False Secirity Center Warnings
#16
Posted 15 June 2011 - 01:37 PM
#17
Posted 15 June 2011 - 09:56 PM
-Spyware Guard is warning me of 2 things: 1) IE Search page has been changed (asks for restore old value or keep new value) and 2) BHO has been added
-Windows has the yellow shield asking for updates (normal looking)
- Avast is freaking out with hidden rootkit warnings and malicious url detections
So I assume we're getting close but no cigar yet?
#18
Posted 15 June 2011 - 11:57 PM
Let's see what's left.
Step 1
Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "No", save the log and post back the results.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
Step 2
Please read carefully and follow these steps.
Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
- Extract the zip file to its own folder.
- Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
- Click Start scan to start scanning.
- If infection is detected, the default setting for "action" should be Cure
- (If suspicious file is detected please click on it and change it to Skip).
- Click Continue button
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
Step 3
Download aswMBR.exe ( 511KB ) to your desktop.
- Double click the aswMBR.exe to run it
- Click the "Scan" button to start scan
- On completion of the scan click save log, save it to your desktop and post in your next reply
Step 4
Please don't forget to include these items in your reply:
- GMER log
- TDSSKiller log
- aswMBR log
#19
Posted 16 June 2011 - 05:40 PM
#20
Posted 16 June 2011 - 11:26 PM
1) I don't really know what a root folder means, so I'm unsure how to save to one
Save application on C:\ drive that is root folder. You can also save it to your Desktop and run it.
2)the link to bleeping computer has a large number of possible applications for me to turn off/disable. Will there be anything for me to turn of besides Spybot, Spyware Guard and Avast.
You must find only application you have and disable them. This link is universal link for everyone
One more thing. Please uninstall Spybot. You really don't need it. He isn't updated for some time and there is a little help from it.
#21
Posted 18 June 2011 - 09:43 AM
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit quick scan 2011-06-18 08:35:27
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3160815AS rev.4.AAB
Running: wce9374d.exe; Driver: C:\DOCUME~1\Bob\LOCALS~1\Temp\kwqcifoc.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA5B21BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA5B21A5D]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA5B79902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 8230231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8230231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8230231B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8230231B
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
#22
Posted 19 June 2011 - 01:46 PM
I assume I should wait for you to respond to my last posted log (the gmer rootkit one) before I continue with your sequence of steps last posted by you? Thanks.
#23
Posted 19 June 2011 - 01:59 PM
Thank you . To you too!
Great! We found a problem. Please do Step 2 and 3 (TDSSKiller and aswMBR) and post their log. Test your system then.
#24
Posted 19 June 2011 - 03:32 PM
2011/06/19 14:15:34.0296 3132 ================================================================================
2011/06/19 14:15:34.0296 3132 SystemInfo:
2011/06/19 14:15:34.0296 3132
2011/06/19 14:15:34.0296 3132 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/19 14:15:34.0296 3132 Product type: Workstation
2011/06/19 14:15:34.0296 3132 ComputerName: BOB-3CDE5CE5327
2011/06/19 14:15:34.0296 3132 UserName: Bob
2011/06/19 14:15:34.0296 3132 Windows directory: C:\WINDOWS
2011/06/19 14:15:34.0296 3132 System windows directory: C:\WINDOWS
2011/06/19 14:15:34.0296 3132 Processor architecture: Intel x86
2011/06/19 14:15:34.0296 3132 Number of processors: 1
2011/06/19 14:15:34.0296 3132 Page size: 0x1000
2011/06/19 14:15:34.0296 3132 Boot type: Normal boot
2011/06/19 14:15:34.0296 3132 ================================================================================
2011/06/19 14:15:35.0640 3132 Initialize success
2011/06/19 14:15:44.0937 3148 ================================================================================
2011/06/19 14:15:44.0937 3148 Scan started
2011/06/19 14:15:44.0937 3148 Mode: Manual;
2011/06/19 14:15:44.0937 3148 ================================================================================
2011/06/19 14:15:45.0187 3148 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/19 14:15:45.0281 3148 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/19 14:15:45.0359 3148 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/19 14:15:45.0468 3148 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/19 14:15:45.0531 3148 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/19 14:15:45.0625 3148 AgereSoftModem (35c391e40471a0b479328fc7b1b5f40f) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/19 14:15:45.0953 3148 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/19 14:15:46.0093 3148 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/19 14:15:46.0125 3148 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/19 14:15:46.0171 3148 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/19 14:15:46.0234 3148 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/19 14:15:46.0296 3148 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/19 14:15:46.0390 3148 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/19 14:15:46.0453 3148 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/19 14:15:46.0515 3148 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/19 14:15:46.0593 3148 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/19 14:15:46.0718 3148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/19 14:15:46.0796 3148 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/19 14:15:46.0890 3148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/19 14:15:46.0921 3148 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/19 14:15:47.0031 3148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/19 14:15:47.0093 3148 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/19 14:15:47.0156 3148 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/19 14:15:47.0203 3148 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/19 14:15:47.0453 3148 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/19 14:15:47.0546 3148 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/19 14:15:47.0593 3148 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/19 14:15:47.0640 3148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/19 14:15:47.0703 3148 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/19 14:15:47.0781 3148 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/19 14:15:47.0859 3148 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/06/19 14:15:47.0937 3148 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/19 14:15:48.0015 3148 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/19 14:15:48.0062 3148 FilterService (b73ec688c29f81f9da0fcf63682b3ecb) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
2011/06/19 14:15:48.0109 3148 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/19 14:15:48.0140 3148 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/19 14:15:48.0203 3148 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/19 14:15:48.0234 3148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/19 14:15:48.0265 3148 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/19 14:15:48.0328 3148 GcKernel (97983db98129efe4e2d215ce350a7546) C:\WINDOWS\system32\DRIVERS\GcKernel.sys
2011/06/19 14:15:48.0375 3148 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/19 14:15:48.0421 3148 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys
2011/06/19 14:15:48.0453 3148 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/19 14:15:48.0515 3148 HIDSwvd (bd205320308fb41c88a4049a2d1764b4) C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys
2011/06/19 14:15:48.0562 3148 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/19 14:15:48.0687 3148 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/19 14:15:48.0812 3148 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/19 14:15:49.0015 3148 ialm (2aae7be67911f4aec9ad28e9cfb9096f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/19 14:15:49.0218 3148 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/19 14:15:49.0328 3148 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/19 14:15:49.0359 3148 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/19 14:15:49.0406 3148 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/19 14:15:49.0453 3148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/19 14:15:49.0484 3148 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/19 14:15:49.0546 3148 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/19 14:15:49.0609 3148 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/19 14:15:49.0671 3148 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/19 14:15:49.0734 3148 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/19 14:15:49.0765 3148 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/19 14:15:49.0796 3148 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/19 14:15:49.0875 3148 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/19 14:15:49.0921 3148 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/19 14:15:50.0109 3148 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2011/06/19 14:15:50.0187 3148 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2011/06/19 14:15:50.0281 3148 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2011/06/19 14:15:50.0359 3148 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/06/19 14:15:50.0437 3148 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/06/19 14:15:50.0484 3148 lvselsus (e6ba3db1e07745a79e67fa5afe34bdfb) C:\WINDOWS\system32\DRIVERS\lvselsus.sys
2011/06/19 14:15:50.0734 3148 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
2011/06/19 14:15:50.0937 3148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/19 14:15:51.0000 3148 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/19 14:15:51.0062 3148 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/19 14:15:51.0109 3148 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/19 14:15:51.0156 3148 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/19 14:15:51.0234 3148 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/19 14:15:51.0296 3148 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/19 14:15:51.0328 3148 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/19 14:15:51.0390 3148 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/19 14:15:51.0421 3148 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/19 14:15:51.0468 3148 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/19 14:15:51.0531 3148 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/19 14:15:51.0578 3148 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/19 14:15:51.0640 3148 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/19 14:15:51.0703 3148 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/19 14:15:51.0750 3148 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/19 14:15:51.0812 3148 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/19 14:15:51.0859 3148 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/19 14:15:51.0921 3148 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/19 14:15:51.0953 3148 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/19 14:15:51.0984 3148 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/19 14:15:52.0078 3148 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/19 14:15:52.0140 3148 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/19 14:15:52.0234 3148 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/19 14:15:52.0296 3148 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/19 14:15:52.0359 3148 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/19 14:15:52.0484 3148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/19 14:15:52.0546 3148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/19 14:15:52.0562 3148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/19 14:15:52.0625 3148 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/19 14:15:52.0750 3148 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/19 14:15:52.0765 3148 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/19 14:15:52.0859 3148 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/19 14:15:52.0921 3148 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/19 14:15:52.0968 3148 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/06/19 14:15:53.0046 3148 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/19 14:15:53.0296 3148 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/19 14:15:53.0328 3148 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/19 14:15:53.0359 3148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/19 14:15:53.0500 3148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/19 14:15:53.0593 3148 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/19 14:15:53.0625 3148 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/19 14:15:53.0671 3148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/19 14:15:53.0734 3148 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/19 14:15:53.0765 3148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/19 14:15:53.0828 3148 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/19 14:15:53.0890 3148 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/19 14:15:54.0000 3148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/19 14:15:54.0062 3148 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/19 14:15:54.0203 3148 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/19 14:15:54.0281 3148 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/19 14:15:54.0359 3148 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/19 14:15:54.0437 3148 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/19 14:15:54.0515 3148 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/19 14:15:54.0609 3148 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/19 14:15:54.0734 3148 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/19 14:15:54.0796 3148 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/19 14:15:55.0015 3148 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/19 14:15:55.0125 3148 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/19 14:15:55.0171 3148 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/19 14:15:55.0218 3148 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/19 14:15:55.0281 3148 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/19 14:15:55.0390 3148 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/19 14:15:55.0515 3148 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/19 14:15:55.0609 3148 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/19 14:15:55.0671 3148 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/19 14:15:55.0750 3148 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/19 14:15:55.0812 3148 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/19 14:15:55.0875 3148 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/19 14:15:55.0921 3148 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/19 14:15:55.0984 3148 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/19 14:15:56.0031 3148 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/19 14:15:56.0125 3148 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/19 14:15:56.0187 3148 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/19 14:15:56.0281 3148 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/19 14:15:56.0437 3148 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/19 14:15:56.0500 3148 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/19 14:15:56.0515 3148 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/19 14:15:56.0515 3148 ================================================================================
2011/06/19 14:15:56.0515 3148 Scan finished
2011/06/19 14:15:56.0515 3148 ================================================================================
2011/06/19 14:15:56.0546 2096 Detected object count: 1
2011/06/19 14:15:56.0546 2096 Actual detected object count: 1
2011/06/19 14:16:27.0078 2096 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Skip
#25
Posted 19 June 2011 - 03:33 PM
Run date: 2011-06-19 14:24:19
-----------------------------
14:24:19.296 OS Version: Windows 5.1.2600 Service Pack 2
14:24:19.296 Number of processors: 1 586 0x401
14:24:19.296 ComputerName: BOB-3CDE5CE5327 UserName: Bob
14:24:20.421 AVAST engine 6.0.1125 defs: 11061901
14:24:20.421 Initialize success
14:24:27.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
14:24:27.156 Disk 0 Vendor: ST3160815AS 4.AAB Size: 152627MB BusType: 3
14:24:27.156 Device \Driver\atapi -> DriverStartIo 8230231b
14:24:29.171 Disk 0 MBR read successfully
14:24:29.171 Disk 0 MBR scan
14:24:29.171 Disk 0 MBR:Alureon-G [Rtk]
14:24:29.171 Disk 0 TDL4@MBR code has been found
14:24:29.171 Disk 0 Windows XP default MBR code found via API
14:24:29.171 Disk 0 MBR hidden
14:24:29.171 Disk 0 MBR [TDL4] **ROOTKIT**
14:24:29.171 Disk 0 trace - called modules:
14:24:29.171 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x823024d0]<<
14:24:29.171 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8236c8a0]
14:24:29.703 3 CLASSPNP.SYS[f84d405b] -> nt!IofCallDriver -> [0x822da0d8]
14:24:29.703 \Driver\atapi[0x82378b60] -> IRP_MJ_CREATE -> 0x823024d0
14:24:29.703 AVAST engine scan C:\WINDOWS\system32
14:26:17.859 Scan finished successfully
14:27:19.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Bob\Desktop\MBR.dat"
14:27:19.140 The log file has been saved successfully to "C:\Documents and Settings\Bob\Desktop\aswMBR.txt"
#26
Posted 19 June 2011 - 03:46 PM
#27
Posted 19 June 2011 - 04:10 PM
BTW, I realize, that when I get popup messages about avast blocking a malicious url, that's probably a good thing. I see where I could likely turn off the announcing of each blocked url.
#28
Posted 19 June 2011 - 11:07 PM
Please scan one more time and make sure you choose Cure this time.
#29
Posted 20 June 2011 - 10:07 AM
-windows updates? accept or not?
-turned off spywareguard since I don't use IE; but I know it will ask me to "accept new" or "restore old" IE settings if I turn it on
-still have spywareblaster running
Looks like we're getting close!! Are we?
Thanks
#30
Posted 20 June 2011 - 11:05 PM
Yes. We did it. Just to make sure that infection won't come back please do one more scan with aswMBR and post log here for me.
In mean while I'll prepare final cleanup for you.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users