Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.BHO,Win32 Tracur.Q, .AC issues

Started by Shiftella , Sep 13 2011 01:00 PM

  • This topic is locked This topic is locked

#31
Shiftella
Posted 23 September 2011 - 12:20 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Still no changes to the internet. AVG free 2012 did pop up a warning twice now saying that IE is using a lot of memory and suggests shutting it down and reopening it and it shows 230 MB one time and the last time it showed 213 MB. I dont know if this matters but thought I should let you know.
  • 0

Advertisements

#32
Essexboy
Posted 23 September 2011 - 12:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Do you get the same slowdown with Firefox ?
  • 0

#33
Shiftella
Posted 23 September 2011 - 02:50 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I dont have firefox, I do have google chrome, should I be using that instead? Or would you suggest Firefox?
  • 0

#34
Essexboy
Posted 23 September 2011 - 02:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry I forgot it was chrome.... Does chrome have the slowdowns ?
  • 0

#35
Shiftella
Posted 23 September 2011 - 02:56 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Chrome does run slightly faster. Also last night microsoft security essentials popped up with Trojan downloader Win32/Tracur.AA, but it shows it was deleted and MBAM doesnt show any infections.
  • 0

#36
Essexboy
Posted 23 September 2011 - 03:01 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What was the location of this file i.e. c:\windows ....
  • 0

#37
Shiftella
Posted 23 September 2011 - 03:09 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
There were 2 of them in different locations

File:C:\System Volume Information\restore{5F447925-01F6-4AB7-A0DE-3144EA8ABC97}RP26\A0007635.dll
and
File:C:\Documents and Settings\Brandon Nealson\Application Data\Adobe\Adobe Update\Adobeupdt32.dll
  • 0

#38
Essexboy
Posted 23 September 2011 - 03:18 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One was in system restore and the other was in the Adobe folder. although combofix should have got that if it was present

Did you reset your restore points ?
  • 0

#39
Shiftella
Posted 23 September 2011 - 03:27 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I havent done anything with the restore points. The only thing I saw with restore points was while running those tools we ran previously would set restore points and such.
  • 0

#40
Essexboy
Posted 23 September 2011 - 03:31 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets run one quick check on your MBR again

Please read carefully and follow these steps.

  • DownloadTDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    Posted Image
  • If an infected file is detected, the default action will be Cure, click on Continue.

    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

Advertisements

#41
Shiftella
Posted 23 September 2011 - 03:47 PM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
14:38:44.0218 4088 TDSS rootkit removing tool 2.6.0.0 Sep 23 2011 07:42:37
14:38:44.0703 4088 ============================================================
14:38:44.0703 4088 Current date / time: 2011/09/23 14:38:44.0703
14:38:44.0703 4088 SystemInfo:
14:38:44.0703 4088
14:38:44.0703 4088 OS Version: 5.1.2600 ServicePack: 3.0
14:38:44.0703 4088 Product type: Workstation
14:38:44.0828 4088 ComputerName: BRANDON-B2B979A
14:38:44.0828 4088 UserName: Brandon Nealson
14:38:44.0828 4088 Windows directory: C:\WINDOWS
14:38:44.0828 4088 System windows directory: C:\WINDOWS
14:38:44.0828 4088 Processor architecture: Intel x86
14:38:44.0828 4088 Number of processors: 2
14:38:44.0828 4088 Page size: 0x1000
14:38:44.0828 4088 Boot type: Normal boot
14:38:44.0828 4088 ============================================================
14:38:47.0296 4088 Initialize success
14:39:01.0906 1868 ============================================================
14:39:01.0906 1868 Scan started
14:39:01.0906 1868 Mode: Manual;
14:39:01.0906 1868 ============================================================
14:39:02.0437 1868 Abiosdsk - ok
14:39:02.0453 1868 abp480n5 - ok
14:39:02.0484 1868 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:39:02.0500 1868 ACPI - ok
14:39:02.0531 1868 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:39:02.0531 1868 ACPIEC - ok
14:39:02.0546 1868 adpu160m - ok
14:39:02.0578 1868 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
14:39:02.0593 1868 aec - ok
14:39:02.0625 1868 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
14:39:02.0625 1868 AFD - ok
14:39:02.0640 1868 Aha154x - ok
14:39:02.0640 1868 aic78u2 - ok
14:39:02.0656 1868 aic78xx - ok
14:39:02.0656 1868 AliIde - ok
14:39:02.0656 1868 amsint - ok
14:39:02.0703 1868 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:39:02.0703 1868 Arp1394 - ok
14:39:02.0718 1868 asc - ok
14:39:02.0718 1868 asc3350p - ok
14:39:02.0718 1868 asc3550 - ok
14:39:02.0734 1868 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:39:02.0734 1868 AsyncMac - ok
14:39:02.0734 1868 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:39:02.0734 1868 atapi - ok
14:39:02.0750 1868 Atdisk - ok
14:39:02.0750 1868 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:39:02.0750 1868 Atmarpc - ok
14:39:02.0796 1868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:39:02.0796 1868 audstub - ok
14:39:02.0843 1868 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
14:39:02.0859 1868 AVGIDSDriver - ok
14:39:02.0875 1868 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
14:39:02.0875 1868 AVGIDSEH - ok
14:39:02.0890 1868 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
14:39:02.0890 1868 AVGIDSFilter - ok
14:39:02.0953 1868 AVGIDSShim (07eba0c11fa1d73b82ecc3255ddfe34d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
14:39:02.0953 1868 AVGIDSShim - ok
14:39:02.0953 1868 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
14:39:02.0953 1868 Avgldx86 - ok
14:39:02.0968 1868 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
14:39:02.0968 1868 Avgmfx86 - ok
14:39:02.0968 1868 Avgrkx86 (4def59ff7d09b9ce59739102b49fd526) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
14:39:02.0968 1868 Avgrkx86 - ok
14:39:03.0015 1868 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
14:39:03.0015 1868 Avgtdix - ok
14:39:03.0046 1868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:39:03.0046 1868 Beep - ok
14:39:03.0093 1868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:39:03.0093 1868 cbidf2k - ok
14:39:03.0093 1868 cd20xrnt - ok
14:39:03.0125 1868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:39:03.0125 1868 Cdaudio - ok
14:39:03.0140 1868 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
14:39:03.0140 1868 Cdfs - ok
14:39:03.0156 1868 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:39:03.0156 1868 Cdrom - ok
14:39:03.0156 1868 Changer - ok
14:39:03.0171 1868 CmdIde - ok
14:39:03.0171 1868 Cpqarray - ok
14:39:03.0187 1868 dac2w2k - ok
14:39:03.0187 1868 dac960nt - ok
14:39:03.0187 1868 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
14:39:03.0203 1868 Disk - ok
14:39:03.0250 1868 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
14:39:03.0265 1868 dmboot - ok
14:39:03.0281 1868 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
14:39:03.0296 1868 dmio - ok
14:39:03.0312 1868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:39:03.0312 1868 dmload - ok
14:39:03.0312 1868 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
14:39:03.0312 1868 DMusic - ok
14:39:03.0328 1868 dpti2o - ok
14:39:03.0328 1868 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
14:39:03.0328 1868 drmkaud - ok
14:39:03.0359 1868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
14:39:03.0359 1868 Fastfat - ok
14:39:03.0375 1868 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
14:39:03.0390 1868 Fdc - ok
14:39:03.0390 1868 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
14:39:03.0390 1868 Fips - ok
14:39:03.0390 1868 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
14:39:03.0390 1868 Flpydisk - ok
14:39:03.0406 1868 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:39:03.0421 1868 FltMgr - ok
14:39:03.0421 1868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:39:03.0421 1868 Fs_Rec - ok
14:39:03.0437 1868 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:39:03.0453 1868 Ftdisk - ok
14:39:03.0453 1868 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:39:03.0453 1868 Gpc - ok
14:39:03.0468 1868 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:39:03.0468 1868 HDAudBus - ok
14:39:03.0500 1868 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:39:03.0500 1868 HidUsb - ok
14:39:03.0515 1868 hpn - ok
14:39:03.0531 1868 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:39:03.0531 1868 HPZid412 - ok
14:39:03.0546 1868 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:39:03.0546 1868 HPZipr12 - ok
14:39:03.0562 1868 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:39:03.0562 1868 HPZius12 - ok
14:39:03.0609 1868 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
14:39:03.0609 1868 HTTP - ok
14:39:03.0609 1868 i2omgmt - ok
14:39:03.0625 1868 i2omp - ok
14:39:03.0656 1868 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:39:03.0656 1868 i8042prt - ok
14:39:03.0671 1868 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:39:03.0671 1868 Imapi - ok
14:39:03.0687 1868 ini910u - ok
14:39:03.0796 1868 IntcAzAudAddService (f7f3328544e1ac2e97caea9b39d9b9de) C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:39:03.0890 1868 IntcAzAudAddService - ok
14:39:03.0890 1868 IntelIde - ok
14:39:03.0921 1868 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:39:03.0921 1868 intelppm - ok
14:39:03.0937 1868 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:39:03.0937 1868 Ip6Fw - ok
14:39:03.0968 1868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:39:03.0968 1868 IpFilterDriver - ok
14:39:03.0984 1868 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:39:03.0984 1868 IpInIp - ok
14:39:04.0000 1868 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:39:04.0000 1868 IpNat - ok
14:39:04.0015 1868 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:39:04.0015 1868 IPSec - ok
14:39:04.0062 1868 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:39:04.0062 1868 IRENUM - ok
14:39:04.0078 1868 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:39:04.0078 1868 isapnp - ok
14:39:04.0093 1868 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:39:04.0093 1868 Kbdclass - ok
14:39:04.0125 1868 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
14:39:04.0125 1868 kmixer - ok
14:39:04.0156 1868 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
14:39:04.0171 1868 KSecDD - ok
14:39:04.0187 1868 lbrtfdc - ok
14:39:04.0218 1868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:39:04.0218 1868 mnmdd - ok
14:39:04.0218 1868 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
14:39:04.0234 1868 Modem - ok
14:39:04.0250 1868 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:39:04.0250 1868 Mouclass - ok
14:39:04.0265 1868 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:39:04.0265 1868 mouhid - ok
14:39:04.0281 1868 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
14:39:04.0281 1868 MountMgr - ok
14:39:04.0296 1868 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
14:39:04.0296 1868 MpFilter - ok
14:39:04.0406 1868 MpKsl1a13ad02 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7D082443-3717-432D-8CBE-1B96693533C6}\MpKsl1a13ad02.sys
14:39:04.0406 1868 MpKsl1a13ad02 - ok
14:39:04.0421 1868 MpKsl74454ae0 - ok
14:39:04.0421 1868 MpKslacc1b2ea - ok
14:39:04.0421 1868 mraid35x - ok
14:39:04.0437 1868 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:39:04.0437 1868 MRxDAV - ok
14:39:04.0484 1868 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:39:04.0484 1868 MRxSmb - ok
14:39:04.0484 1868 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
14:39:04.0484 1868 Msfs - ok
14:39:04.0531 1868 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:39:04.0531 1868 MSKSSRV - ok
14:39:04.0546 1868 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:39:04.0546 1868 MSPCLOCK - ok
14:39:04.0546 1868 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
14:39:04.0546 1868 MSPQM - ok
14:39:04.0578 1868 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:39:04.0578 1868 mssmbios - ok
14:39:04.0593 1868 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
14:39:04.0593 1868 Mup - ok
14:39:04.0625 1868 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
14:39:04.0625 1868 NDIS - ok
14:39:04.0671 1868 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:39:04.0671 1868 NdisTapi - ok
14:39:04.0718 1868 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:39:04.0718 1868 Ndisuio - ok
14:39:04.0718 1868 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:39:04.0718 1868 NdisWan - ok
14:39:04.0750 1868 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
14:39:04.0750 1868 NDProxy - ok
14:39:04.0750 1868 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:39:04.0750 1868 NetBIOS - ok
14:39:04.0781 1868 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:39:04.0781 1868 NetBT - ok
14:39:04.0812 1868 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:39:04.0812 1868 NIC1394 - ok
14:39:04.0828 1868 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
14:39:04.0828 1868 Npfs - ok
14:39:04.0859 1868 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
14:39:04.0859 1868 Ntfs - ok
14:39:04.0890 1868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:39:04.0890 1868 Null - ok
14:39:05.0203 1868 nv (6733e80a193fc36f41c24142b0c45c0e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:39:06.0437 1868 nv - ok
14:39:06.0484 1868 NVENETFD (d314fe034d68c09d412727886e24f5fb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
14:39:06.0484 1868 NVENETFD - ok
14:39:06.0500 1868 nvnetbus (f99fbb623ed78367574ee461b5b32c2c) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
14:39:06.0500 1868 nvnetbus - ok
14:39:06.0531 1868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:39:06.0531 1868 NwlnkFlt - ok
14:39:06.0546 1868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:39:06.0546 1868 NwlnkFwd - ok
14:39:06.0593 1868 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:39:06.0593 1868 ohci1394 - ok
14:39:06.0640 1868 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
14:39:06.0640 1868 Parport - ok
14:39:06.0656 1868 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
14:39:06.0656 1868 PartMgr - ok
14:39:06.0687 1868 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:39:06.0687 1868 ParVdm - ok
14:39:06.0703 1868 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
14:39:06.0703 1868 PCI - ok
14:39:06.0703 1868 PciCon - ok
14:39:06.0703 1868 PCIDump - ok
14:39:06.0734 1868 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:39:06.0734 1868 PCIIde - ok
14:39:06.0750 1868 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:39:06.0750 1868 Pcmcia - ok
14:39:06.0750 1868 PDCOMP - ok
14:39:06.0765 1868 PDFRAME - ok
14:39:06.0765 1868 PDRELI - ok
14:39:06.0765 1868 PDRFRAME - ok
14:39:06.0781 1868 perc2 - ok
14:39:06.0781 1868 perc2hib - ok
14:39:06.0812 1868 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:39:06.0812 1868 PptpMiniport - ok
14:39:06.0828 1868 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
14:39:06.0828 1868 PSched - ok
14:39:06.0843 1868 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
14:39:06.0843 1868 PSI - ok
14:39:06.0859 1868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:39:06.0859 1868 Ptilink - ok
14:39:06.0859 1868 ql1080 - ok
14:39:06.0875 1868 Ql10wnt - ok
14:39:06.0875 1868 ql12160 - ok
14:39:06.0875 1868 ql1240 - ok
14:39:06.0890 1868 ql1280 - ok
14:39:06.0906 1868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:39:06.0906 1868 RasAcd - ok
14:39:06.0921 1868 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:39:06.0921 1868 Rasl2tp - ok
14:39:06.0937 1868 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:39:06.0937 1868 RasPppoe - ok
14:39:06.0937 1868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:39:06.0937 1868 Raspti - ok
14:39:06.0953 1868 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:39:06.0953 1868 Rdbss - ok
14:39:06.0968 1868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:39:06.0968 1868 RDPCDD - ok
14:39:07.0015 1868 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
14:39:07.0015 1868 RDPWD - ok
14:39:07.0062 1868 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:39:07.0062 1868 redbook - ok
14:39:07.0109 1868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:39:07.0109 1868 Secdrv - ok
14:39:07.0125 1868 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:39:07.0125 1868 serenum - ok
14:39:07.0140 1868 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
14:39:07.0140 1868 Serial - ok
14:39:07.0156 1868 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:39:07.0156 1868 Sfloppy - ok
14:39:07.0171 1868 Simbad - ok
14:39:07.0203 1868 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
14:39:07.0203 1868 SONYPVU1 - ok
14:39:07.0218 1868 Sparrow - ok
14:39:07.0250 1868 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
14:39:07.0250 1868 splitter - ok
14:39:07.0296 1868 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
14:39:07.0296 1868 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
14:39:07.0296 1868 sptd ( LockedFile.Multi.Generic ) - warning
14:39:07.0296 1868 sptd - detected LockedFile.Multi.Generic (1)
14:39:07.0328 1868 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
14:39:07.0328 1868 sr - ok
14:39:07.0343 1868 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
14:39:07.0359 1868 Srv - ok
14:39:07.0359 1868 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:39:07.0359 1868 swenum - ok
14:39:07.0375 1868 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
14:39:07.0375 1868 swmidi - ok
14:39:07.0375 1868 symc810 - ok
14:39:07.0390 1868 symc8xx - ok
14:39:07.0390 1868 sym_hi - ok
14:39:07.0390 1868 sym_u3 - ok
14:39:07.0421 1868 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
14:39:07.0421 1868 sysaudio - ok
14:39:07.0437 1868 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:39:07.0437 1868 Tcpip - ok
14:39:07.0468 1868 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:39:07.0484 1868 TDPIPE - ok
14:39:07.0500 1868 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
14:39:07.0500 1868 TDTCP - ok
14:39:07.0500 1868 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:39:07.0500 1868 TermDD - ok
14:39:07.0515 1868 TosIde - ok
14:39:07.0546 1868 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
14:39:07.0546 1868 Udfs - ok
14:39:07.0546 1868 ultra - ok
14:39:07.0562 1868 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
14:39:07.0562 1868 Update - ok
14:39:07.0593 1868 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:39:07.0593 1868 usbccgp - ok
14:39:07.0609 1868 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:39:07.0609 1868 usbehci - ok
14:39:07.0625 1868 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:39:07.0625 1868 usbhub - ok
14:39:07.0625 1868 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:39:07.0625 1868 usbohci - ok
14:39:07.0656 1868 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:39:07.0656 1868 usbprint - ok
14:39:07.0671 1868 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:39:07.0671 1868 usbscan - ok
14:39:07.0703 1868 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:39:07.0703 1868 usbstor - ok
14:39:07.0718 1868 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
14:39:07.0718 1868 VgaSave - ok
14:39:07.0718 1868 ViaIde - ok
14:39:07.0750 1868 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
14:39:07.0750 1868 VolSnap - ok
14:39:07.0796 1868 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:39:07.0796 1868 Wanarp - ok
14:39:07.0796 1868 WDICA - ok
14:39:07.0812 1868 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
14:39:07.0812 1868 wdmaud - ok
14:39:07.0859 1868 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:39:07.0859 1868 WS2IFSL - ok
14:39:07.0890 1868 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:39:07.0937 1868 WudfPf - ok
14:39:07.0953 1868 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:39:08.0000 1868 WudfRd - ok
14:39:08.0015 1868 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
14:39:08.0015 1868 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - infected
14:39:08.0015 1868 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
14:39:08.0015 1868 Boot (0x1200) (d749cfccbb9ef281cf6053720485452a) \Device\Harddisk0\DR0\Partition0
14:39:08.0015 1868 \Device\Harddisk0\DR0\Partition0 - ok
14:39:08.0015 1868 ============================================================
14:39:08.0015 1868 Scan finished
14:39:08.0015 1868 ============================================================
14:39:08.0015 2932 Detected object count: 2
14:39:08.0015 2932 Actual detected object count: 2
14:39:50.0906 2932 sptd ( LockedFile.Multi.Generic ) - skipped by user
14:39:50.0906 2932 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
14:39:50.0937 2932 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - will be cured on reboot
14:39:50.0937 2932 \Device\Harddisk0\DR0 - ok
14:39:50.0937 2932 \Device\Harddisk0\DR0 ( Rootkit.Win32.TDSS.tdl4 ) - User select action: Cure
14:39:56.0406 1444 Deinitialize success
  • 0

#42
Essexboy
Posted 24 September 2011 - 04:18 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I stand corrected that was definitely a hidden infection that none of my other tools even hinted at

Has that improved it now ?
  • 0

#43
Shiftella
Posted 24 September 2011 - 11:34 AM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
it has improved slightly with a few hang ups here and there but overall a lot better.
  • 0

#44
Essexboy
Posted 24 September 2011 - 11:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Delete TDSSKiller now form the desktop

Run it for a bit and let me know how it is performing
  • 0

#45
Shiftella
Posted 24 September 2011 - 11:56 AM

Shiftella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Will do thank you very much.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP