Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Vista Repair Virus


  • This topic is locked This topic is locked

#1
3square

3square

    Member

  • Member
  • PipPip
  • 24 posts
I seem to have run into quite a bit of malware here and could use some assistance. Doing some random timewasting web browsing, i stepped outside for a ciggarette, when i came back i had a popup disguised as an error message saying something about a hard drive failure or something. after seeing it pop up, i immediately bood up into safe mode and attemted to remove it via MBAM, but to no avail. a friend of mine who is a bit more tech savvy looked it over and tried to fix it. Im not sure exactly what he did but i do know that it involved rkill, and that it didnt work. There is a program that opens up called "Windows Vista Repair" Thats about as much as i know about the situation and im stuck.

Thanks

OTL logfile created on: 7/2/2011 1:48:20 AM - Run 3
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Administrator\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.63 Gb Available Physical Memory | 31.72% Memory free
4.23 Gb Paging File | 2.77 Gb Available in Paging File | 65.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 60.08 Gb Free Space | 12.90% Space Free | Partition Type: NTFS
Drive D: | 2.68 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 625.47 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 1.86 Gb Total Space | 0.10 Gb Free Space | 5.17% Space Free | Partition Type: FAT

Computer Name: PATMOORE-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/02 01:47:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/07/02 01:47:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/27 14:27:28 | 003,435,096 | -H-- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011/06/13 00:22:27 | 001,036,104 | -H-- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/30 15:47:08 | 000,407,336 | -H-- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/04/03 16:59:00 | 000,240,232 | -H-- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/01/18 15:14:24 | 001,141,712 | -H-- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 16:23:34 | 000,365,280 | -H-- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/26 07:43:14 | 000,025,832 | -H-- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/05/04 19:39:23 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2011/05/09 17:15:16 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\uze4odq4.sys -- (uze4odq4)
DRV - [2010/07/07 04:31:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/03 17:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/05 22:22:14 | 000,019,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\atapi.tsk -- (atapi)
DRV - [2009/09/23 17:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/07/03 09:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/06/23 11:01:40 | 000,009,968 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/11/26 13:51:02 | 000,333,824 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr61.sys -- (rt61x86)
DRV - [2008/11/22 13:48:16 | 000,011,392 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\dualshock3.sys -- (dualshock3) DUALSHOCK3 Controller HID Minidriver (USB)
DRV - [2008/08/19 23:34:22 | 000,007,408 | RH-- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/19 23:34:20 | 000,055,024 | -H-- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/02 14:59:42 | 000,008,192 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 9A 1A EC 51 B0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:4.0.27.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {C4D9E47F-583D-43CC-ABBE-992CF490F183}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

FF - HKLM\software\mozilla\Firefox\Extensions\\{C4D9E47F-583D-43CC-ABBE-992CF490F183}: C:\Users\Administrator\AppData\Local\{C4D9E47F-583D-43CC-ABBE-992CF490F183}
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/27 14:19:14 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/27 14:19:15 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 15:55:05 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/20 00:58:16 | 000,000,000 | -H-D | M]

[2009/09/10 13:09:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2009/09/10 13:09:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/05/06 19:55:20 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions
[2010/06/23 00:34:21 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/16 17:10:56 | 000,000,000 | -H-D | M] (Battlefield Heroes Updater) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\2f4jpupu.default\extensions\[email protected]
[2011/05/06 20:29:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/06/25 15:55:05 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/10 15:36:52 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe (RayV)
O4 - HKCU..\Run: [VDPLtsHLVdsd] File not found
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/26 11:45:39 | 000,779,496 | R--- | M] (BioWare) - D:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/10/26 16:21:41 | 000,000,054 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2001/02/12 19:04:06 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2001/04/30 11:57:48 | 000,001,452 | R--- | M] () - E:\Autorun.ini -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/02 01:47:55 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/07/02 01:38:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New Folder
[2011/07/02 01:37:04 | 003,412,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Administrator\Desktop\procexp.exe
[2011/07/02 00:54:24 | 001,448,752 | -H-- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\bananas and nuts.exe
[2011/07/02 00:49:55 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2011/07/02 00:40:22 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
[2011/06/20 00:58:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[2011/06/16 16:54:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/16 16:54:12 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/06/16 16:54:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/16 16:54:12 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/16 16:54:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/16 16:54:12 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/16 16:54:11 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/16 16:54:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/16 16:54:11 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/06/16 16:54:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/06/16 16:54:10 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/16 16:54:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/06/16 16:54:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/06/16 16:54:10 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/06/16 16:54:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/16 16:54:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/16 16:54:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2011/07/02 01:47:59 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011/07/02 01:36:54 | 001,546,851 | ---- | M] () -- C:\Users\Administrator\Desktop\ProcessExplorer.zip
[2011/07/02 01:28:04 | 000,035,669 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011/07/02 01:25:15 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{83038BE6-5EBC-4B6A-850B-0FE370D349D0}.job
[2011/07/02 01:23:44 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2011/07/02 01:16:01 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/02 01:16:01 | 000,004,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/02 01:15:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/02 01:08:40 | 001,008,041 | -H-- | M] () -- C:\Users\Administrator\Desktop\uSeRiNiT.exe
[2011/07/02 01:00:45 | 000,178,176 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/02 01:00:36 | 001,008,041 | -H-- | M] () -- C:\Users\Administrator\Desktop\WiNlOgOn.exe
[2011/07/02 00:56:22 | 001,008,041 | -H-- | M] () -- C:\Users\Administrator\Desktop\iExplore.exe
[2011/07/02 00:53:59 | 001,448,752 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\bananas and nuts.exe
[2011/07/02 00:50:10 | 001,008,041 | -H-- | M] () -- C:\Users\Administrator\Desktop\rkill.com
[2011/07/02 00:40:25 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~30990072
[2011/07/02 00:40:25 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~30990072r
[2011/07/02 00:40:24 | 000,000,591 | -H-- | M] () -- C:\Users\Administrator\Desktop\Windows Vista Repair.lnk
[2011/07/02 00:14:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500UA.job
[2011/07/01 04:14:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3460322775-3498566274-224670622-500Core.job
[2011/06/29 00:22:18 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/06/20 00:58:02 | 000,001,402 | -H-- | M] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk

========== Files Created - No Company Name ==========

[2011/07/02 01:36:48 | 001,546,851 | ---- | C] () -- C:\Users\Administrator\Desktop\ProcessExplorer.zip
[2011/07/02 01:08:36 | 001,008,041 | -H-- | C] () -- C:\Users\Administrator\Desktop\uSeRiNiT.exe
[2011/07/02 01:00:32 | 001,008,041 | -H-- | C] () -- C:\Users\Administrator\Desktop\WiNlOgOn.exe
[2011/07/02 00:56:57 | 001,008,041 | -H-- | C] () -- C:\Users\Administrator\Desktop\iExplore.exe
[2011/07/02 00:50:03 | 001,008,041 | -H-- | C] () -- C:\Users\Administrator\Desktop\rkill.com
[2011/07/02 00:40:25 | 000,000,232 | -H-- | C] () -- C:\ProgramData\~30990072
[2011/07/02 00:40:25 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~30990072r
[2011/07/02 00:40:24 | 000,000,591 | -H-- | C] () -- C:\Users\Administrator\Desktop\Windows Vista Repair.lnk
[2011/06/20 00:58:02 | 000,001,402 | -H-- | C] () -- C:\Users\Administrator\Desktop\DivX Movies.lnk
[2011/06/02 00:03:07 | 000,100,392 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/05/31 02:05:57 | 000,007,844 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\3w6icfep4bc0
[2011/05/31 02:05:57 | 000,007,844 | -HS- | C] () -- C:\ProgramData\3w6icfep4bc0
[2011/05/09 18:38:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/09 18:38:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/09 18:38:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/09 18:38:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/09 18:38:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/09 17:15:16 | 000,011,264 | ---- | C] () -- C:\Windows\System32\drivers\uze4odq4.sys
[2010/11/14 16:59:55 | 000,151,552 | ---- | C] () -- C:\Windows\System32\nvRegDev.dll
[2010/10/30 12:40:11 | 000,000,048 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/09/11 20:31:15 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\dualshock3.sys
[2010/07/07 04:48:57 | 000,032,811 | ---- | C] () -- C:\Windows\scunin.dat
[2010/06/28 15:39:06 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/24 12:19:07 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/04/13 03:29:51 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/04/13 03:29:50 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/04/13 03:29:50 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/04/13 00:43:14 | 000,035,162 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/04/13 00:28:34 | 000,006,859 | ---- | C] () -- C:\Windows\DiabUnin.dat
[2010/04/02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/02/18 00:07:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010/02/17 23:14:35 | 000,007,806 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\Q8T6845
[2010/01/24 02:32:27 | 000,000,000 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\prvlcl.dat
[2010/01/16 17:35:21 | 000,138,056 | -H-- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2010/01/16 17:35:06 | 000,189,248 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/01/16 17:35:02 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/01/12 21:53:13 | 000,000,101 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2009/10/25 17:46:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/20 13:48:16 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/09/21 19:04:56 | 000,011,376 | ---- | C] () -- C:\Windows\System32\drivers\SECDRV.SYS
[2009/07/15 05:33:07 | 000,035,669 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009/07/15 05:32:47 | 000,035,669 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/15 00:53:59 | 000,178,176 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/15 00:31:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 00:30:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/07/14 23:43:35 | 000,008,298 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009/07/14 22:30:54 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/07/14 22:27:22 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/07/14 21:42:25 | 000,000,552 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\d3d8caps.dat
[2009/07/14 21:22:06 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/14 21:13:50 | 000,001,356 | -H-- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2008/11/26 13:47:50 | 000,000,615 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 003,602,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,613,032 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,112,386 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/10 22:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2005/10/14 04:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005/10/14 04:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005/10/14 04:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005/10/14 04:56:50 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005/10/14 04:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2004/08/13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== Files - Unicode (All) ==========
[2011/06/21 17:42:02 | 000,000,000 | -H-D | C](C:\Users\Administrator\Desktop\[Fueta Kishi (Shoot The Moon)] Natsu?Mama (English) [www.crusang.net]) -- C:\Users\Administrator\Desktop\[Fueta Kishi (Shoot The Moon)] Natsu★Mama (English) [www.crusang.net]
[2011/05/19 15:14:08 | 000,000,000 | -H-D | M](C:\Users\Administrator\Desktop\[Fueta Kishi (Shoot The Moon)] Natsu?Mama (English) [www.crusang.net]) -- C:\Users\Administrator\Desktop\[Fueta Kishi (Shoot The Moon)] Natsu★Mama (English) [www.crusang.net]

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there looks like you had a TDL type infection last year, so I will recheck that area

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    [2011/07/02 00:40:22 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair
    [2011/07/02 00:40:25 | 000,000,232 | -H-- | M] () -- C:\ProgramData\~30990072
    [2011/07/02 00:40:25 | 000,000,168 | -H-- | M] () -- C:\ProgramData\~30990072r
    [2011/07/02 00:40:24 | 000,000,591 | -H-- | M] () -- C:\Users\Administrator\Desktop\Windows Vista Repair.lnk
    [2011/05/31 02:05:57 | 000,007,844 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\3w6icfep4bc0
    [2011/05/31 02:05:57 | 000,007,844 | -HS- | C] () -- C:\ProgramData\3w6icfep4bc0

    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#3
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
A few things: i couldnt get TDSSKiller to run. i would double click it and nothing would happen. i tried renaming it, and diong evertying else i could to get it to run without luck. Also, something i forgot to mention in the OP. the virus has hidden much of my files and folders, the recent OTL fix restored my desktop icons but the quick launch and start menu items are still gone. In regards to the OTL Log in this post, There is a significant portion of it that is not included in my post because it was simply too long. It contains a ton of lines stating "access denied - (file on my pc)" over and over agian and "Not Resetting System file - (File on my pc)" over and over again. If it is important that i include this i will try to in a response.




All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
Folder C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Repair\ not found.
File C:\ProgramData\~30990072 not found.
File C:\ProgramData\~30990072r not found.
File C:\Users\Administrator\Desktop\Windows Vista Repair.lnk not found.
File C:\Users\Administrator\AppData\Local\3w6icfep4bc0 not found.
File C:\ProgramData\3w6icfep4bc0 not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
< attrib -H c:\*.* /s /d /c >


========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3408840736 bytes
->Temporary Internet Files folder emptied: 30632158 bytes
->Java cache emptied: 149457 bytes
->FireFox cache emptied: 43443615 bytes
->Google Chrome cache emptied: 365289870 bytes
->Flash cache emptied: 76907 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1896 bytes
RecycleBin emptied: 4207496764 bytes

Total Files Cleaned = 7,683.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.25.0 log created on 07022011_113616

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQ6R9O2A\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZQ6R9O2A\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP63UVC6\ddc[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP63UVC6\if[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QP63UVC6\pixel[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OL6774VT\search[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MWQ8TQ7\fw-nonplayer-banner[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MWQ8TQ7\fw-nonplayer-banner[2].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MWQ8TQ7\fw-nonplayer-banner[3].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MWQ8TQ7\soli-bailey-surfing[1].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MWQ8TQ7\xd_receiver[2].htm moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8418PU53\emily[2].html moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8418PU53\login_status[1].htm moved successfully.

Registry entries deleted on Reboot...
  • 0

#4
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Also, i have gotten MBAM to work, i havent yet scanned anything, i figure i would wait for you to tell me to do that But i thought that is a new development worth noting.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep that is a start - lets try another MBR programme

But first

Download Unhide.exe to your desktop and run

THEN

Download RogueKiller to your desktop

  • Quit all running programs
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • When prompted, type 6 and validate
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe
Please post the contents of the RKreport.txt in your next Reply.

NEXT

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

FINALLY

Update Mlawarebytes and run a quick scan - posting the resultant log
  • 0

#6
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
A Few updates: Ive recently noticed the good old Google Redirect Shenanigans going on, as well as inexplicable instances of Internet Explorer in my processes. Both of which are still around after the recent scans. My machine also BSOD'd. Its only happened once, so as of now I think its merely coincidence, but worth mentioning. That being said, It looks like part of the malware is gone, as i am no longer getting the "buy our stuff or your computer will explode" popup every 5 minutes.


Requested Logs.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/02/2011 14:19:57

Bad processes: 0

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 2 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 38 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume1 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\CdRom1 -- 0x5 --> Skipped
[F:] \Device\CdRom2 -- 0x5 --> Skipped
[G:] \Device\CdRom3 -- 0x5 --> Skipped
[H:] \Device\HarddiskVolume2 -- 0x2 --> Restored

Finished : << RKreport[1].txt >>
RKreport[1].txt






aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-02 18:28:18
-----------------------------
18:28:18.390 OS Version: Windows 6.0.6002 Service Pack 2
18:28:18.391 Number of processors: 2 586 0x4303
18:28:18.391 ComputerName: PATMOORE-PC UserName:
18:28:41.540 Initialize success
18:28:51.670 AVAST engine defs: 11070201
18:33:53.275 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-5
18:33:53.277 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
18:33:55.308 Disk 0 MBR read successfully
18:33:55.311 Disk 0 MBR scan
18:33:55.313 Disk 0 unknown MBR code
18:33:55.315 Disk 0 MBR hidden
18:33:57.319 Disk 0 scanning sectors +976771072
18:33:57.371 Disk 0 scanning C:\Windows\system32\drivers
18:34:16.976 Service scanning
18:34:21.650 Disk 0 trace - called modules:
18:34:21.697 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x879b6f16]<<
18:34:21.700 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873262f8]
18:34:21.704 3 CLASSPNP.SYS[89dab8b3] -> nt!IofCallDriver -> [0x87326bc0]
18:34:22.057 \Driver\PCTCore[0x86aa6c40] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x879b6f16
18:34:29.078 AVAST engine scan C:\Windows
20:34:03.890 AVAST engine scan C:\Users\Administrator
22:25:47.269 AVAST engine scan C:\ProgramData
23:01:57.810 Scan finished successfully
23:04:47.192 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
23:04:47.223 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"






Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7005

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/2/2011 11:12:23 PM
mbam-log-2011-07-02 (23-12-23).txt

Scan type: Quick scan
Objects scanned: 154008
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$RECYCLE.BIN\s-1-5-21-3460322775-3498566274-224670622-500\$R6G879A\vdpltshlvdsd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now look at the unknown in your MBR. This sometimes indicates an infection, which also gives BSOD and gooogle redirects

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#8
3square

3square

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
2011/07/04 01:54:30.0181 0480 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21
2011/07/04 01:54:30.0528 0480 ================================================================================
2011/07/04 01:54:30.0528 0480 SystemInfo:
2011/07/04 01:54:30.0528 0480
2011/07/04 01:54:30.0529 0480 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/04 01:54:30.0529 0480 Product type: Workstation
2011/07/04 01:54:30.0529 0480 ComputerName: PATMOORE-PC
2011/07/04 01:54:30.0529 0480 UserName: Administrator
2011/07/04 01:54:30.0529 0480 Windows directory: C:\Windows
2011/07/04 01:54:30.0529 0480 System windows directory: C:\Windows
2011/07/04 01:54:30.0529 0480 Processor architecture: Intel x86
2011/07/04 01:54:30.0529 0480 Number of processors: 2
2011/07/04 01:54:30.0529 0480 Page size: 0x1000
2011/07/04 01:54:30.0529 0480 Boot type: Normal boot
2011/07/04 01:54:30.0529 0480 ================================================================================
2011/07/04 01:54:32.0206 0480 Initialize success
2011/07/04 01:54:35.0107 2548 ================================================================================
2011/07/04 01:54:35.0107 2548 Scan started
2011/07/04 01:54:35.0107 2548 Mode: Manual;
2011/07/04 01:54:35.0107 2548 ================================================================================
2011/07/04 01:54:36.0592 2548 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/07/04 01:54:36.0646 2548 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/07/04 01:54:36.0698 2548 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/07/04 01:54:36.0720 2548 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/07/04 01:54:36.0738 2548 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/07/04 01:54:36.0827 2548 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/07/04 01:54:36.0966 2548 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/07/04 01:54:36.0986 2548 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/07/04 01:54:37.0064 2548 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/07/04 01:54:37.0085 2548 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/07/04 01:54:37.0101 2548 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/07/04 01:54:37.0169 2548 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/07/04 01:54:37.0194 2548 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/04 01:54:37.0353 2548 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/07/04 01:54:37.0375 2548 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/07/04 01:54:37.0447 2548 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/04 01:54:37.0475 2548 atapi (3ab1da848921b29fa2d7d2526870a841) C:\Windows\system32\Drivers\atapi.tsk
2011/07/04 01:54:37.0556 2548 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/07/04 01:54:37.0621 2548 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/07/04 01:54:37.0747 2548 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/04 01:54:37.0821 2548 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/04 01:54:37.0843 2548 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/07/04 01:54:37.0875 2548 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/07/04 01:54:37.0900 2548 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/07/04 01:54:37.0912 2548 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/04 01:54:37.0934 2548 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/07/04 01:54:37.0960 2548 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/07/04 01:54:38.0293 2548 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/04 01:54:38.0367 2548 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/04 01:54:38.0421 2548 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/07/04 01:54:38.0465 2548 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/07/04 01:54:38.0545 2548 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/07/04 01:54:38.0559 2548 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/07/04 01:54:38.0585 2548 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/07/04 01:54:38.0606 2548 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/07/04 01:54:38.0755 2548 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/07/04 01:54:38.0885 2548 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/07/04 01:54:38.0971 2548 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/07/04 01:54:39.0043 2548 dualshock3 (d9d593f97d2004e92e18fab0b6f7fe48) C:\Windows\system32\DRIVERS\dualshock3.sys
2011/07/04 01:54:39.0159 2548 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/04 01:54:39.0298 2548 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/07/04 01:54:39.0391 2548 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/07/04 01:54:39.0477 2548 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/07/04 01:54:39.0561 2548 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/07/04 01:54:39.0638 2548 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/07/04 01:54:39.0684 2548 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/07/04 01:54:39.0783 2548 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/04 01:54:39.0861 2548 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/07/04 01:54:39.0929 2548 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/07/04 01:54:39.0995 2548 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/04 01:54:40.0072 2548 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/07/04 01:54:40.0191 2548 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/04 01:54:40.0256 2548 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/04 01:54:40.0276 2548 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/04 01:54:40.0305 2548 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\drivers\hdaudbus.sys
2011/07/04 01:54:40.0323 2548 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/07/04 01:54:40.0344 2548 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/07/04 01:54:40.0422 2548 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/04 01:54:40.0465 2548 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/07/04 01:54:40.0557 2548 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/07/04 01:54:40.0585 2548 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/07/04 01:54:40.0659 2548 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/04 01:54:40.0713 2548 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/07/04 01:54:40.0760 2548 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/07/04 01:54:40.0855 2548 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/07/04 01:54:40.0902 2548 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/04 01:54:40.0995 2548 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/04 01:54:41.0037 2548 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/04 01:54:41.0057 2548 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/04 01:54:41.0121 2548 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/07/04 01:54:41.0143 2548 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/07/04 01:54:41.0205 2548 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/04 01:54:41.0259 2548 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/07/04 01:54:41.0352 2548 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/07/04 01:54:41.0372 2548 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/04 01:54:41.0402 2548 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/07/04 01:54:41.0447 2548 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/04 01:54:41.0557 2548 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2011/07/04 01:54:41.0602 2548 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/04 01:54:41.0672 2548 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/04 01:54:41.0693 2548 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/04 01:54:41.0726 2548 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/04 01:54:41.0751 2548 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/07/04 01:54:41.0818 2548 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/07/04 01:54:41.0899 2548 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/07/04 01:54:41.0988 2548 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/07/04 01:54:42.0075 2548 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/04 01:54:42.0095 2548 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/04 01:54:42.0116 2548 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/04 01:54:42.0135 2548 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/07/04 01:54:42.0168 2548 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/07/04 01:54:42.0249 2548 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/04 01:54:42.0273 2548 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/04 01:54:42.0333 2548 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/07/04 01:54:42.0369 2548 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/04 01:54:42.0392 2548 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/04 01:54:42.0425 2548 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/04 01:54:42.0528 2548 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/07/04 01:54:42.0553 2548 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/07/04 01:54:42.0642 2548 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/07/04 01:54:42.0688 2548 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/07/04 01:54:42.0773 2548 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/04 01:54:42.0832 2548 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/04 01:54:42.0853 2548 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/07/04 01:54:42.0906 2548 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/07/04 01:54:42.0994 2548 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/04 01:54:43.0027 2548 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/07/04 01:54:43.0124 2548 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/07/04 01:54:43.0145 2548 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/07/04 01:54:43.0193 2548 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/04 01:54:43.0277 2548 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/07/04 01:54:43.0368 2548 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/04 01:54:43.0386 2548 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/04 01:54:43.0462 2548 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/04 01:54:43.0493 2548 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/07/04 01:54:43.0525 2548 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/04 01:54:43.0547 2548 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/04 01:54:43.0613 2548 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/07/04 01:54:43.0660 2548 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/07/04 01:54:43.0710 2548 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/04 01:54:43.0748 2548 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/07/04 01:54:43.0830 2548 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/07/04 01:54:43.0855 2548 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/07/04 01:54:43.0969 2548 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
2011/07/04 01:54:44.0254 2548 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/07/04 01:54:44.0646 2548 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/07/04 01:54:44.0684 2548 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/07/04 01:54:44.0720 2548 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/07/04 01:54:44.0832 2548 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/04 01:54:44.0881 2548 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/07/04 01:54:44.0931 2548 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/07/04 01:54:45.0009 2548 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/04 01:54:45.0062 2548 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/07/04 01:54:45.0082 2548 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/07/04 01:54:45.0125 2548 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/07/04 01:54:45.0234 2548 PCTCore (167b2fea66dde6925766d1a81a1affc0) C:\Windows\system32\drivers\PCTCore.sys
2011/07/04 01:54:45.0361 2548 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/07/04 01:54:45.0500 2548 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2011/07/04 01:54:45.0561 2548 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/04 01:54:45.0612 2548 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/07/04 01:54:45.0693 2548 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/04 01:54:45.0820 2548 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/07/04 01:54:45.0864 2548 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/07/04 01:54:45.0892 2548 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/04 01:54:45.0934 2548 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/04 01:54:45.0973 2548 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/04 01:54:46.0018 2548 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/04 01:54:46.0089 2548 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/04 01:54:46.0113 2548 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/04 01:54:46.0136 2548 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/04 01:54:46.0184 2548 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/07/04 01:54:46.0217 2548 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/04 01:54:46.0257 2548 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/07/04 01:54:46.0311 2548 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/04 01:54:46.0359 2548 rt61x86 (92f0efc2d29d2b38adf9fe49701523c1) C:\Windows\system32\DRIVERS\netr61.sys
2011/07/04 01:54:46.0501 2548 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/07/04 01:54:46.0532 2548 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/07/04 01:54:46.0559 2548 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2011/07/04 01:54:46.0665 2548 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/07/04 01:54:46.0771 2548 SecDrv (c71394d99a04ca76484492f590c9cba5) C:\Windows\system32\drivers\SECDRV.SYS
2011/07/04 01:54:46.0839 2548 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/04 01:54:46.0857 2548 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/07/04 01:54:46.0889 2548 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/07/04 01:54:46.0937 2548 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/07/04 01:54:46.0968 2548 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/04 01:54:47.0035 2548 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/04 01:54:47.0065 2548 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/07/04 01:54:47.0106 2548 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/07/04 01:54:47.0125 2548 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/07/04 01:54:47.0154 2548 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/07/04 01:54:47.0242 2548 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/07/04 01:54:47.0283 2548 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/07/04 01:54:47.0407 2548 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/07/04 01:54:47.0408 2548 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/07/04 01:54:47.0418 2548 sptd - detected LockedFile.Multi.Generic (1)
2011/07/04 01:54:47.0458 2548 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/07/04 01:54:47.0486 2548 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/04 01:54:47.0517 2548 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/04 01:54:47.0652 2548 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/04 01:54:47.0733 2548 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/07/04 01:54:47.0755 2548 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/07/04 01:54:47.0774 2548 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/07/04 01:54:47.0837 2548 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/07/04 01:54:47.0872 2548 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/04 01:54:47.0912 2548 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/04 01:54:47.0976 2548 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/07/04 01:54:48.0039 2548 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/07/04 01:54:48.0079 2548 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/04 01:54:48.0124 2548 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/04 01:54:48.0175 2548 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/04 01:54:48.0239 2548 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/04 01:54:48.0332 2548 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/04 01:54:48.0376 2548 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/07/04 01:54:48.0458 2548 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/04 01:54:48.0496 2548 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/04 01:54:48.0537 2548 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/07/04 01:54:48.0563 2548 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/07/04 01:54:48.0600 2548 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/07/04 01:54:48.0661 2548 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/04 01:54:48.0745 2548 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/07/04 01:54:48.0799 2548 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/04 01:54:48.0832 2548 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/07/04 01:54:48.0866 2548 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/04 01:54:48.0919 2548 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/04 01:54:48.0950 2548 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/04 01:54:48.0991 2548 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/07/04 01:54:49.0041 2548 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/04 01:54:49.0092 2548 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/04 01:54:49.0189 2548 uze4odq4 (d565ad44c6c4d934afad3ca4196b09aa) C:\Windows\system32\Drivers\uze4odq4.sys
2011/07/04 01:54:49.0226 2548 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/04 01:54:49.0271 2548 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/07/04 01:54:49.0293 2548 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/07/04 01:54:49.0342 2548 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/07/04 01:54:49.0387 2548 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/07/04 01:54:49.0415 2548 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/07/04 01:54:49.0464 2548 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/07/04 01:54:49.0523 2548 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/07/04 01:54:49.0581 2548 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/07/04 01:54:49.0623 2548 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/07/04 01:54:49.0676 2548 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/04 01:54:49.0708 2548 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/04 01:54:49.0787 2548 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/07/04 01:54:49.0819 2548 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/04 01:54:49.0917 2548 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/07/04 01:54:50.0039 2548 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/04 01:54:50.0085 2548 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/04 01:54:50.0143 2548 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/04 01:54:50.0173 2548 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/04 01:54:50.0181 2548 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/04 01:54:50.0196 2548 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
2011/07/04 01:54:50.0217 2548 Boot (0x1200) (0e0546ba714f94b233220416230aaaae) \Device\Harddisk0\DR0\Partition0
2011/07/04 01:54:50.0230 2548 Boot (0x1200) (363c742ddd312c0fc44626e417def3ca) \Device\Harddisk1\DR1\Partition0
2011/07/04 01:54:50.0242 2548 ================================================================================
2011/07/04 01:54:50.0242 2548 Scan finished
2011/07/04 01:54:50.0242 2548 ================================================================================
2011/07/04 01:54:50.0257 4516 Detected object count: 2
2011/07/04 01:54:50.0257 4516 Actual detected object count: 2
2011/07/04 01:55:55.0012 4516 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/07/04 01:55:55.0063 4516 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/04 01:55:55.0064 4516 \Device\Harddisk0\DR0 - ok
2011/07/04 01:55:55.0112 4516 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/04 01:56:01.0365 3164 Deinitialize success
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that one is dead now - what are your current problems ?

Could you update and run Malwarebytes, posting the resultant log
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP