kewlpoohgirl
Posts: 7 +0
Let me start by thanking you in advance for helping with my problem! I know that there is another recent thread about this sort of problem but I know the administrator said not to follow another person's instructions.
Below are the necessary logs from the 8-Step Preliminary Process:
1. MBAM
2. GMER
3. DDS
4. Attach
I apologize in advance if some of the spacing on the logs make it difficult to read.
------------------------------------------------
MBAM LOG
-------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5410
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/28/2010 8:36:42 PM
mbam-log-2010-12-28 (20-36-42).txt
Scan type: Quick scan
Objects scanned: 148747
Time elapsed: 7 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------
GMER LOG
------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-28 20:45:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 FUJITSU_MHV2100BH_PL rev.00000029
Running: tqee9104.exe; Driver: C:\DOCUME~1\Hamsa\LOCALS~1\Temp\kfqoyfob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 195371312 (+255): rootkit-like behavior;
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA2F1BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAA2F19D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAA2F1B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86CB93B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86CB93B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86CB93B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86CB93B2
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskFUJITSU_MHV2100BH_PL____________________00000029#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
Below are the necessary logs from the 8-Step Preliminary Process:
1. MBAM
2. GMER
3. DDS
4. Attach
I apologize in advance if some of the spacing on the logs make it difficult to read.
------------------------------------------------
MBAM LOG
-------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5410
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/28/2010 8:36:42 PM
mbam-log-2010-12-28 (20-36-42).txt
Scan type: Quick scan
Objects scanned: 148747
Time elapsed: 7 minute(s), 56 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------
GMER LOG
------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-28 20:45:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 FUJITSU_MHV2100BH_PL rev.00000029
Running: tqee9104.exe; Driver: C:\DOCUME~1\Hamsa\LOCALS~1\Temp\kfqoyfob.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 195371312 (+255): rootkit-like behavior;
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA2F1BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xAA2F19D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xAA2F1B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 86CB93B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86CB93B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86CB93B2
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86CB93B2
Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
Device \Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskFUJITSU_MHV2100BH_PL____________________00000029#5&aaba3cd&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----