Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus hiding all my .exe files for my Anti-virus software

Started by frogmusic , Oct 07 2011 02:16 PM

  • This topic is locked This topic is locked

#61
frogmusic
Posted 18 October 2011 - 12:05 PM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Goodmorning, here is the TDSS log:

11:02:23.0750 0688 TDSS rootkit removing tool 2.6.10.0 Oct 17 2011 15:43:23
11:02:24.0140 0688 ============================================================
11:02:24.0140 0688 Current date / time: 2011/10/18 11:02:24.0140
11:02:24.0140 0688 SystemInfo:
11:02:24.0140 0688
11:02:24.0140 0688 OS Version: 5.1.2600 ServicePack: 3.0
11:02:24.0140 0688 Product type: Workstation
11:02:24.0140 0688 ComputerName: SEANS_COMPUTER
11:02:24.0140 0688 UserName: Owner
11:02:24.0140 0688 Windows directory: C:\WINDOWS
11:02:24.0140 0688 System windows directory: C:\WINDOWS
11:02:24.0140 0688 Processor architecture: Intel x86
11:02:24.0140 0688 Number of processors: 2
11:02:24.0140 0688 Page size: 0x1000
11:02:24.0140 0688 Boot type: Normal boot
11:02:24.0140 0688 ============================================================
11:02:24.0781 0688 Initialize success
11:02:31.0718 4316 ============================================================
11:02:31.0718 4316 Scan started
11:02:31.0718 4316 Mode: Manual; SigCheck; TDLFS;
11:02:31.0718 4316 ============================================================
11:02:31.0890 4316 .redbook - ok
11:02:32.0015 4316 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
11:02:32.0828 4316 61883 - ok
11:02:32.0890 4316 Abiosdsk - ok
11:02:32.0921 4316 abp480n5 - ok
11:02:32.0968 4316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:02:33.0062 4316 ACPI - ok
11:02:33.0125 4316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
11:02:33.0218 4316 ACPIEC - ok
11:02:33.0250 4316 adpu160m - ok
11:02:33.0296 4316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
11:02:33.0390 4316 aec - ok
11:02:33.0468 4316 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
11:02:33.0500 4316 Afc ( UnsignedFile.Multi.Generic ) - warning
11:02:33.0500 4316 Afc - detected UnsignedFile.Multi.Generic (1)
11:02:33.0546 4316 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
11:02:33.0609 4316 AFD - ok
11:02:33.0625 4316 Aha154x - ok
11:02:33.0640 4316 aic78u2 - ok
11:02:33.0640 4316 aic78xx - ok
11:02:33.0671 4316 AliIde - ok
11:02:33.0687 4316 amsint - ok
11:02:33.0750 4316 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:02:33.0875 4316 Arp1394 - ok
11:02:33.0890 4316 asc - ok
11:02:33.0921 4316 asc3350p - ok
11:02:33.0953 4316 asc3550 - ok
11:02:33.0968 4316 asusgsb - ok
11:02:34.0015 4316 ASUSVRC (94442e3029ff6c9f08140fe6718af4fb) C:\WINDOWS\system32\DRIVERS\AsusVRC.sys
11:02:34.0062 4316 ASUSVRC ( UnsignedFile.Multi.Generic ) - warning
11:02:34.0062 4316 ASUSVRC - detected UnsignedFile.Multi.Generic (1)
11:02:34.0109 4316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:02:34.0203 4316 AsyncMac - ok
11:02:34.0250 4316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
11:02:34.0359 4316 atapi - ok
11:02:34.0421 4316 AtcL001 (f732284e3ca19b38239853e2711041d4) C:\WINDOWS\system32\DRIVERS\l151x86.sys
11:02:34.0468 4316 AtcL001 - ok
11:02:34.0500 4316 Atdisk - ok
11:02:34.0578 4316 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
11:02:34.0640 4316 atksgt - ok
11:02:34.0687 4316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:02:34.0796 4316 Atmarpc - ok
11:02:34.0859 4316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
11:02:34.0953 4316 audstub - ok
11:02:35.0015 4316 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
11:02:35.0125 4316 Avc - ok
11:02:35.0203 4316 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS
11:02:35.0250 4316 BCM42RLY ( UnsignedFile.Multi.Generic ) - warning
11:02:35.0250 4316 BCM42RLY - detected UnsignedFile.Multi.Generic (1)
11:02:35.0281 4316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
11:02:35.0406 4316 Beep - ok
11:02:35.0484 4316 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys
11:02:35.0562 4316 CamDrL - ok
11:02:35.0562 4316 catchme - ok
11:02:35.0625 4316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
11:02:35.0734 4316 cbidf2k - ok
11:02:35.0781 4316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:02:35.0859 4316 CCDECODE - ok
11:02:35.0937 4316 cd20xrnt - ok
11:02:35.0968 4316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
11:02:36.0078 4316 Cdaudio - ok
11:02:36.0156 4316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
11:02:36.0250 4316 Cdfs - ok
11:02:36.0281 4316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:02:36.0375 4316 Cdrom - ok
11:02:36.0390 4316 Changer - ok
11:02:36.0421 4316 CmdIde - ok
11:02:36.0437 4316 Cpqarray - ok
11:02:36.0468 4316 dac2w2k - ok
11:02:36.0484 4316 dac960nt - ok
11:02:36.0531 4316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
11:02:36.0625 4316 Disk - ok
11:02:36.0687 4316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
11:02:36.0828 4316 dmboot - ok
11:02:36.0890 4316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
11:02:37.0000 4316 dmio - ok
11:02:37.0046 4316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
11:02:37.0140 4316 dmload - ok
11:02:37.0234 4316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
11:02:37.0328 4316 DMusic - ok
11:02:37.0375 4316 dpti2o - ok
11:02:37.0437 4316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
11:02:37.0515 4316 drmkaud - ok
11:02:37.0546 4316 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
11:02:37.0593 4316 EIO ( UnsignedFile.Multi.Generic ) - warning
11:02:37.0593 4316 EIO - detected UnsignedFile.Multi.Generic (1)
11:02:37.0656 4316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
11:02:37.0750 4316 Fastfat - ok
11:02:37.0796 4316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
11:02:37.0890 4316 Fdc - ok
11:02:37.0968 4316 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
11:02:37.0984 4316 FilterService - ok
11:02:38.0015 4316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
11:02:38.0109 4316 Fips - ok
11:02:38.0156 4316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:02:38.0250 4316 Flpydisk - ok
11:02:38.0312 4316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
11:02:38.0406 4316 FltMgr - ok
11:02:38.0437 4316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:02:38.0515 4316 Fs_Rec - ok
11:02:38.0593 4316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:02:38.0687 4316 Ftdisk - ok
11:02:38.0734 4316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:02:38.0828 4316 Gpc - ok
11:02:38.0921 4316 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:02:39.0015 4316 HDAudBus - ok
11:02:39.0093 4316 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:02:39.0171 4316 hidusb - ok
11:02:39.0187 4316 hpn - ok
11:02:39.0234 4316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
11:02:39.0296 4316 HTTP - ok
11:02:39.0296 4316 i2omgmt - ok
11:02:39.0312 4316 i2omp - ok
11:02:39.0359 4316 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:02:39.0453 4316 i8042prt - ok
11:02:39.0500 4316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
11:02:39.0593 4316 Imapi - ok
11:02:39.0640 4316 ini910u - ok
11:02:39.0765 4316 IntcAzAudAddService (cbddab14249b2f05407fc09ab8fffb88) C:\WINDOWS\system32\drivers\RtkHDAud.sys
11:02:40.0046 4316 IntcAzAudAddService - ok
11:02:40.0125 4316 IntelIde - ok
11:02:40.0171 4316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:02:40.0250 4316 intelppm - ok
11:02:40.0265 4316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
11:02:40.0375 4316 Ip6Fw - ok
11:02:40.0437 4316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:02:40.0515 4316 IpFilterDriver - ok
11:02:40.0578 4316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:02:40.0671 4316 IpInIp - ok
11:02:40.0750 4316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:02:40.0843 4316 IpNat - ok
11:02:40.0890 4316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:02:40.0984 4316 IPSec - ok
11:02:41.0031 4316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
11:02:41.0125 4316 IRENUM - ok
11:02:41.0156 4316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:02:41.0234 4316 isapnp - ok
11:02:41.0312 4316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:02:41.0406 4316 Kbdclass - ok
11:02:41.0453 4316 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:02:41.0531 4316 kbdhid - ok
11:02:41.0593 4316 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
11:02:41.0781 4316 klmd23 - ok
11:02:41.0875 4316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
11:02:41.0968 4316 kmixer - ok
11:02:42.0062 4316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
11:02:42.0125 4316 KSecDD - ok
11:02:42.0156 4316 lbrtfdc - ok
11:02:42.0203 4316 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
11:02:42.0218 4316 lirsgt - ok
11:02:42.0265 4316 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
11:02:42.0312 4316 LVPr2Mon - ok
11:02:42.0375 4316 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
11:02:42.0390 4316 LVRS - ok
11:02:42.0421 4316 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
11:02:42.0437 4316 LVUSBSta - ok
11:02:42.0609 4316 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
11:02:42.0906 4316 LVUVC - ok
11:02:42.0953 4316 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
11:02:42.0984 4316 MCSTRM ( UnsignedFile.Multi.Generic ) - warning
11:02:42.0984 4316 MCSTRM - detected UnsignedFile.Multi.Generic (1)
11:02:43.0015 4316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
11:02:43.0109 4316 mnmdd - ok
11:02:43.0125 4316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
11:02:43.0218 4316 Modem - ok
11:02:43.0250 4316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:02:43.0343 4316 Mouclass - ok
11:02:43.0390 4316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:02:43.0468 4316 mouhid - ok
11:02:43.0546 4316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
11:02:43.0640 4316 MountMgr - ok
11:02:43.0703 4316 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
11:02:43.0734 4316 MpFilter - ok
11:02:43.0875 4316 MpKslf4539bb6 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DEEB9A8D-729B-426C-B03E-947A1B298769}\MpKslf4539bb6.sys
11:02:43.0890 4316 MpKslf4539bb6 - ok
11:02:43.0921 4316 mraid35x - ok
11:02:43.0984 4316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:02:44.0093 4316 MRxDAV - ok
11:02:44.0187 4316 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:02:44.0234 4316 MRxSmb - ok
11:02:44.0296 4316 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
11:02:44.0390 4316 MSDV - ok
11:02:44.0453 4316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
11:02:44.0531 4316 Msfs - ok
11:02:44.0625 4316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:02:44.0703 4316 MSKSSRV - ok
11:02:44.0796 4316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:02:44.0875 4316 MSPCLOCK - ok
11:02:44.0937 4316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
11:02:45.0031 4316 MSPQM - ok
11:02:45.0093 4316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:02:45.0171 4316 mssmbios - ok
11:02:45.0234 4316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
11:02:45.0312 4316 MSTEE - ok
11:02:45.0390 4316 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
11:02:45.0421 4316 MTsensor - ok
11:02:45.0500 4316 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
11:02:45.0546 4316 Mup - ok
11:02:45.0593 4316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:02:45.0687 4316 NABTSFEC - ok
11:02:45.0734 4316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
11:02:45.0843 4316 NDIS - ok
11:02:45.0953 4316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:02:46.0046 4316 NdisIP - ok
11:02:46.0062 4316 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:02:46.0109 4316 NdisTapi - ok
11:02:46.0125 4316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:02:46.0218 4316 Ndisuio - ok
11:02:46.0234 4316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:02:46.0343 4316 NdisWan - ok
11:02:46.0406 4316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
11:02:46.0453 4316 NDProxy - ok
11:02:46.0500 4316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
11:02:46.0593 4316 NetBIOS - ok
11:02:46.0640 4316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
11:02:46.0750 4316 NetBT - ok
11:02:46.0859 4316 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:02:46.0953 4316 NIC1394 - ok
11:02:47.0000 4316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
11:02:47.0078 4316 Npfs - ok
11:02:47.0125 4316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
11:02:47.0218 4316 Ntfs - ok
11:02:47.0296 4316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
11:02:47.0375 4316 Null - ok
11:02:47.0562 4316 nv (b488eda5f3e9f8467fe999b00ccb146d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:02:47.0968 4316 nv ( UnsignedFile.Multi.Generic ) - warning
11:02:47.0968 4316 nv - detected UnsignedFile.Multi.Generic (1)
11:02:48.0062 4316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:02:48.0156 4316 NwlnkFlt - ok
11:02:48.0250 4316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:02:48.0343 4316 NwlnkFwd - ok
11:02:48.0437 4316 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:02:48.0515 4316 ohci1394 - ok
11:02:48.0593 4316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
11:02:48.0687 4316 Parport - ok
11:02:48.0750 4316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
11:02:48.0843 4316 PartMgr - ok
11:02:48.0890 4316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
11:02:48.0984 4316 ParVdm - ok
11:02:49.0125 4316 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
11:02:49.0187 4316 PCI - ok
11:02:49.0218 4316 PCIDump - ok
11:02:49.0265 4316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
11:02:49.0343 4316 PCIIde - ok
11:02:49.0421 4316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
11:02:49.0515 4316 Pcmcia - ok
11:02:49.0578 4316 PDCOMP - ok
11:02:49.0625 4316 PDFRAME - ok
11:02:49.0640 4316 PDRELI - ok
11:02:49.0671 4316 PDRFRAME - ok
11:02:49.0703 4316 perc2 - ok
11:02:49.0750 4316 perc2hib - ok
11:02:49.0812 4316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:02:49.0921 4316 PptpMiniport - ok
11:02:50.0031 4316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
11:02:50.0125 4316 PSched - ok
11:02:50.0140 4316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:02:50.0234 4316 Ptilink - ok
11:02:50.0343 4316 pxkbf (0c738845c7c12c45f05b127edff2cc87) C:\WINDOWS\system32\drivers\pxkbf.sys
11:02:50.0375 4316 pxkbf - ok
11:02:50.0406 4316 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys
11:02:50.0453 4316 pxrts - ok
11:02:50.0484 4316 pxscan (e6e1f9f717feab3e16c3b160b17e6855) C:\WINDOWS\system32\drivers\pxscan.sys
11:02:50.0500 4316 pxscan - ok
11:02:50.0531 4316 ql1080 - ok
11:02:50.0531 4316 Ql10wnt - ok
11:02:50.0578 4316 ql12160 - ok
11:02:50.0578 4316 ql1240 - ok
11:02:50.0593 4316 ql1280 - ok
11:02:50.0656 4316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:02:50.0765 4316 RasAcd - ok
11:02:50.0828 4316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:02:50.0906 4316 Rasl2tp - ok
11:02:50.0953 4316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:02:51.0046 4316 RasPppoe - ok
11:02:51.0078 4316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
11:02:51.0156 4316 Raspti - ok
11:02:51.0234 4316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:02:51.0312 4316 Rdbss - ok
11:02:51.0375 4316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:02:51.0453 4316 RDPCDD - ok
11:02:51.0531 4316 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
11:02:51.0578 4316 RDPWD - ok
11:02:51.0687 4316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
11:02:51.0796 4316 redbook - ok
11:02:51.0859 4316 RT73 (cb20f16afdba63707fb971e0922edec1) C:\WINDOWS\system32\DRIVERS\rt73.sys
11:02:51.0937 4316 RT73 ( UnsignedFile.Multi.Generic ) - warning
11:02:51.0937 4316 RT73 - detected UnsignedFile.Multi.Generic (1)
11:02:52.0000 4316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:02:52.0093 4316 Secdrv - ok
11:02:52.0125 4316 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
11:02:52.0203 4316 serenum - ok
11:02:52.0296 4316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
11:02:52.0390 4316 Serial - ok
11:02:52.0500 4316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
11:02:52.0578 4316 Sfloppy - ok
11:02:52.0625 4316 Simbad - ok
11:02:52.0703 4316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:02:52.0796 4316 SLIP - ok
11:02:52.0843 4316 Sparrow - ok
11:02:52.0906 4316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
11:02:53.0000 4316 splitter - ok
11:02:53.0062 4316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
11:02:53.0156 4316 sr - ok
11:02:53.0250 4316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
11:02:53.0296 4316 Srv - ok
11:02:53.0343 4316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:02:53.0421 4316 streamip - ok
11:02:53.0453 4316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
11:02:53.0531 4316 swenum - ok
11:02:53.0625 4316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
11:02:53.0718 4316 swmidi - ok
11:02:53.0750 4316 symc810 - ok
11:02:53.0796 4316 symc8xx - ok
11:02:53.0812 4316 sym_hi - ok
11:02:53.0828 4316 sym_u3 - ok
11:02:53.0859 4316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
11:02:53.0953 4316 sysaudio - ok
11:02:54.0031 4316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:02:54.0296 4316 Tcpip - ok
11:02:54.0437 4316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
11:02:54.0531 4316 TDPIPE - ok
11:02:54.0609 4316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
11:02:54.0703 4316 TDTCP - ok
11:02:54.0750 4316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
11:02:54.0843 4316 TermDD - ok
11:02:54.0890 4316 TosIde - ok
11:02:54.0953 4316 TrueSight (4bfab463e1d1f20dfa83a04a9698934d) c:\windows\system32\drivers\TrueSight.sys
11:02:55.0031 4316 TrueSight ( UnsignedFile.Multi.Generic ) - warning
11:02:55.0031 4316 TrueSight - detected UnsignedFile.Multi.Generic (1)
11:02:55.0125 4316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
11:02:55.0234 4316 Udfs - ok
11:02:55.0234 4316 ultra - ok
11:02:55.0312 4316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
11:02:55.0406 4316 Update - ok
11:02:55.0484 4316 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
11:02:55.0578 4316 usbaudio - ok
11:02:55.0640 4316 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:02:55.0734 4316 usbccgp - ok
11:02:55.0812 4316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:02:55.0890 4316 usbehci - ok
11:02:55.0953 4316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:02:56.0046 4316 usbhub - ok
11:02:56.0078 4316 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:02:56.0171 4316 usbprint - ok
11:02:56.0218 4316 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:02:56.0296 4316 usbscan - ok
11:02:56.0406 4316 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:02:56.0484 4316 USBSTOR - ok
11:02:56.0546 4316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:02:56.0625 4316 usbuhci - ok
11:02:56.0703 4316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
11:02:56.0781 4316 VgaSave - ok
11:02:56.0843 4316 ViaIde - ok
11:02:56.0875 4316 Video3D - ok
11:02:56.0937 4316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
11:02:57.0015 4316 VolSnap - ok
11:02:57.0062 4316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:02:57.0156 4316 Wanarp - ok
11:02:57.0187 4316 WDICA - ok
11:02:57.0203 4316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
11:02:57.0312 4316 wdmaud - ok
11:02:57.0437 4316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:02:57.0656 4316 WpdUsb - ok
11:02:57.0703 4316 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:02:57.0796 4316 WSTCODEC - ok
11:02:57.0859 4316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:02:57.0921 4316 WudfPf - ok
11:02:58.0015 4316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:02:58.0062 4316 WudfRd - ok
11:02:58.0078 4316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
11:02:58.0171 4316 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:02:58.0171 4316 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:02:58.0171 4316 Boot (0x1200) (3182683fadcc1894a1049495efce6d58) \Device\Harddisk0\DR0\Partition0
11:02:58.0171 4316 \Device\Harddisk0\DR0\Partition0 - ok
11:02:58.0171 4316 ============================================================
11:02:58.0171 4316 Scan finished
11:02:58.0171 4316 ============================================================
11:02:58.0281 5864 Detected object count: 9
11:02:58.0281 5864 Actual detected object count: 9
11:03:17.0046 5864 Afc ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 Afc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 ASUSVRC ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 ASUSVRC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 BCM42RLY ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 BCM42RLY ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 EIO ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 EIO ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 MCSTRM ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 MCSTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 nv ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 nv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 RT73 ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 TrueSight ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:17.0046 5864 TrueSight ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:17.0046 5864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:03:17.0046 5864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:03:21.0093 5132 Deinitialize success
  • 0

Advertisements

#62
SweetTech
Posted 18 October 2011 - 01:07 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

This is really interesting. It is still showing the TDSS infection.

Please run this tool for me:

Scanning with DDS

Posted Image
Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.
-----------------------------------------------------

Please include the following logs in your thread:
  • Post the contents of the DDS.txt & Attach.txt reports in your next reply.

  • 0

#63
frogmusic
Posted 18 October 2011 - 01:18 PM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
First log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.0.0
Run by Owner at 12:16:36 on 2011-10-18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.851 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\psp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mWindow Title = Windows Internet Explorer provided by Comcast
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn6\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} - hxxp://download-games.pogo.com/online2/pogo/diner_dash_2/DinerDash2.1.0.0.53.cab
DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{63F0E5D5-C6A8-48D4-94CB-7D237A1A4AF1} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{63F0E5D5-C6A8-48D4-94CB-7D237A1A4AF1} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8B0CA4F9-2D6D-4F3A-A22C-EBF91F74ADC9} : NameServer = 208.67.222.222,208.67.220.220
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\wkf561ek.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc7052d&v=6.103.018.001&i=29&tp=ab&iy=b&ychte=us&lng=en-US&q=
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2011-10-7 32008]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKslf4539bb6;MpKslf4539bb6;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\MpKslf4539bb6.sys [2011-10-17 28752]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-10-7 76696]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-2-24 37376]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-10-7 26096]
S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2011-10-7 6416120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 klmd23;klmd23;c:\windows\system32\drivers\klmd.sys [2011-10-7 52432]
S3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-10-7 111744]
.
=============== Created Last 30 ================
.
2011-10-18 00:27:58 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\MpKslf4539bb6.sys
2011-10-18 00:18:38 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\MpKsl1a365b6a.sys
2011-10-18 00:18:36 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\offreg.dll
2011-10-18 00:08:48 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\MpKsl2fbf9c23.sys
2011-10-18 00:07:20 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\MpKsle5d9247c.sys
2011-10-17 18:31:33 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{deeb9a8d-729b-426c-b03e-947a1b298769}\mpengine.dll
2011-10-13 08:44:25 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2011-10-11 22:13:58 7269712 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-11 21:57:02 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-11 21:14:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 18:02:48 -------- d-----w- C:\_OTL
2011-10-10 21:49:06 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-10 21:46:18 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-10 18:45:12 -------- d-----w- c:\program files\ESET
2011-10-10 17:00:17 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-08 16:20:19 -------- d-sha-r- C:\cmdcons
2011-10-08 16:18:48 98816 ----a-w- c:\windows\sed.exe
2011-10-08 16:18:48 518144 ----a-w- c:\windows\SWREG.exe
2011-10-08 16:18:48 256000 ----a-w- c:\windows\PEV.exe
2011-10-08 16:18:48 208896 ----a-w- c:\windows\MBR.exe
2011-10-08 16:02:20 -------- d-----w- C:\$AVG
2011-10-08 15:57:18 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-10-08 15:56:56 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-10-08 01:35:06 111744 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-10-08 01:31:08 -------- d-----w- C:\TDSSKiller_Quarantine
2011-10-08 00:39:59 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-10-08 00:39:59 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-10-08 00:39:59 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-10-08 00:39:58 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-10-08 00:39:58 -------- d-----w- c:\program files\Prevx
2011-10-08 00:39:54 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
2011-10-08 00:33:32 -------- d-----w- c:\program files\common files\iS3
2011-10-08 00:33:31 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-10-07 19:57:07 52432 ----a-w- c:\windows\system32\drivers\klmd.sys
2011-10-07 19:46:54 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-10-11 21:56:49 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-10 16:52:55 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-10-10 16:20:10 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-08 05:31:47 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-07 01:10:41 138520 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-09-07 01:02:43 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-07 01:02:43 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-01 00:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 12:17:18.89 ===============
  • 0

#64
frogmusic
Posted 18 October 2011 - 01:19 PM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Second log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2002 1:39:49 AM
System Uptime: 10/18/2011 3:42:57 AM (9 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5KC
Processor: Intel® Core™2 Duo CPU E6750 @ 2.66GHz | LGA775 | 2671/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 99.397 GiB free.
D: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1400782C&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1400782C&0
Service: i8042prt
.
Class GUID: {5458011F-08D4-4605-93A2-F03E61BEDBA3}
Description: Enhanced Display Driver Helper Service
Device ID: ROOT\ASUSOTHERDEVICES\0000
Manufacturer: ASUSTeK
Name: Enhanced Display Driver Helper Service
PNP Device ID: ROOT\ASUSOTHERDEVICES\0000
Service: asuskbnt
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: ASUS Virtual Video Capture Device Driver
Device ID: SW\{3282D58C-E6CC-4290-976C-28942C85CD9B}\{9B365890-165F-11D0-A195-0020AFD156E4}
Manufacturer: ASUSTeK
Name: ASUS Virtual Video Capture Device Driver
PNP Device ID: SW\{3282D58C-E6CC-4290-976C-28942C85CD9B}\{9B365890-165F-11D0-A195-0020AFD156E4}
Service: asusgsb
.
==== System Restore Points ===================
.
RP1278: 7/29/2011 4:32:11 PM - System Checkpoint
RP1279: 7/30/2011 5:14:01 PM - System Checkpoint
RP1280: 7/31/2011 5:28:22 PM - System Checkpoint
RP1281: 8/1/2011 5:47:38 PM - System Checkpoint
RP1282: 8/2/2011 5:51:55 PM - System Checkpoint
RP1283: 8/3/2011 6:41:02 PM - System Checkpoint
RP1284: 8/4/2011 8:31:53 PM - System Checkpoint
RP1285: 8/5/2011 9:07:53 PM - System Checkpoint
RP1286: 8/6/2011 10:22:22 PM - System Checkpoint
RP1287: 8/7/2011 10:25:29 PM - System Checkpoint
RP1288: 8/8/2011 10:46:44 PM - System Checkpoint
RP1289: 8/9/2011 11:08:46 PM - System Checkpoint
RP1290: 8/10/2011 11:55:10 PM - System Checkpoint
RP1291: 8/11/2011 12:04:28 AM - Software Distribution Service 3.0
RP1292: 8/12/2011 10:08:37 AM - System Checkpoint
RP1293: 8/14/2011 1:31:14 PM - System Checkpoint
RP1294: 8/15/2011 1:50:26 PM - Installed DirectX
RP1295: 8/16/2011 2:34:05 PM - System Checkpoint
RP1296: 8/17/2011 3:32:38 PM - System Checkpoint
RP1297: 8/18/2011 3:54:39 PM - System Checkpoint
RP1298: 8/19/2011 4:28:52 PM - System Checkpoint
RP1299: 8/20/2011 4:43:37 PM - System Checkpoint
RP1300: 8/21/2011 5:05:17 PM - System Checkpoint
RP1301: 8/22/2011 6:15:38 PM - System Checkpoint
RP1302: 8/23/2011 7:00:46 PM - System Checkpoint
RP1303: 8/24/2011 7:14:41 PM - System Checkpoint
RP1304: 8/24/2011 11:36:13 PM - Software Distribution Service 3.0
RP1305: 8/26/2011 9:59:14 AM - System Checkpoint
RP1306: 8/28/2011 5:55:52 PM - System Checkpoint
RP1307: 8/29/2011 10:38:03 AM - Removed Ask Toolbar.
RP1308: 8/30/2011 10:44:23 AM - System Checkpoint
RP1309: 8/31/2011 11:50:38 AM - System Checkpoint
RP1310: 9/1/2011 12:32:18 PM - System Checkpoint
RP1311: 9/2/2011 1:17:57 PM - System Checkpoint
RP1312: 9/5/2011 11:55:13 AM - System Checkpoint
RP1313: 9/6/2011 12:24:37 PM - System Checkpoint
RP1314: 9/7/2011 12:56:42 PM - System Checkpoint
RP1315: 9/8/2011 3:00:18 AM - Software Distribution Service 3.0
RP1316: 9/9/2011 12:07:50 PM - System Checkpoint
RP1317: 9/10/2011 12:08:49 PM - System Checkpoint
RP1318: 9/11/2011 1:17:52 PM - System Checkpoint
RP1319: 9/12/2011 1:23:38 PM - System Checkpoint
RP1320: 9/13/2011 3:16:25 PM - System Checkpoint
RP1321: 9/14/2011 6:31:59 PM - System Checkpoint
RP1322: 9/14/2011 11:11:38 PM - Software Distribution Service 3.0
RP1323: 9/15/2011 11:50:23 PM - System Checkpoint
RP1324: 9/17/2011 9:16:06 AM - System Checkpoint
RP1325: 9/18/2011 2:43:56 PM - System Checkpoint
RP1326: 9/19/2011 4:07:20 PM - System Checkpoint
RP1327: 9/20/2011 4:29:30 PM - System Checkpoint
RP1328: 9/21/2011 4:31:48 PM - System Checkpoint
RP1329: 9/22/2011 6:37:52 PM - System Checkpoint
RP1330: 9/23/2011 7:24:33 PM - System Checkpoint
RP1331: 9/24/2011 7:38:44 PM - System Checkpoint
RP1332: 9/25/2011 8:23:13 PM - System Checkpoint
RP1333: 9/26/2011 8:37:14 PM - System Checkpoint
RP1334: 9/27/2011 9:14:12 PM - System Checkpoint
RP1335: 9/28/2011 10:14:35 PM - System Checkpoint
RP1336: 9/29/2011 12:00:22 AM - Software Distribution Service 3.0
RP1337: 9/30/2011 9:00:02 AM - System Checkpoint
RP1338: 10/1/2011 10:15:31 AM - System Checkpoint
RP1339: 10/1/2011 12:30:40 PM - Installed Microsoft Works 6-9 Converter
RP1340: 10/2/2011 12:32:46 PM - System Checkpoint
RP1341: 10/2/2011 10:23:20 PM - Software Distribution Service 3.0
RP1342: 10/4/2011 10:41:36 AM - System Checkpoint
RP1343: 10/5/2011 11:15:05 AM - System Checkpoint
RP1344: 10/6/2011 12:02:05 PM - System Checkpoint
RP1345: 10/7/2011 1:36:07 PM - System Checkpoint
RP1346: 10/7/2011 5:33:26 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1347: 10/8/2011 8:52:25 AM - Removed FriendFinder Messenger v4.1
RP1348: 10/8/2011 8:53:21 AM - Removed Star Wars Galaxies: 14-Day Trial
RP1349: 10/8/2011 8:53:49 AM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1350: 10/8/2011 8:55:10 AM - Removed AVG Free 8.5
RP1351: 10/8/2011 8:56:03 AM - Removed AVG Free 8.5
RP1352: 10/8/2011 9:01:26 AM - Installed AVG 2012
RP1353: 10/8/2011 9:02:15 AM - Removed AVG Free 8.5
RP1354: 10/8/2011 9:02:26 AM - Removed AVG 2012
RP1355: 10/8/2011 6:48:07 PM - Configured Battlefield 1942
RP1356: 10/9/2011 7:19:52 PM - System Checkpoint
RP1357: 10/10/2011 2:49:05 PM - Software Distribution Service 3.0
RP1358: 10/11/2011 10:42:29 AM - Removed Compact Wireless-G USB Adapter
RP1359: 10/11/2011 11:02:53 AM - OTL Restore Point
RP1360: 10/11/2011 2:19:23 PM - Removed Java™ 6 Update 21
RP1361: 10/11/2011 2:20:46 PM - Installed Java™ 7
RP1362: 10/11/2011 2:24:28 PM - Removed Java™ 7
RP1363: 10/11/2011 2:56:44 PM - Installed Java™ 7
RP1364: 10/11/2011 3:02:00 PM - OTL Restore Point
RP1365: 10/11/2011 3:13:42 PM - Software Distribution Service 3.0
RP1366: 10/12/2011 10:45:19 AM - OTL Restore Point
RP1367: 10/13/2011 10:27:27 AM - Software Distribution Service 3.0
RP1368: 10/13/2011 10:48:40 AM - Software Distribution Service 3.0
RP1369: 10/14/2011 10:43:59 AM - Software Distribution Service 3.0
RP1370: 10/15/2011 10:46:53 AM - System Checkpoint
RP1371: 10/15/2011 11:36:58 AM - Software Distribution Service 3.0
RP1372: 10/16/2011 12:15:26 PM - System Checkpoint
RP1373: 10/16/2011 9:52:10 PM - Software Distribution Service 3.0
RP1374: 10/17/2011 11:31:32 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player
Amazing Slow Downer (remove only)
Amazon MP3 Downloader 1.0.10
ArcSoft PhotoImpression 6
ArcSoft Print Creations
ASUS GameFace Library
ASUS nVidia Driver
ASUS Utilities
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2™
Battlefield 2: Special Forces
Battlefield 2142
Best Buy Digital Music Store
CA Yahoo! Anti-Spy (remove only)
Cake Mania 2
Cake Mania 2 (remove only)
CCleaner
Cleaner 5 EZ
Click to Call with Skype
Comcast High-Speed Internet Install Wizard
Command & Conquer™ Red Alert™ 3
Critical Update for Windows Media Player 11 (KB959772)
Crysis WARHEAD®
Data Lifeguard Diagnostic for Windows
EA Download Manager
EPSON CX7400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
ERUNT 1.1j
ESET Online Scanner v3
FreeZip
GameSpy Arcade
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GPGNet
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Indeo® software
Java™ 7
Logitech Updater
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware version 1.51.2.1300
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works 6-9 Converter
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.6.23)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MSXML4 Parser
neroxml
NVIDIA Drivers
NVIDIA PhysX
Oxelon Media Converter 1.1
Paint Shop Pro 7 Anniversary Edition
PlayNC Launcher
Prevx
QuickTime
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Richard Garriott's Tabula Rasa
Roblox for Owner
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
SPORE™
Star Wars JK II Jedi Outcast
Star Wars Republic Commando
Steam
Stronghold
Stronghold Crusader Extreme
Stronghold Legends
Supreme Commander - Forged Alliance
Supreme Commander 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewSonic Monitor Drivers
Warhammer 40,000: Dawn of War II
Warhammer® 40,000®: Dawn of War® II – Retribution™
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinZip 14.0
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/15/2011 11:27:25 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
10/15/2011 11:27:25 AM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/15/2011 11:20:34 AM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
10/15/2011 11:20:34 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
10/15/2011 11:20:34 AM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/15/2011 11:20:34 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
10/11/2011 2:19:58 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
10/11/2011 12:14:19 PM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
10/11/2011 11:02:49 AM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 11:02:49 AM, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 11:02:49 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 11:02:49 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 11:02:49 AM, error: Service Control Manager [7034] - The EPSON V3 Service4(01) service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 11:02:48 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 11:02:48 AM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
10/11/2011 1:43:48 PM, error: Service Control Manager [7000] - The CSIScanner service failed to start due to the following error: Access is denied.
.
==== End Of File ===========================
  • 0

#65
SweetTech
Posted 18 October 2011 - 01:28 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

I am still not liking that TDSS entry in your TDSSKiller logs.

I'd like to have you run an online virus scanner and see what that finds.


ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.


  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

  • 0

#66
frogmusic
Posted 18 October 2011 - 03:01 PM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here is the Eset log:

C:\Documents and Settings\Owner\Desktop\Protection\GooredFix Backups\C\Documents and Settings\Owner\Local Settings\Application Data\{827C57BD-B529-4EF8-BCFA-F6E6AA1BF534}\chrome\content\overlay.xul probably a variant of Win32/Agent.NVQFFQI trojan
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler.exe.vir Win32/PowerReg application
C:\Qoobox\Quarantine\C\Program Files\AVG\AVG8\avgwdsvc.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir a variant of Win32/Sirefef.CH trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\c_97023.nl_.vir a variant of Win32/Sirefef.CR trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nvsvc32.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\PnkBstrA.exe.vir Win32/Patched.HN trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\mrxsmb.sys.vir a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1344\A0119602.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1344\A0119622.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1346\A0120622.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1346\A0120638.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1350\A0120825.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1351\A0120881.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1353\A0120940.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121100.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121116.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121117.EXE Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121118.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121119.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121120.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121121.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121122.EXE Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121123.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1354\A0121124.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121310.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121311.ini a variant of Win32/Sirefef.CH trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121337.sys a variant of Win32/Rootkit.Kryptik.DM trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121370.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121371.EXE Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121372.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121373.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121374.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121375.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121376.EXE Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121377.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121378.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121612.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1356\A0121731.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1357\A0121941.exe Win32/PowerReg application
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1357\A0122022.exe Win32/Patched.HN trojan
C:\System Volume Information\_restore{78988E82-EAC3-4B55-A1D3-A2FA110CAD9C}\RP1357\A0122023.EXE Win32/Patched.HN trojan
C:\TDSSKiller_Quarantine\07.10.2011_18.29.33\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\07.10.2011_18.29.33\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan
  • 0

#67
SweetTech
Posted 18 October 2011 - 03:46 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Do you have your data backed up? The reason I ask you this is because, I'm starting to feel that a reformat and re-install is in your best interest.

I'm really bothered by these entries in your TDSSKiller log file:

11:03:17.0046 5864 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:03:17.0046 5864 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

To me this indicates a TDSS infection. The only problem being that this infection doesn't seem to want to go away.

You were infected with ZeroAccess which is a very nasty infection. I feel that this infection wrecked havoc with your computer and system files, and feel like this infection may have done some damage to your computer that I am not able to see.

You also had a bunch of key system files that were patched by malware.

I am going to suggest that you reformat and re-install your operating system. I know that this may not have been the answer you were looking to hear, especially considering how much progress we've made with this computer, but I feel a reformat and re-install is going to be in your best interest.

Please read the following on reformat and re-install:

Reformatting a hard disk deletes all data. You can back up all your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (.exe), screensavers (.scr), autorun (.ini) or script files (.php, .asp, and .html) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executable files inside them as some types of malware can penetrate and infect .exe files within compressed files too. Other types of malware may even disguise itself by adding and hiding its extension to the existing extension of file(s) so be sure you look closely at the full file name. After reformatting, scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If you're not sure how to reformat or need help with reformatting, please review:
These links include step-by-step instructions with screenshots:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.
Also see How to keep your Windows XP activation after clean install.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows pre-installed. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media.

If you need additional assistance with reformatting or have questions about multiple hard drives, you can start a new topic in the Windows XP™, 2000, 2003, NT forum. If you don't get a reply, please send me a PM and I will get someone to take a look.
  • 0

#68
frogmusic
Posted 18 October 2011 - 08:35 PM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok I reformatted and installed Windows XP, but it won't connect to the internet now. Is there a setting I need to fix on it?
  • 0

#69
frogmusic
Posted 18 October 2011 - 09:28 PM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Never mind, I installed the drivers needed and now it's working.
  • 0

#70
SweetTech
Posted 19 October 2011 - 10:03 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Glad to hear that!

This is what I usually provide to my users once they are clean.

Hopefully this information will be helpful:


All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===



Below I have included a number of recommendations for how to protect your computer against malware infections.


Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.


Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.


Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.


Make Internet Explorer more secure

  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.



Extra Goodies

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates

  • Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for Chrome and Opera.
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

Advertisements

#71
frogmusic
Posted 19 October 2011 - 11:41 AM

frogmusic

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Ok I downloaded AVG 2012, and Google Chrome. I also set the security stuff for internet explorer, even though I've made Google Chrome my default browser (it can't hurt). I also downloaded Malware bytes and ran a scan, all clean.

So now that I have this super clean running C drive, I'm kinda scared to plug in my external drive that I keep all my pictures, music, and games on. I unplugged it when all this virus stuff started to happen. Is there some scan I should run on it? I didn't see anything on Malware bytes that lets me select a different drive other than C. I'm not worried about my pictures or music (I buy it all off Amazon), but my son's games are on it with all that extra crap they make you load with it, like Punkbuster, Gamespy Arcade, Steam...etc.... I hate that stuff.
  • 0

#72
SweetTech
Posted 19 October 2011 - 09:46 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Good Evening!


Ok I downloaded AVG 2012, and Google Chrome. I also set the security stuff for internet explorer, even though I've made Google Chrome my default browser (it can't hurt). I also downloaded Malware bytes and ran a scan, all clean.

Glad to hear that!


So now that I have this super clean running C drive, I'm kinda scared to plug in my external drive that I keep all my pictures, music, and games on. I unplugged it when all this virus stuff started to happen. Is there some scan I should run on it? I didn't see anything on Malware bytes that lets me select a different drive other than C. I'm not worried about my pictures or music (I buy it all off Amazon), but my son's games are on it with all that extra crap they make you load with it, like Punkbuster, Gamespy Arcade, Steam...etc.... I hate that stuff.

I would suggest you run a scan with your Anti-Virus program on that drive, as well as an online scanner like ESET Online Scanner.
  • 0

#73
SweetTech
Posted 24 October 2011 - 03:22 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP