secdrv - ok
17:04:33.0031 1964 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:04:33.0031 1964 serenum - ok
17:04:33.0046 1964 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
17:04:33.0046 1964 Serial - ok
17:04:33.0078 1964 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:04:33.0078 1964 Sfloppy - ok
17:04:33.0171 1964 Simbad - ok
17:04:33.0171 1964 Sparrow - ok
17:04:33.0234 1964 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:04:33.0250 1964 splitter - ok
17:04:33.0312 1964 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:04:33.0312 1964 sr - ok
17:04:33.0328 1964 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
17:04:33.0328 1964 Srv - ok
17:04:33.0484 1964 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
17:04:33.0515 1964 STHDA - ok
17:04:33.0562 1964 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:04:33.0562 1964 swenum - ok
17:04:33.0625 1964 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:04:33.0625 1964 swmidi - ok
17:04:33.0640 1964 symc810 - ok
17:04:33.0656 1964 symc8xx - ok
17:04:33.0656 1964 sym_hi - ok
17:04:33.0671 1964 sym_u3 - ok
17:04:33.0703 1964 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:04:33.0703 1964 sysaudio - ok
17:04:33.0812 1964 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:04:33.0828 1964 Tcpip - ok
17:04:33.0859 1964 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:04:33.0859 1964 TDPIPE - ok
17:04:33.0875 1964 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:04:33.0875 1964 TDTCP - ok
17:04:33.0921 1964 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:04:33.0921 1964 TermDD - ok
17:04:33.0937 1964 TosIde - ok
17:04:34.0000 1964 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:04:34.0000 1964 Udfs - ok
17:04:34.0015 1964 ultra - ok
17:04:34.0031 1964 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:04:34.0046 1964 Update - ok
17:04:34.0093 1964 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:04:34.0109 1964 USBAAPL - ok
17:04:34.0218 1964 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:04:34.0234 1964 usbaudio - ok
17:04:34.0281 1964 usbbus (8ef48ff1c23b1ce6f96d09a45959eb20) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
17:04:34.0515 1964 usbbus - ok
17:04:34.0812 1964 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:04:34.0828 1964 usbccgp - ok
17:04:35.0046 1964 UsbDiag (a0e24c5c2d0cff04bbd3753a72fae80b) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
17:04:35.0093 1964 UsbDiag - ok
17:04:35.0140 1964 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:04:35.0140 1964 usbehci - ok
17:04:35.0203 1964 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:04:35.0218 1964 usbhub - ok
17:04:35.0328 1964 USBModem (cc09a1132b1f6a8362107cc134e90d0b) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
17:04:35.0375 1964 USBModem - ok
17:04:35.0406 1964 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
17:04:35.0406 1964 usbohci - ok
17:04:35.0468 1964 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:04:35.0468 1964 usbprint - ok
17:04:35.0546 1964 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:04:35.0546 1964 usbscan - ok
17:04:35.0640 1964 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:04:35.0656 1964 USBSTOR - ok
17:04:35.0703 1964 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:04:35.0703 1964 VgaSave - ok
17:04:35.0718 1964 ViaIde - ok
17:04:35.0812 1964 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:04:35.0812 1964 VolSnap - ok
17:04:35.0875 1964 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:04:35.0875 1964 Wanarp - ok
17:04:35.0890 1964 WDICA - ok
17:04:35.0968 1964 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:04:35.0968 1964 wdmaud - ok
17:04:36.0187 1964 winachsf (a8596cf86d445269a42ecc08b7066a4c) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:04:36.0203 1964 winachsf - ok
17:04:36.0359 1964 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
17:04:36.0359 1964 WmiAcpi - ok
17:04:36.0406 1964 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
17:04:36.0562 1964 \Device\Harddisk0\DR0 - ok
17:04:36.0562 1964 Boot (0x1200) (f9397b558ded31345b4f381a3da3a64f) \Device\Harddisk0\DR0\Partition0
17:04:36.0562 1964 \Device\Harddisk0\DR0\Partition0 - ok
17:04:36.0562 1964 ============================================================
17:04:36.0562 1964 Scan finished
17:04:36.0562 1964 ============================================================
17:04:36.0578 2108 Detected object count: 0
17:04:36.0578 2108 Actual detected object count: 0
17:04:43.0234 2024 Deinitialize success

spanner monkey, Dec 26, 2011

#11
Broni Malware Annihilator Posts: 39,391 +177

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Broni, Dec 26, 2011

#12
spanner monkey Newcomer, in training Posts: 21

MBR log

aswMBR version 0.9.9.1120 Copyright(c) 2011 AVAST Software
Run date: 2011-12-26 17:22:10
-----------------------------
17:22:10.562 OS Version: Windows 5.1.2600 Service Pack 3
17:22:10.562 Number of processors: 2 586 0x4802
17:22:10.562 ComputerName: USER-599DAAA9C5 UserName: Daddy (ipod)
17:22:13.328 Initialize success
17:24:33.265 AVAST engine defs: 11122501
17:24:36.234 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:24:36.234 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size: 76319MB BusType: 3
17:24:38.343 Disk 0 MBR read successfully
17:24:38.343 Disk 0 MBR scan
17:24:38.750 Disk 0 Windows XP default MBR code
17:24:38.765 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76316 MB offset 63
17:24:38.796 Disk 0 scanning sectors +156296385
17:24:39.250 Disk 0 scanning C:\WINDOWS\system32\drivers
17:24:55.234 Service scanning
17:24:56.437 Modules scanning
17:25:05.765 Disk 0 trace - called modules:
17:25:05.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:25:05.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bc6ab8]
17:25:05.812 3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\0000007c[0x84b7ef18]
17:25:05.812 5 ACPI.sys[f73a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x84b7dd98]
17:25:06.687 AVAST engine scan C:\WINDOWS
17:25:12.093 AVAST engine scan C:\WINDOWS\system32
17:26:59.296 AVAST engine scan C:\WINDOWS\system32\drivers
17:27:11.843 AVAST engine scan C:\Documents and Settings\Daddy (ipod)
17:27:40.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Daddy (ipod)\My Documents\MBR.dat"
17:27:40.109 The log file has been saved successfully to "C:\Documents and Settings\Daddy (ipod)\My Documents\aswMBR.txt"

spanner monkey, Dec 26, 2011

#13
Broni Malware Annihilator Posts: 39,391 +177
Download Bootkit Remover to your Desktop.

Unzip downloaded file to your Desktop.

Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.
Broni, Dec 26, 2011

#14
spanner monkey Newcomer, in training Posts: 21

Boot cleaner

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

Done;
Press any key to quit...

spanner monkey, Dec 27, 2011

#15
Broni Malware Annihilator Posts: 39,391 +177
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.

**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Broni, Dec 27, 2011

#16
spanner monkey Newcomer, in training Posts: 21

rkill log /combofix

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 28/12/2011 at 12:25:32.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Daddy (ipod)\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

Rkill completed on 28/12/2011 at 12:25:42.

I have also run the combofix program but i cannot find the log? i run a search for combofix.txt it came up with lots of files but i can't find a txt log

spanner monkey, Dec 28, 2011

#17
Broni Malware Annihilator Posts: 39,391 +177

It should be here: "C:\ComboFix.txt"
If it's not re-run it.

Broni, Dec 28, 2011

#18
spanner monkey Newcomer, in training Posts: 21

I have tried now 3 or 4 times again after running comboFix - when it get's to the reboot it doesnt automatically reboot even after waiting half an hour. I have to got to the start menu & got to the restart option.

The only log i can see when looking for "C:\ComboFix.txt" is ntblog (posted below in 2 parts)

I will try again anyway

spanner monkey, Dec 29, 2011

#19
Broni Malware Annihilator Posts: 39,391 +177
Is redirection still present?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
Broni, Dec 29, 2011

#20

Page 1 of 2

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.