bunruh
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by bunruh
-
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Is there anything new here, it found 7 infected items: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5064 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/6/2010 9:01:08 PM mbam-log-2010-11-06 (21-01-08).txt Scan type: Full scan (C:\|H:\|) Objects scanned: 260692 Time elapsed: 1 hour(s), 32 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{11522865-037b-4e24-99d6-b43a3782302f} (Password.Stealer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{1dfc0cb0-ce09-4e94-bd01-91c2e9d2a7ca} (Password.Stealer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{3513a6a1-9e64-411e-a763-be8cf8f8f1bc} (Password.Stealer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\{7d94fe9d-0031-4911-9d51-2a24cb88120c} (Password.Stealer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\4dw4r3 (Rootkit.TDSS) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\kirenalo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\WINDOWS\system32\yehifuni.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully. C:\TDSSKiller_Quarantine\06.11.2010_11.49.41\susp0001\svc0000\tsk0000.dta (Trojan.Agent) -> Quarantined and deleted successfully. -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, I just reran mbam-setup and did an update and am doing a full system scan on C: & H:. So far it has found several objects infected. I will post the log when completed. Do I delete or quarantine infected objects? -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, I just reread your post more carefully and I think you answered the question about deleting something, but want to make sure. Thanks for your help ALL DAY LONG!!! -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Looks like it worked, see log below. What about your comments on Post 31: "Make sure you delete it. [NOTE] The file was moved to the quarantine directory under the name '4f9a7460.qua'." Do I still need to delete something? exeHelper by Raktor Build 20100414 Run at 19:06:02 on 11/06/10 Now searching... Checking for numerical processes... Checking for sysguard processes... Checking for bad processes... Checking for bad files... Checking for bad registry entries... Resetting filetype association for .exe Resetting filetype association for .com Resetting userinit and shell values... Resetting policies... --Finished-- -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Hey LDTate, thanks for all the help . I do have some questions as we finish up. We did some changes to the Registry, do any of them need to be undone. There was something a few steps back (Post #31) that you said we needed to change back later. Also, it appears that something happened to my registry because I can't directly click on some links to *.exe files and run them; I get an error message when I try to run mbam.exe from the desktop shortcut that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." In these cases I've used the CACLS work around: cacls "C:\path\prog.exe" /G Everyone:F . In the past I found this registry code and have added it (do you approve?): xp_exe_fix.reg Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.exe] @="exefile" "Content Type"="application/x-msdownload" [HKEY_CLASSES_ROOT\.exe\PersistentHandler] @="{098f2470-bae0-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\exefile] @="Application" "EditFlags"=hex:38,07,00,00 "TileInfo"="prop:FileDescription;Company;FileVersion" "InfoTip"="prop:FileDescription;Company;FileVersion;Create;Size" [HKEY_CLASSES_ROOT\exefile\DefaultIcon] @="%1" [HKEY_CLASSES_ROOT\exefile\shell] [HKEY_CLASSES_ROOT\exefile\shell\open] "EditFlags"=hex:00,00,00,00 [HKEY_CLASSES_ROOT\exefile\shell\open\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shell\runas] [HKEY_CLASSES_ROOT\exefile\shell\runas\command] @="\"%1\" %*" [HKEY_CLASSES_ROOT\exefile\shellex] [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler] @="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers] [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PEAnalyser] @="{09A63660-16F9-11d0-B1DF-004F56001CA7}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\PifProps] @="{86F19A00-42A0-1069-A2E9-08002B30309D}" [HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers\ShimLayer Property Page] @="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
DDS: DDS (Ver_10-11-03.01) - NTFSx86 Run by Compaq_Owner at 17:32:08.70 on Sat 11/06/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.415 [GMT -5:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\windows\system\hpsysdrv.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Compaq_Owner.COMPAQ\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://start.facemoods.com/?a=antn uInternet Settings,ProxyServer = http=127.0.0.1 mURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] //~c:\program files\common files\real\update_ob\realsched.exe -osboot mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PS2] c:\windows\system32\ps2.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-2 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-2 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-2 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-2 60936] =============== Created Last 30 ================ 2010-11-06 21:44:59 -------- d-----w- C:\ComboFix 2010-11-06 17:44:57 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys 2010-11-06 16:50:19 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-02 20:59:40 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\Avira 2010-11-02 20:55:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 20:55:02 -------- d-----w- c:\program files\Avira 2010-11-02 20:55:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-11-02 17:50:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-02 17:50:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-01 23:41:17 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\Malwarebytes 2010-11-01 23:41:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-01 23:41:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-11-01 23:26:40 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\SurfSecret Privacy Suite 2010-11-01 23:21:57 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\Panda Security 2010-11-01 23:21:12 -------- d-----w- c:\docume~1\compaq~1.com\locals~1\applic~1\panda2_0dn 2010-11-01 23:20:17 -------- d-----w- c:\program files\Panda Security 2010-11-01 23:20:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security 2010-10-25 16:58:36 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\AskToolbar 2010-10-25 04:52:43 -------- d-----w- c:\docume~1\compaq~1.com\locals~1\applic~1\AskToolbar 2010-10-13 01:26:57 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 01:26:56 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 01:26:44 617472 ------w- c:\windows\system32\dllcache\comctl32.dll ==================== Find3M ==================== 2010-11-06 02:15:49 88576 ----a-w- c:\windows\MBR.exe 2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-22 00:40:56 774144 ----a-w- c:\program files\RngInterstitial.dll ============= FINISH: 17:33:26.23 =============== -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Will run new DDS scan. FYI here is the log from Avira: Avira AntiVir Personal Report file date: Saturday, November 06, 2010 17:20 Scanning for 3020684 virus strains and unwanted programs. The program is running as an unrestricted full version. Online services are available: Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows XP Windows version : (Service Pack 3) [5.1.2600] Boot mode : Normally booted Username : SYSTEM Computer name : COMPAQ Version information: BUILD.DAT : 10.0.0.592 31823 Bytes 8/9/2010 11:00:00 AVSCAN.EXE : 10.0.3.1 434344 Bytes 11/6/2010 19:22:28 AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04 LUKE.DLL : 10.0.2.3 104296 Bytes 8/2/2010 21:10:00 LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49 VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:10:03 VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:10:04 VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 21:10:06 VBASE008.VDF : 7.10.11.133 3454464 Bytes 9/13/2010 20:56:51 VBASE009.VDF : 7.10.13.80 2265600 Bytes 11/2/2010 20:57:03 VBASE010.VDF : 7.10.13.81 2048 Bytes 11/2/2010 20:57:03 VBASE011.VDF : 7.10.13.82 2048 Bytes 11/2/2010 20:57:03 VBASE012.VDF : 7.10.13.83 2048 Bytes 11/2/2010 20:57:03 VBASE013.VDF : 7.10.13.116 147968 Bytes 11/4/2010 14:32:42 VBASE014.VDF : 7.10.13.117 2048 Bytes 11/4/2010 14:32:42 VBASE015.VDF : 7.10.13.118 2048 Bytes 11/4/2010 14:32:42 VBASE016.VDF : 7.10.13.119 2048 Bytes 11/4/2010 14:32:42 VBASE017.VDF : 7.10.13.120 2048 Bytes 11/4/2010 14:32:42 VBASE018.VDF : 7.10.13.121 2048 Bytes 11/4/2010 14:32:43 VBASE019.VDF : 7.10.13.122 2048 Bytes 11/4/2010 14:32:43 VBASE020.VDF : 7.10.13.123 2048 Bytes 11/4/2010 14:32:43 VBASE021.VDF : 7.10.13.124 2048 Bytes 11/4/2010 14:32:43 VBASE022.VDF : 7.10.13.125 2048 Bytes 11/4/2010 14:32:43 VBASE023.VDF : 7.10.13.126 2048 Bytes 11/4/2010 14:32:43 VBASE024.VDF : 7.10.13.127 2048 Bytes 11/4/2010 14:32:43 VBASE025.VDF : 7.10.13.128 2048 Bytes 11/4/2010 14:32:43 VBASE026.VDF : 7.10.13.129 2048 Bytes 11/4/2010 14:32:43 VBASE027.VDF : 7.10.13.130 2048 Bytes 11/4/2010 14:32:44 VBASE028.VDF : 7.10.13.131 2048 Bytes 11/4/2010 14:32:44 VBASE029.VDF : 7.10.13.132 2048 Bytes 11/4/2010 14:32:44 VBASE030.VDF : 7.10.13.133 2048 Bytes 11/4/2010 14:32:44 VBASE031.VDF : 7.10.13.145 130048 Bytes 11/5/2010 19:22:27 Engineversion : 8.2.4.92 AEVDF.DLL : 8.1.2.1 106868 Bytes 8/2/2010 21:09:54 AESCRIPT.DLL : 8.1.3.46 1364347 Bytes 11/4/2010 14:32:52 AESCN.DLL : 8.1.6.1 127347 Bytes 8/2/2010 21:09:53 AESBX.DLL : 8.1.3.1 254324 Bytes 8/2/2010 21:09:53 AERDL.DLL : 8.1.9.2 635252 Bytes 11/2/2010 20:57:27 AEPACK.DLL : 8.2.3.11 471416 Bytes 11/2/2010 20:57:25 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/2/2010 21:09:52 AEHEUR.DLL : 8.1.2.38 2990455 Bytes 11/4/2010 14:32:49 AEHELP.DLL : 8.1.14.0 246134 Bytes 11/2/2010 20:57:12 AEGEN.DLL : 8.1.3.24 401781 Bytes 11/4/2010 14:32:45 AEEMU.DLL : 8.1.2.0 393588 Bytes 8/2/2010 21:09:49 AECORE.DLL : 8.1.17.0 196982 Bytes 11/2/2010 20:57:10 AEBB.DLL : 8.1.1.0 53618 Bytes 8/2/2010 21:09:48 AVWINLL.DLL : 10.0.0.0 19304 Bytes 8/2/2010 21:09:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 8/2/2010 21:09:55 AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 20:27:13 AVREG.DLL : 10.0.3.2 53096 Bytes 8/2/2010 21:09:55 AVSCPLR.DLL : 10.0.3.1 83816 Bytes 8/2/2010 21:09:56 AVARKT.DLL : 10.0.0.14 227176 Bytes 8/2/2010 21:09:54 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 8/2/2010 21:09:55 SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 20:27:22 AVSMTP.DLL : 10.0.0.17 63848 Bytes 8/2/2010 21:09:56 NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 20:27:21 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20 RCTEXT.DLL : 10.0.58.0 97128 Bytes 8/2/2010 21:10:08 Configuration settings for the scan: Jobname.............................: avguard_async_scan Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_4d125531\guard_slideup.avp Logging.............................: low Primary action......................: repair Secondary action....................: quarantine Scan master boot sector.............: on Scan boot sector....................: off Process scan........................: on Scan registry.......................: off Search for rootkits.................: off Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: high Start of the scan: Saturday, November 06, 2010 17:20 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'KBD.EXE' - '1' Module(s) have been scanned Scan process 'avshadow.exe' - '1' Module(s) have been scanned Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned Starting the file scan: Begin scan in 'C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP126\A0041748.sys' C:\System Volume Information\_restore{DDE3EB95-4B24-44D8-AD38-1F974B96C2F0}\RP126\A0041748.sys [DETECTION] Is the TR/Rootkit.Gen Trojan [NOTE] The file was moved to the quarantine directory under the name '4f9a7460.qua'. End of the scan: Saturday, November 06, 2010 17:21 Used time: 00:26 Minute(s) The scan has been done completely. 0 Scanned directories 29 Files were scanned 1 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 1 Files were moved to quarantine 0 Files were renamed 0 Files cannot be scanned 28 Files not concerned 0 Archives were scanned 0 Warnings 1 Notes The scan results will be transferred to the Guard. -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Before I could do the steps above, Avira said it found something and asked to delete it. I approved and rebooted. Then I did your steps above and another boot. Now what? -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Ran the batch file and then checked to make sure IE worked. Ran CoboFix; here's the log: ComboFix 10-11-07.01 - Compaq_Owner 11/06/2010 16:48:07.4.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.312 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.COMPAQ\Desktop\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))) . 2010-11-06 17:44 . 2010-11-06 17:47 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys 2010-11-06 16:50 . 2010-11-06 16:50 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-02 20:59 . 2010-11-02 20:59 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Avira 2010-11-02 20:55 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 20:55 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-02 20:55 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-11-02 20:55 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\program files\Avira 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-11-02 17:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-02 17:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Malwarebytes 2010-11-01 23:41 . 2010-11-02 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-01 23:26 . 2010-11-01 23:26 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\SurfSecret Privacy Suite 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Panda Security 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\panda2_0dn 2010-11-01 23:20 . 2010-11-06 20:40 -------- d-----w- c:\program files\Panda Security 2010-11-01 23:20 . 2010-11-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2010-10-31 02:35 . 2010-10-31 02:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2010-10-26 06:48 . 2010-10-26 06:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities 2010-10-25 16:58 . 2010-10-25 16:58 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\AskToolbar 2010-10-25 04:52 . 2010-11-06 19:53 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\AskToolbar 2010-10-13 01:26 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 01:26 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 01:26 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-06 18:43 . 2005-01-28 08:53 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-09-18 17:23 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 18:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 18:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-04 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2004-08-04 18:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2004-08-04 18:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2004-08-04 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2004-08-04 18:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2005-01-28 08:56 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-12-12 04:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2004-08-04 18:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 18:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 18:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-22 00:40 . 2005-06-22 00:41 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="files\common files\real\update_ob\realsched.exe -osboot" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344] "SiSPower"="SiSPower.dll" [2005-04-12 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-28 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/2/2010 3:55 PM 135336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=antn uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-06 16:53 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2256) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-11-06 16:56:25 ComboFix-quarantined-files.txt 2010-11-06 21:56 ComboFix2.txt 2010-11-06 21:07 ComboFix3.txt 2010-11-06 20:17 ComboFix4.txt 2010-11-06 19:09 ComboFix5.txt 2010-11-06 21:45 Pre-Run: 37,472,468,992 bytes free Post-Run: 37,466,943,488 bytes free - - End Of File - - 003BC494152B13EFF92539B3BCC7AA8D -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, I uninstalled Panda Cloud AV and all its various components, then restarted and did the above script. Here's the log file: ComboFix 10-11-07.01 - Compaq_Owner 11/06/2010 15:53:00.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.399 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.COMPAQ\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner.COMPAQ\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . ((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))) . 2010-11-06 17:44 . 2010-11-06 17:47 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys 2010-11-06 16:50 . 2010-11-06 16:50 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-02 20:59 . 2010-11-02 20:59 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Avira 2010-11-02 20:55 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 20:55 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-02 20:55 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-11-02 20:55 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\program files\Avira 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-11-02 17:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-02 17:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Malwarebytes 2010-11-01 23:41 . 2010-11-02 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-01 23:26 . 2010-11-01 23:26 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\SurfSecret Privacy Suite 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Panda Security 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\panda2_0dn 2010-11-01 23:20 . 2010-11-06 20:40 -------- d-----w- c:\program files\Panda Security 2010-11-01 23:20 . 2010-11-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2010-10-31 02:35 . 2010-10-31 02:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2010-10-26 06:48 . 2010-10-26 06:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities 2010-10-25 16:58 . 2010-10-25 16:58 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\AskToolbar 2010-10-25 04:52 . 2010-11-06 19:53 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\AskToolbar 2010-10-13 01:26 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 01:26 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 01:26 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-06 18:43 . 2005-01-28 08:53 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-09-18 17:23 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 18:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 18:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-04 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2004-08-04 18:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2004-08-04 18:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2004-08-04 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2004-08-04 18:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2005-01-28 08:56 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-12-12 04:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2004-08-04 18:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 18:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 18:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-22 00:40 . 2005-06-22 00:41 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="files\common files\real\update_ob\realsched.exe -osboot" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344] "SiSPower"="SiSPower.dll" [2005-04-12 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-28 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/2/2010 3:55 PM 135336] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=antn uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-06 16:02 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3196) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\AGRSMMSG.exe c:\windows\ALCXMNTR.EXE . ************************************************************************** . Completion time: 2010-11-06 16:07:38 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-06 21:07 ComboFix2.txt 2010-11-06 20:17 ComboFix3.txt 2010-11-06 19:09 ComboFix4.txt 2009-12-12 02:24 Pre-Run: 36,284,334,080 bytes free Post-Run: 36,275,482,624 bytes free - - End Of File - - 8C8C6E696C7B51F4C821149D4FE28C57 -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, upon restart ComboFix restarted its scan and the following log: ComboFix 10-11-07.01 - Compaq_Owner 11/06/2010 15:00:36.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.458 [GMT -5:00] Running from: c:\documents and settings\Compaq_Owner.COMPAQ\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Compaq_Owner.COMPAQ\Desktop\CFScript.txt AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Ask.com c:\program files\Ask.com\btn_search.png c:\program files\Ask.com\cobrand.ico c:\program files\Ask.com\config.xml c:\program files\Ask.com\favicon.ico c:\program files\Ask.com\GenericAskToolbar.dll c:\program files\Ask.com\limewire_logo.png c:\program files\Ask.com\mupcfg.xml c:\program files\Ask.com\SaUpdate.exe c:\program files\Ask.com\UpdateTask.exe c:\windows\system32\config\bjyeyaiy . ((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))) . 2010-11-06 17:44 . 2010-11-06 17:47 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys 2010-11-06 16:50 . 2010-11-06 16:50 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-02 20:59 . 2010-11-02 20:59 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Avira 2010-11-02 20:55 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 20:55 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-02 20:55 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-11-02 20:55 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\program files\Avira 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-11-02 17:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-02 17:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-02 02:41 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Malwarebytes 2010-11-01 23:41 . 2010-11-02 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-01 23:26 . 2010-11-01 23:26 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\SurfSecret Privacy Suite 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Panda Security 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\panda2_0dn 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing 2010-11-01 23:21 . 2010-11-01 23:31 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\pandasecuritytb 2010-11-01 23:20 . 2010-11-02 02:40 -------- d-----w- c:\program files\Panda Security 2010-11-01 23:20 . 2010-11-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2010-10-31 02:35 . 2010-10-31 02:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2010-10-26 06:48 . 2010-10-26 06:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities 2010-10-25 16:58 . 2010-10-25 16:58 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\AskToolbar 2010-10-25 04:52 . 2010-11-06 19:53 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\AskToolbar 2010-10-13 01:26 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 01:26 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 01:26 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-06 18:43 . 2005-01-28 08:53 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-09-18 17:23 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 18:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 18:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-04 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2004-08-04 18:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2004-08-04 18:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2004-08-04 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2004-08-04 18:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2005-01-28 08:56 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-12-12 04:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2004-08-04 18:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 18:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 18:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-22 00:40 . 2005-06-22 00:41 774144 ----a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2010-10-25 13:34 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-10-25 86696] [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="files\common files\real\update_ob\realsched.exe -osboot" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344] "SiSPower"="SiSPower.dll" [2005-04-12 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-28 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848] "Panda Security Toolbar Antiphishing"="c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-10-24 449192] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/1/2010 9:41 PM 28552] R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [6/17/2010 1:41 PM 129992] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/2/2010 3:55 PM 135336] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/21/2010 10:02 PM 97096] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/21/2010 10:02 PM 112456] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [8/9/2010 2:53 PM 140608] . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=antn uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-06 15:11 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3604) c:\windows\system32\WININET.dll c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\AGRSMMSG.exe c:\windows\ALCXMNTR.EXE . ************************************************************************** . Completion time: 2010-11-06 15:17:20 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-06 20:17 ComboFix2.txt 2010-11-06 19:09 ComboFix3.txt 2009-12-12 02:24 Pre-Run: 36,098,134,016 bytes free Post-Run: 36,099,694,592 bytes free - - End Of File - - D2E5D3B5710AC03B623A339482B5609E -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, I went through above steps and the first time though it went to a black screen with the following message: K error ss any key to restart I am restarting now. -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, the first run of ComboFix found a root kit infection and asked me to reboot the computer. I did reboot and ComboFix automatically restarted a scan and ran to completion and finished a log file: ComboFix 10-11-07.01 - Compaq_Owner 11/06/2010 13:49:01.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.440 [GMT -5:00] Running from: J:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\.wtav c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\facemoods.com c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\facemoods.com\facemoods\Online Games.ico C:\feed.txt c:\program files\skynet.dat c:\windows\assembly\GAC\__AssemblyInfo__.ini c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf c:\windows\explorer(2).exe c:\windows\herjek.config c:\windows\system32\fsc.txt c:\windows\system32\ide.txt c:\windows\system32\klgd.bmp c:\windows\system32\lpd.txt c:\windows\system32\lpe.txt c:\windows\system32\lrg.txt c:\windows\system32\qks.txt c:\windows\system32\xef.txt c:\windows\Tasks\bxqogdrq.job c:\windows\Tasks\dpgetlyt.job Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected Restored copy from - The cat found it . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_ADBUPD -------\Legacy_USERINIT -------\Service_6to4 -------\Service_AdbUpd -------\Service_userinit ((((((((((((((((((((((((( Files Created from 2010-10-06 to 2010-11-06 ))))))))))))))))))))))))))))))) . 2010-11-06 17:44 . 2010-11-06 17:47 78040 ----a-w- c:\windows\system32\drivers\klmdb.sys 2010-11-06 16:50 . 2010-11-06 16:50 -------- d-----w- C:\TDSSKiller_Quarantine 2010-11-02 20:59 . 2010-11-02 20:59 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Avira 2010-11-02 20:55 . 2010-08-02 21:10 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 20:55 . 2010-08-02 21:10 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys 2010-11-02 20:55 . 2010-06-17 20:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2010-11-02 20:55 . 2010-06-17 20:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\program files\Avira 2010-11-02 20:55 . 2010-11-02 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-11-02 17:50 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-02 17:50 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-02 02:41 . 2009-06-30 15:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Malwarebytes 2010-11-01 23:41 . 2010-11-02 17:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-01 23:41 . 2010-11-01 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-11-01 23:26 . 2010-11-01 23:26 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\SurfSecret Privacy Suite 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\Panda Security 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\panda2_0dn 2010-11-01 23:21 . 2010-11-01 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing 2010-11-01 23:21 . 2010-11-01 23:31 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\pandasecuritytb 2010-11-01 23:20 . 2010-11-02 02:40 -------- d-----w- c:\program files\Panda Security 2010-11-01 23:20 . 2010-11-01 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2010-10-31 02:35 . 2010-10-31 02:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities 2010-10-26 06:48 . 2010-10-26 06:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities 2010-10-25 16:58 . 2010-10-25 16:58 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Application Data\AskToolbar 2010-10-25 04:52 . 2010-11-02 02:42 -------- d-----w- c:\documents and settings\Compaq_Owner.COMPAQ\Local Settings\Application Data\AskToolbar 2010-10-25 04:21 . 2010-10-25 04:21 -------- d-----w- c:\program files\Ask.com 2010-10-13 01:26 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 01:26 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 01:26 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-06 18:43 . 2005-01-28 08:53 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2010-09-18 17:23 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53 . 2004-08-04 18:00 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53 . 2004-08-04 18:00 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53 . 2004-08-04 18:00 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58 . 2004-08-04 18:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58 . 2004-08-04 18:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58 . 2004-08-04 18:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51 . 2004-08-04 18:00 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42 . 2004-08-04 18:00 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02 . 2004-08-04 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57 . 2004-08-04 18:00 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 13:39 . 2005-01-28 08:56 357248 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-26 12:52 . 2009-12-12 04:14 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12 . 2004-08-04 18:00 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17 . 2004-08-04 18:00 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45 . 2004-08-04 18:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-22 00:40 . 2005-06-22 00:41 774144 ----a-w- c:\program files\RngInterstitial.dll . ------- Sigcheck ------- [7] 2009-04-25 . C0503FD8D163652735C1EE900672A75C . 636088 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\iexplore.exe [7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe [7] 2009-02-28 . BCD8E48709BE4A79606F0B6E8E9A6162 . 636088 . . [7.00.6000.21020] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\iexplore.exe [7] 2009-02-28 . A251068640DDB69FD7805B57D89D7FF7 . 636072 . . [7.00.6000.16827] . . c:\windows\ie7updates\KB969897-IE7\iexplore.exe [7] 2008-12-19 . 15E8A89499741D5CF59A9CF6463A4339 . 634024 . . [7.00.6000.20978] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\iexplore.exe [7] 2008-12-19 . 030D78FE84A086ED376EFCBD2D72C522 . 634024 . . [7.00.6000.16791] . . c:\windows\ie7updates\KB963027-IE7\iexplore.exe [7] 2008-10-15 . 9D3DB9ADFABD2F0BC778EC03250A3ABB . 633632 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB961260-IE7\iexplore.exe [7] 2008-10-15 . 056C927CF7207857E8B34F7A8FFD9B9E . 633632 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\iexplore.exe [7] 2008-08-23 . E8305C30D35E85D6657ED3E9934CB302 . 635848 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\iexplore.exe [7] 2008-08-23 . 1F03216084447F990AE797317D0A6E70 . 635848 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\iexplore.exe [-] 2008-06-23 . 64E376A47763DAEABCDA14BD5B6EA286 . 625664 . . [7.00.6000.16705] . . c:\windows\ie7updates\KB956390-IE7\iexplore.exe [-] 2008-06-23 . C52A9EF571E91535EB78DB4B8B95EA07 . 625664 . . [7.00.6000.20861] . . c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\iexplore.exe [-] 2008-04-22 . 197B7E4030CFBD8D2979D375E1787AA2 . 625664 . . [7.00.6000.20815] . . c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe [7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe [7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\iexplore.exe [-] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\ie7updates\KB950759-IE7\iexplore.exe [-] 2008-02-29 . 2D0E5592AB5A46C27DAF7CCAFF4F5B59 . 625664 . . [7.00.6000.16640] . . c:\windows\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\SP2GDR\iexplore.exe [-] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe [-] 2008-02-22 . 6E0888626E0CAC79F57149814E22DB4D . 625664 . . [7.00.6000.20772] . . c:\windows\SoftwareDistribution\Download\574548bb1821009dfc939b99bf38919d\SP2QFE\iexplore.exe [-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\ie7updates\KB947864-IE7\iexplore.exe [-] 2007-12-06 . 2703D940A62B731AA220529DD7331A78 . 625664 . . [7.00.6000.16608] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\iexplore.exe [-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe [-] 2007-12-06 . 809D17D8FA0FDAEE07778CD821CAFFDE . 625664 . . [7.00.6000.20733] . . c:\windows\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\iexplore.exe [-] 2007-10-10 . 632BDE0179847234433CA50945442ACB . 625664 . . [7.00.6000.20696] . . c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\iexplore.exe [-] 2007-08-17 . 3AC2BC667DA0AF2C968E96E1630F5AB5 . 625152 . . [7.00.6000.16544] . . c:\windows\ie7updates\KB942615-IE7\iexplore.exe [-] 2007-08-17 . 5577D0E3AC2F9F035ACD81B44AF5F511 . 625152 . . [7.00.6000.20661] . . c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\iexplore.exe [-] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB944533-IE7\iexplore.exe [-] 2007-08-13 . DE49B348A18369B4626FBA1D49B07FB4 . 622080 . . [7.00.5730.13] . . c:\windows\ie7updates\KB953838-IE7\iexplore.exe [-] 2007-06-27 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\iexplore.exe [-] 2007-06-27 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\ie7updates\KB939653-IE7\iexplore.exe [-] 2007-04-24 . 10BDB55982586A432A3951EB19A26009 . 625152 . . [7.00.6000.16473] . . c:\windows\ie7updates\KB937143-IE7\iexplore.exe [-] 2007-04-24 . 9B3516C1F30DA17ADD3818573047D63C . 625152 . . [7.00.6000.20583] . . c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\iexplore.exe [-] 2007-02-28 . D321092F8529CDAE843D6E24E3CAC6CB . 625152 . . [7.00.6000.20544] . . c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\iexplore.exe [-] 2007-02-21 . 683DDE71BCF03B501B912D20CB93B549 . 623616 . . [7.00.6000.16441] . . c:\windows\ie7updates\KB933566-IE7\iexplore.exe [-] 2007-01-09 . 93A6A4F5293AE19E3B37021AABCF0902 . 623616 . . [7.00.6000.16414] . . c:\windows\ie7updates\KB931768-IE7\iexplore.exe [-] 2006-10-17 . 5334D4461AA92A7B008755FE6D13C5F2 . 622080 . . [7.00.5730.11] . . c:\windows\ie7updates\KB928090-IE7\iexplore.exe [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie7\iexplore.exe [7] 2004-08-04 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ie8\iexplore.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2010-10-25 13:34 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-09-28 04:40 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1244040] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-10-25 86696] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1244040] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon] @="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}" [HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}] 2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon] @="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}" [HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}] 2010-05-14 20:04 320832 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="files\common files\real\update_ob\realsched.exe -osboot" [X] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-30 88363] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472] "PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304] "LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-15 253952] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552] "AlcxMonitor"="ALCXMNTR.EXE" [2004-09-08 57344] "SiSPower"="SiSPower.dll" [2005-04-12 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-01-28 98304] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2010-05-14 406848] "Panda Security Toolbar Antiphishing"="c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe" [2010-10-24 449192] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [11/1/2010 9:41 PM 28552] R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [6/17/2010 1:41 PM 129992] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/2/2010 3:55 PM 135336] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [5/27/2010 6:39 PM 141384] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [7/21/2010 10:02 PM 97096] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [4/30/2010 1:46 PM 111624] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [7/21/2010 10:02 PM 112456] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [8/9/2010 2:53 PM 140608] . Contents of the 'Scheduled Tasks' folder 2010-10-25 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-09-28 04:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://start.facemoods.com/?a=antn uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-Locked - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKLM-Run-iTunesHelper - files\itunes\ituneshelper.exe HKLM-Run-SMSERIAL - (no file) SharedTaskScheduler-{23890fbe-a206-400f-8a89-f094b6efd9d9} - (no file) SharedTaskScheduler-{b43f8a73-c416-4add-91f9-33f0e5a270ca} - (no file) SharedTaskScheduler-{8b87616f-ccd9-4076-9873-1b724da2f16e} - (no file) SharedTaskScheduler-{c4172249-1f32-4832-8982-80b4f33ff7f0} - (no file) SharedTaskScheduler-{f1f47ee6-2383-4e1a-84b3-d4455fd87bdd} - (no file) SharedTaskScheduler-{f012e104-dfa5-4939-8c39-b827ce01ae78} - (no file) SSODL-bibiwaluk-{23890fbe-a206-400f-8a89-f094b6efd9d9} - (no file) SSODL-vimazodag-{b43f8a73-c416-4add-91f9-33f0e5a270ca} - (no file) SSODL-yeruzijep-{8b87616f-ccd9-4076-9873-1b724da2f16e} - (no file) SSODL-fagoziruy-{c4172249-1f32-4832-8982-80b4f33ff7f0} - (no file) SSODL-layezewan-{f1f47ee6-2383-4e1a-84b3-d4455fd87bdd} - (no file) SSODL-wuyagihes-{f012e104-dfa5-4939-8c39-b827ce01ae78} - (no file) Notify-setcell - setcell.dll SafeBoot-klmdb.sys ActiveSetup-{11522865-037B-4E24-99D6-B43A3782302F} - uaihv27.dll ActiveSetup-{1DFC0CB0-CE09-4E94-BD01-91C2E9D2A7CA} - oxia7.dll ActiveSetup-{3513A6A1-9E64-411E-A763-BE8CF8F8F1BC} - iwauqng5.dll ActiveSetup-{7D94FE9D-0031-4911-9D51-2A24CB88120C} - pbutk.dll ActiveSetup-{C1DDC416-23B2-4876-A75C-2D1902CCD0C3} - usmkppl.dll ActiveSetup-{D44AAFDA-1AF4-45AA-9813-6337EDFA496C} - jnjvcpxk1.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-11-06 14:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3976) c:\windows\system32\WININET.dll c:\documents and settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\wdfmgr.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\AGRSMMSG.exe c:\windows\ALCXMNTR.EXE . ************************************************************************** . Completion time: 2010-11-06 14:09:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-11-06 19:09 ComboFix2.txt 2009-12-12 02:24 Pre-Run: 32,529,850,368 bytes free Post-Run: 36,105,555,968 bytes free - - End Of File - - 88632619534D233B6F2624D544DBFE1A -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
got it! -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, in normal mode AFD shows up again and two runs of TDSSKiller found both times (delete doesn't delete apparently). Here's the log from the second run in normal mode: 2010/11/06 12:46:07.0890 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/06 12:46:07.0890 ================================================================================ 2010/11/06 12:46:07.0890 SystemInfo: 2010/11/06 12:46:07.0890 2010/11/06 12:46:07.0890 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/06 12:46:07.0890 Product type: Workstation 2010/11/06 12:46:07.0890 ComputerName: COMPAQ 2010/11/06 12:46:07.0890 UserName: Compaq_Owner 2010/11/06 12:46:07.0890 Windows directory: C:\WINDOWS 2010/11/06 12:46:07.0890 System windows directory: C:\WINDOWS 2010/11/06 12:46:07.0890 Processor architecture: Intel x86 2010/11/06 12:46:07.0890 Number of processors: 1 2010/11/06 12:46:07.0890 Page size: 0x1000 2010/11/06 12:46:07.0890 Boot type: Normal boot 2010/11/06 12:46:07.0890 ================================================================================ 2010/11/06 12:46:10.0296 Initialize success 2010/11/06 12:46:12.0250 ================================================================================ 2010/11/06 12:46:12.0250 Scan started 2010/11/06 12:46:12.0250 Mode: Manual; 2010/11/06 12:46:12.0250 ================================================================================ 2010/11/06 12:46:21.0859 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/06 12:46:22.0906 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/06 12:46:24.0375 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/06 12:46:24.0984 AFD (3d57e667e01b695a298dc553761742a3) C:\WINDOWS\System32\drivers\afd.sys 2010/11/06 12:46:24.0984 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 3d57e667e01b695a298dc553761742a3, Fake md5: 7e775010ef291da96ad17ca4b17137d7 2010/11/06 12:46:25.0000 AFD - detected Forged file (1) 2010/11/06 12:46:25.0375 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/11/06 12:46:29.0453 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/11/06 12:46:32.0046 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/06 12:46:33.0953 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/06 12:46:34.0406 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/06 12:46:35.0328 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/06 12:46:35.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/06 12:46:36.0250 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/11/06 12:46:36.0484 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/06 12:46:36.0750 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/06 12:46:37.0203 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/06 12:46:37.0453 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/06 12:46:38.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/06 12:46:38.0390 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/06 12:46:38.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/06 12:46:40.0109 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/06 12:46:40.0375 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/06 12:46:40.0968 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/06 12:46:41.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/06 12:46:41.0484 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/06 12:46:41.0968 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/06 12:46:42.0328 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/06 12:46:42.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/06 12:46:42.0765 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/06 12:46:42.0953 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/06 12:46:43.0109 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/06 12:46:43.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/06 12:46:43.0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/06 12:46:43.0640 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2010/11/06 12:46:43.0781 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/06 12:46:43.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/06 12:46:44.0125 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/06 12:46:44.0593 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/06 12:46:45.0109 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/06 12:46:45.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/06 12:46:45.0609 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/06 12:46:45.0765 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/06 12:46:45.0921 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/06 12:46:46.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/06 12:46:46.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/06 12:46:46.0500 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/06 12:46:46.0703 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/06 12:46:46.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/06 12:46:47.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/06 12:46:47.0359 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/06 12:46:47.0531 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/06 12:46:47.0796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/06 12:46:48.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/06 12:46:48.0812 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/06 12:46:49.0171 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/06 12:46:49.0406 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/06 12:46:49.0656 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/06 12:46:49.0875 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/06 12:46:50.0281 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/06 12:46:50.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/06 12:46:50.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/06 12:46:51.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/06 12:46:51.0359 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/06 12:46:51.0593 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/06 12:46:51.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/06 12:46:52.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/06 12:46:52.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/06 12:46:52.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/06 12:46:52.0890 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/06 12:46:53.0093 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/06 12:46:53.0343 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/06 12:46:53.0562 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/06 12:46:53.0765 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/06 12:46:54.0062 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/06 12:46:54.0281 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/06 12:46:54.0578 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/06 12:46:54.0984 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/06 12:46:55.0187 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/06 12:46:55.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/06 12:46:55.0562 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/06 12:46:55.0906 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/06 12:46:56.0156 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/06 12:46:56.0343 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/06 12:46:56.0671 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/11/06 12:46:56.0843 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/06 12:46:57.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/06 12:46:57.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/06 12:47:01.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/06 12:47:01.0562 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/06 12:47:01.0984 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/11/06 12:47:02.0281 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/06 12:47:02.0625 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 2010/11/06 12:47:03.0156 PSINFile (d5c75c5238c52f0c664d23a7ffe38a5c) C:\WINDOWS\system32\DRIVERS\PSINFile.sys 2010/11/06 12:47:03.0500 PSINKNC (3942d3cfab0545f599e6eff2b8a1aad2) C:\WINDOWS\system32\DRIVERS\psinknc.sys 2010/11/06 12:47:04.0000 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys 2010/11/06 12:47:04.0328 PSINProt (7803cb196f872c7e359c5c71e0a9ac69) C:\WINDOWS\system32\DRIVERS\PSINProt.sys 2010/11/06 12:47:04.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/06 12:47:05.0156 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/06 12:47:06.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/06 12:47:06.0734 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/06 12:47:07.0046 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/06 12:47:07.0390 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/06 12:47:07.0625 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/06 12:47:07.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/06 12:47:08.0171 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/06 12:47:08.0562 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/06 12:47:09.0312 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/11/06 12:47:09.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/06 12:47:09.0921 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/06 12:47:10.0078 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/06 12:47:10.0296 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/11/06 12:47:10.0843 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 2010/11/06 12:47:11.0109 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 2010/11/06 12:47:11.0468 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys 2010/11/06 12:47:11.0765 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys 2010/11/06 12:47:12.0218 smserial (bc871f7565c714252e836234043f77a5) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/11/06 12:47:13.0250 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/06 12:47:13.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/06 12:47:13.0921 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/06 12:47:14.0265 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/06 12:47:14.0625 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/06 12:47:14.0937 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/06 12:47:16.0906 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/06 12:47:17.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/06 12:47:18.0875 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/06 12:47:19.0593 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/06 12:47:20.0234 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/06 12:47:21.0781 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/06 12:47:24.0000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/06 12:47:26.0375 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/06 12:47:27.0062 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/06 12:47:27.0421 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/06 12:47:28.0171 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/06 12:47:28.0765 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/06 12:47:29.0437 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/06 12:47:30.0140 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/11/06 12:47:30.0671 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/06 12:47:31.0265 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/06 12:47:32.0281 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/06 12:47:32.0953 ================================================================================ 2010/11/06 12:47:32.0953 Scan finished 2010/11/06 12:47:32.0953 ================================================================================ 2010/11/06 12:47:32.0968 Detected object count: 1 2010/11/06 12:47:40.0875 HKLM\SYSTEM\ControlSet001\services\AFD - will be deleted after reboot 2010/11/06 12:47:40.0875 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\AFD - will be deleted after reboot 2010/11/06 12:47:40.0875 HKLM\SYSTEM\ControlSet002\services\AFD - will be deleted after reboot 2010/11/06 12:47:40.0875 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\AFD - will be deleted after reboot 2010/11/06 12:47:40.0875 HKLM\SYSTEM\ControlSet003\services\AFD - will be deleted after reboot 2010/11/06 12:47:40.0875 HKLM\SYSTEM\ControlSet003\control\safeboot\Network\AFD - will be deleted after reboot 2010/11/06 12:47:40.0890 C:\WINDOWS\System32\drivers\afd.sys - will be deleted after reboot 2010/11/06 12:47:40.0890 Forged file(AFD) - User select action: Delete 2010/11/06 12:47:44.0265 Deinitialize success -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
No, it was safe mode. Will do and repost ASAP. -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, did reboot into safe mode and ran TDSSKiller again, it found only one file (vbma297a) and I deleted. I rebooted a second time into safe mode, repeat run of TDSSKiller and below is the log file. 2010/11/06 12:25:45.0015 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/06 12:25:45.0015 ================================================================================ 2010/11/06 12:25:45.0015 SystemInfo: 2010/11/06 12:25:45.0015 2010/11/06 12:25:45.0015 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/06 12:25:45.0015 Product type: Workstation 2010/11/06 12:25:45.0015 ComputerName: COMPAQ 2010/11/06 12:25:45.0015 UserName: Compaq_Owner 2010/11/06 12:25:45.0015 Windows directory: C:\WINDOWS 2010/11/06 12:25:45.0015 System windows directory: C:\WINDOWS 2010/11/06 12:25:45.0015 Processor architecture: Intel x86 2010/11/06 12:25:45.0015 Number of processors: 1 2010/11/06 12:25:45.0015 Page size: 0x1000 2010/11/06 12:25:45.0015 Boot type: Safe boot 2010/11/06 12:25:45.0015 ================================================================================ 2010/11/06 12:25:45.0765 Initialize success 2010/11/06 12:25:49.0000 ================================================================================ 2010/11/06 12:25:49.0000 Scan started 2010/11/06 12:25:49.0000 Mode: Manual; 2010/11/06 12:25:49.0000 ================================================================================ 2010/11/06 12:25:54.0109 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/06 12:25:54.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/06 12:25:55.0812 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/06 12:25:56.0593 AFD (3d57e667e01b695a298dc553761742a3) C:\WINDOWS\System32\drivers\afd.sys 2010/11/06 12:25:57.0718 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/11/06 12:26:00.0859 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/11/06 12:26:03.0218 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/06 12:26:05.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/06 12:26:05.0640 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/06 12:26:06.0578 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/06 12:26:07.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/06 12:26:07.0593 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/11/06 12:26:08.0218 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/06 12:26:08.0828 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/06 12:26:09.0500 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/06 12:26:10.0093 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/06 12:26:11.0156 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/06 12:26:11.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/06 12:26:12.0281 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/06 12:26:15.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/06 12:26:15.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/06 12:26:16.0875 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/06 12:26:17.0406 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/06 12:26:17.0843 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/06 12:26:18.0687 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/06 12:26:19.0203 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/06 12:26:19.0703 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/06 12:26:20.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/06 12:26:20.0578 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/06 12:26:21.0046 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/06 12:26:21.0484 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/06 12:26:21.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/06 12:26:22.0375 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2010/11/06 12:26:22.0796 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/06 12:26:23.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/06 12:26:23.0640 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/06 12:26:25.0125 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/06 12:26:26.0515 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/06 12:26:27.0078 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/06 12:26:28.0250 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/06 12:26:28.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/06 12:26:29.0437 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/06 12:26:30.0000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/06 12:26:30.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/06 12:26:31.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/06 12:26:31.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/06 12:26:32.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/06 12:26:32.0875 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/06 12:26:33.0437 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/06 12:26:33.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/06 12:26:34.0687 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/06 12:26:35.0609 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/06 12:26:36.0046 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/06 12:26:36.0453 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/06 12:26:36.0968 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/06 12:26:37.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/06 12:26:38.0046 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/06 12:26:39.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/06 12:26:39.0765 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/06 12:26:40.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/06 12:26:41.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/06 12:26:41.0578 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/06 12:26:42.0046 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/06 12:26:42.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/06 12:26:42.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/06 12:26:43.0437 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/06 12:26:43.0906 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/06 12:26:44.0328 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/06 12:26:44.0781 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/06 12:26:45.0218 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/06 12:26:45.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/06 12:26:46.0109 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/06 12:26:46.0640 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/06 12:26:47.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/06 12:26:47.0703 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/06 12:26:48.0328 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/06 12:26:48.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/06 12:26:49.0156 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/06 12:26:49.0578 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/06 12:26:50.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/06 12:26:50.0468 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/06 12:26:50.0906 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/06 12:26:51.0343 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/11/06 12:26:51.0765 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/06 12:26:52.0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/06 12:26:52.0937 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/06 12:26:55.0312 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/06 12:26:55.0750 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/06 12:26:56.0187 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/11/06 12:26:56.0609 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/06 12:26:57.0109 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 2010/11/06 12:26:57.0593 PSINFile (d5c75c5238c52f0c664d23a7ffe38a5c) C:\WINDOWS\system32\DRIVERS\PSINFile.sys 2010/11/06 12:26:58.0109 PSINKNC (3942d3cfab0545f599e6eff2b8a1aad2) C:\WINDOWS\system32\DRIVERS\psinknc.sys 2010/11/06 12:26:58.0609 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys 2010/11/06 12:26:59.0140 PSINProt (7803cb196f872c7e359c5c71e0a9ac69) C:\WINDOWS\system32\DRIVERS\PSINProt.sys 2010/11/06 12:26:59.0578 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/06 12:26:59.0984 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/06 12:27:01.0890 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/06 12:27:02.0421 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/06 12:27:02.0859 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/06 12:27:03.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/06 12:27:03.0750 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/06 12:27:04.0218 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/06 12:27:04.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/06 12:27:05.0156 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/06 12:27:05.0937 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/11/06 12:27:06.0359 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/06 12:27:06.0781 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/06 12:27:07.0218 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/06 12:27:07.0656 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/11/06 12:27:08.0437 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 2010/11/06 12:27:08.0921 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 2010/11/06 12:27:09.0328 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys 2010/11/06 12:27:09.0750 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys 2010/11/06 12:27:10.0453 smserial (bc871f7565c714252e836234043f77a5) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/11/06 12:27:11.0453 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/06 12:27:11.0890 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/06 12:27:12.0453 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/06 12:27:12.0968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/06 12:27:13.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/06 12:27:13.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/06 12:27:15.0546 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/06 12:27:16.0125 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/06 12:27:16.0671 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/06 12:27:17.0093 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/06 12:27:17.0515 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/06 12:27:18.0265 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/06 12:27:19.0109 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/06 12:27:19.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/06 12:27:20.0109 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/06 12:27:20.0531 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/06 12:27:20.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/06 12:27:21.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/06 12:27:21.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/06 12:27:22.0218 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/11/06 12:27:22.0625 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/06 12:27:23.0093 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/06 12:27:23.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/06 12:27:24.0421 ================================================================================ 2010/11/06 12:27:24.0421 Scan finished 2010/11/06 12:27:24.0421 ================================================================================ -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LD, it doesn't appear that "delete" deletes the files. I've run TDDSkiller scans four times and every time it finds the same files (AFD & vbma297a), so I select "delete" and reboot but no change. Below is the last log file: 2010/11/06 12:03:15.0843 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/06 12:03:15.0843 ================================================================================ 2010/11/06 12:03:15.0843 SystemInfo: 2010/11/06 12:03:15.0843 2010/11/06 12:03:15.0843 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/06 12:03:15.0843 Product type: Workstation 2010/11/06 12:03:15.0843 ComputerName: COMPAQ 2010/11/06 12:03:15.0843 UserName: Compaq_Owner 2010/11/06 12:03:15.0843 Windows directory: C:\WINDOWS 2010/11/06 12:03:15.0843 System windows directory: C:\WINDOWS 2010/11/06 12:03:15.0843 Processor architecture: Intel x86 2010/11/06 12:03:15.0843 Number of processors: 1 2010/11/06 12:03:15.0843 Page size: 0x1000 2010/11/06 12:03:15.0843 Boot type: Normal boot 2010/11/06 12:03:15.0843 ================================================================================ 2010/11/06 12:03:16.0593 Initialize success 2010/11/06 12:03:17.0984 ================================================================================ 2010/11/06 12:03:17.0984 Scan started 2010/11/06 12:03:17.0984 Mode: Manual; 2010/11/06 12:03:17.0984 ================================================================================ 2010/11/06 12:03:23.0984 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/06 12:03:24.0515 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/06 12:03:25.0312 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/06 12:03:26.0031 AFD (3d57e667e01b695a298dc553761742a3) C:\WINDOWS\System32\drivers\afd.sys 2010/11/06 12:03:26.0046 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 3d57e667e01b695a298dc553761742a3, Fake md5: 7e775010ef291da96ad17ca4b17137d7 2010/11/06 12:03:26.0062 AFD - detected Forged file (1) 2010/11/06 12:03:26.0734 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/11/06 12:03:30.0015 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/11/06 12:03:32.0000 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/06 12:03:33.0000 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/06 12:03:33.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/06 12:03:33.0765 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/06 12:03:34.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/06 12:03:34.0578 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/11/06 12:03:34.0984 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/06 12:03:35.0375 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/06 12:03:35.0734 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/06 12:03:36.0062 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/06 12:03:36.0515 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/06 12:03:36.0750 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/06 12:03:36.0921 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/06 12:03:37.0937 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/06 12:03:38.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/06 12:03:40.0265 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/06 12:03:41.0812 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/06 12:03:43.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/06 12:03:44.0109 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/06 12:03:45.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/06 12:03:46.0046 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/06 12:03:47.0140 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/06 12:03:47.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/06 12:03:48.0718 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/06 12:03:49.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/06 12:03:50.0093 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/06 12:03:51.0000 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2010/11/06 12:03:51.0718 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/06 12:03:52.0203 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/06 12:03:52.0390 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/06 12:03:54.0671 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/06 12:03:56.0296 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/06 12:03:56.0859 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/06 12:03:57.0984 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/06 12:03:58.0546 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/06 12:03:59.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/06 12:03:59.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/06 12:03:59.0968 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/06 12:04:00.0421 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/06 12:04:01.0031 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/06 12:04:01.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/06 12:04:02.0187 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/06 12:04:02.0437 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/06 12:04:02.0859 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/06 12:04:03.0156 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/06 12:04:03.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/06 12:04:03.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/06 12:04:04.0093 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/06 12:04:04.0421 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/06 12:04:04.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/06 12:04:04.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/06 12:04:05.0078 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/06 12:04:05.0406 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/06 12:04:05.0890 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/06 12:04:06.0109 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/06 12:04:06.0328 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/06 12:04:06.0562 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/06 12:04:06.0796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/06 12:04:07.0000 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/06 12:04:07.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/06 12:04:07.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/06 12:04:08.0062 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/06 12:04:08.0296 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/06 12:04:08.0593 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/06 12:04:08.0875 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/06 12:04:09.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/06 12:04:09.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/06 12:04:10.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/06 12:04:10.0750 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/06 12:04:11.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/06 12:04:12.0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/06 12:04:12.0515 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/06 12:04:12.0765 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/06 12:04:13.0109 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/06 12:04:13.0421 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/06 12:04:13.0703 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/06 12:04:13.0906 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/11/06 12:04:14.0171 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/06 12:04:14.0734 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/06 12:04:14.0984 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/06 12:04:16.0296 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/06 12:04:16.0796 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/06 12:04:17.0109 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/11/06 12:04:17.0390 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/06 12:04:17.0765 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 2010/11/06 12:04:18.0062 PSINFile (d5c75c5238c52f0c664d23a7ffe38a5c) C:\WINDOWS\system32\DRIVERS\PSINFile.sys 2010/11/06 12:04:18.0406 PSINKNC (3942d3cfab0545f599e6eff2b8a1aad2) C:\WINDOWS\system32\DRIVERS\psinknc.sys 2010/11/06 12:04:18.0671 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys 2010/11/06 12:04:18.0906 PSINProt (7803cb196f872c7e359c5c71e0a9ac69) C:\WINDOWS\system32\DRIVERS\PSINProt.sys 2010/11/06 12:04:19.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/06 12:04:19.0546 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/06 12:04:20.0046 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/06 12:04:20.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/06 12:04:20.0375 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/06 12:04:20.0546 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/06 12:04:20.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/06 12:04:20.0859 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/06 12:04:21.0031 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/06 12:04:21.0203 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/06 12:04:21.0453 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/11/06 12:04:21.0609 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/06 12:04:21.0781 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/06 12:04:21.0921 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/06 12:04:22.0093 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/11/06 12:04:22.0328 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 2010/11/06 12:04:22.0515 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 2010/11/06 12:04:22.0656 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys 2010/11/06 12:04:22.0812 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys 2010/11/06 12:04:22.0984 smserial (bc871f7565c714252e836234043f77a5) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/11/06 12:04:23.0265 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/06 12:04:23.0437 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/06 12:04:23.0593 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/06 12:04:23.0781 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/06 12:04:23.0937 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/06 12:04:24.0109 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/06 12:04:24.0625 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/06 12:04:24.0796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/06 12:04:24.0984 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/06 12:04:25.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/06 12:04:25.0312 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/06 12:04:25.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/06 12:04:25.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/06 12:04:26.0046 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/06 12:04:26.0187 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/06 12:04:26.0359 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/06 12:04:26.0484 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/06 12:04:26.0640 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/06 12:04:26.0656 Suspicious service (NoAccess): vbma297a 2010/11/06 12:04:26.0828 vbma297a (a2e13ce027a5bd8c798039ae4559eec1) C:\WINDOWS\system32\drivers\vbma297a.sys 2010/11/06 12:04:26.0828 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma297a.sys. md5: a2e13ce027a5bd8c798039ae4559eec1 2010/11/06 12:04:26.0843 vbma297a - detected Locked service (1) 2010/11/06 12:04:26.0984 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/06 12:04:27.0125 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/11/06 12:04:27.0281 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/06 12:04:27.0562 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/06 12:04:27.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/06 12:04:28.0109 ================================================================================ 2010/11/06 12:04:28.0109 Scan finished 2010/11/06 12:04:28.0109 ================================================================================ 2010/11/06 12:04:28.0140 Detected object count: 2 2010/11/06 12:04:36.0140 HKLM\SYSTEM\ControlSet001\services\AFD - will be deleted after reboot 2010/11/06 12:04:36.0156 HKLM\SYSTEM\ControlSet001\control\safeboot\Network\AFD - will be deleted after reboot 2010/11/06 12:04:36.0156 HKLM\SYSTEM\ControlSet002\services\AFD - will be deleted after reboot 2010/11/06 12:04:36.0156 HKLM\SYSTEM\ControlSet002\control\safeboot\Network\AFD - will be deleted after reboot 2010/11/06 12:04:36.0156 HKLM\SYSTEM\ControlSet003\services\AFD - will be deleted after reboot 2010/11/06 12:04:36.0156 HKLM\SYSTEM\ControlSet003\control\safeboot\Network\AFD - will be deleted after reboot 2010/11/06 12:04:36.0171 C:\WINDOWS\System32\drivers\afd.sys - will be deleted after reboot 2010/11/06 12:04:36.0171 Forged file(AFD) - User select action: Delete 2010/11/06 12:04:36.0171 HKLM\SYSTEM\ControlSet002\services\vbma297a - will be deleted after reboot 2010/11/06 12:04:36.0171 HKLM\SYSTEM\ControlSet003\services\vbma297a - will be deleted after reboot 2010/11/06 12:04:36.0171 C:\WINDOWS\system32\drivers\vbma297a.sys - will be deleted after reboot 2010/11/06 12:04:36.0171 Locked service(vbma297a) - User select action: Delete 2010/11/06 12:04:38.0265 Deinitialize success -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LDTate, I would like clarification on "cure": my options on the two suspicious files (AFD & vbma297a) are "skip", "quarantine" and "delete"; do I delete or quarantine? -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
Here you go: 2010/11/06 09:58:55.0875 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/06 09:58:55.0875 ================================================================================ 2010/11/06 09:58:55.0875 SystemInfo: 2010/11/06 09:58:55.0875 2010/11/06 09:58:55.0875 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/06 09:58:55.0875 Product type: Workstation 2010/11/06 09:58:55.0875 ComputerName: COMPAQ 2010/11/06 09:58:55.0875 UserName: Compaq_Owner 2010/11/06 09:58:55.0875 Windows directory: C:\WINDOWS 2010/11/06 09:58:55.0875 System windows directory: C:\WINDOWS 2010/11/06 09:58:55.0875 Processor architecture: Intel x86 2010/11/06 09:58:55.0875 Number of processors: 1 2010/11/06 09:58:55.0875 Page size: 0x1000 2010/11/06 09:58:55.0875 Boot type: Normal boot 2010/11/06 09:58:55.0875 ================================================================================ 2010/11/06 09:58:56.0921 Initialize success 2010/11/06 09:59:04.0687 ================================================================================ 2010/11/06 09:59:04.0687 Scan started 2010/11/06 09:59:04.0687 Mode: Manual; 2010/11/06 09:59:04.0687 ================================================================================ 2010/11/06 09:59:06.0234 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/06 09:59:06.0421 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/06 09:59:06.0656 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/06 09:59:06.0859 AFD (3d57e667e01b695a298dc553761742a3) C:\WINDOWS\System32\drivers\afd.sys 2010/11/06 09:59:06.0859 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 3d57e667e01b695a298dc553761742a3, Fake md5: 7e775010ef291da96ad17ca4b17137d7 2010/11/06 09:59:06.0875 AFD - detected Forged file (1) 2010/11/06 09:59:07.0046 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/11/06 09:59:08.0171 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/11/06 09:59:09.0734 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/06 09:59:10.0906 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/06 09:59:11.0265 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/06 09:59:11.0843 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/06 09:59:12.0171 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/06 09:59:12.0515 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/11/06 09:59:12.0875 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/06 09:59:13.0093 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/06 09:59:13.0437 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/06 09:59:13.0718 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/06 09:59:14.0218 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/06 09:59:14.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/06 09:59:14.0812 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/06 09:59:16.0171 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/06 09:59:16.0531 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/06 09:59:16.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/06 09:59:17.0343 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/06 09:59:17.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/06 09:59:18.0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/06 09:59:18.0453 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/06 09:59:18.0890 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/06 09:59:19.0125 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/06 09:59:19.0343 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/06 09:59:19.0515 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/06 09:59:19.0718 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/06 09:59:19.0875 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/06 09:59:20.0046 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2010/11/06 09:59:20.0187 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/06 09:59:20.0328 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/06 09:59:20.0500 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/06 09:59:20.0875 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/06 09:59:21.0171 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/06 09:59:21.0328 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/06 09:59:21.0578 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/06 09:59:21.0734 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/06 09:59:21.0953 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/06 09:59:22.0109 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/06 09:59:22.0359 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/06 09:59:22.0718 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/06 09:59:23.0031 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/06 09:59:23.0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/06 09:59:23.0546 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/06 09:59:23.0796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/06 09:59:24.0031 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/06 09:59:24.0312 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/06 09:59:24.0734 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/06 09:59:24.0968 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/06 09:59:25.0156 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/06 09:59:25.0359 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/06 09:59:25.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/06 09:59:25.0828 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/06 09:59:26.0234 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/06 09:59:26.0484 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/06 09:59:26.0703 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/06 09:59:27.0000 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/06 09:59:27.0203 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/06 09:59:27.0484 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/06 09:59:27.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/06 09:59:27.0937 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/06 09:59:28.0171 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/06 09:59:28.0468 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/06 09:59:28.0718 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/06 09:59:28.0953 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/06 09:59:29.0171 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/06 09:59:29.0406 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/06 09:59:29.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/06 09:59:30.0015 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/06 09:59:30.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/06 09:59:30.0468 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/06 09:59:30.0843 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/06 09:59:31.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/06 09:59:31.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/06 09:59:31.0531 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/06 09:59:31.0812 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/06 09:59:32.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/06 09:59:32.0203 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/06 09:59:32.0484 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/11/06 09:59:32.0703 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/06 09:59:33.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/06 09:59:33.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/06 09:59:34.0328 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/06 09:59:34.0562 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/06 09:59:34.0906 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/11/06 09:59:35.0328 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/06 09:59:35.0578 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 2010/11/06 09:59:35.0828 PSINFile (d5c75c5238c52f0c664d23a7ffe38a5c) C:\WINDOWS\system32\DRIVERS\PSINFile.sys 2010/11/06 09:59:36.0093 PSINKNC (3942d3cfab0545f599e6eff2b8a1aad2) C:\WINDOWS\system32\DRIVERS\psinknc.sys 2010/11/06 09:59:36.0375 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys 2010/11/06 09:59:36.0687 PSINProt (7803cb196f872c7e359c5c71e0a9ac69) C:\WINDOWS\system32\DRIVERS\PSINProt.sys 2010/11/06 09:59:36.0921 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/06 09:59:37.0140 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/06 09:59:38.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/06 09:59:38.0218 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/06 09:59:38.0453 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/06 09:59:38.0718 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/06 09:59:39.0078 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/06 09:59:39.0359 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/06 09:59:39.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/06 09:59:39.0953 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/06 09:59:40.0406 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/11/06 09:59:40.0656 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/06 09:59:40.0921 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/06 09:59:41.0140 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/06 09:59:41.0421 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/11/06 09:59:41.0953 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 2010/11/06 09:59:42.0218 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 2010/11/06 09:59:42.0468 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys 2010/11/06 09:59:42.0718 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys 2010/11/06 09:59:43.0125 smserial (bc871f7565c714252e836234043f77a5) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/11/06 09:59:43.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/06 09:59:44.0093 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/06 09:59:44.0375 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/06 09:59:44.0656 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/06 09:59:44.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/06 09:59:45.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/06 09:59:46.0062 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/06 09:59:46.0359 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/06 09:59:46.0640 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/06 09:59:46.0921 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/06 09:59:47.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/06 09:59:47.0843 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/06 09:59:48.0125 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/06 09:59:48.0343 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/06 09:59:48.0484 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/06 09:59:48.0656 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/06 09:59:48.0796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/06 09:59:48.0984 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/06 09:59:49.0000 Suspicious service (NoAccess): vbma297a 2010/11/06 09:59:49.0171 vbma297a (a2e13ce027a5bd8c798039ae4559eec1) C:\WINDOWS\system32\drivers\vbma297a.sys 2010/11/06 09:59:49.0171 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma297a.sys. md5: a2e13ce027a5bd8c798039ae4559eec1 2010/11/06 09:59:49.0187 vbma297a - detected Locked service (1) 2010/11/06 09:59:49.0328 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/06 09:59:49.0500 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/11/06 09:59:49.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/06 09:59:49.0843 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/06 09:59:50.0078 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/06 09:59:50.0390 ================================================================================ 2010/11/06 09:59:50.0390 Scan finished 2010/11/06 09:59:50.0390 ================================================================================ 2010/11/06 09:59:50.0406 Detected object count: 2 2010/11/06 10:00:06.0921 Forged file(AFD) - User select action: Skip 2010/11/06 10:00:06.0921 Locked service(vbma297a) - User select action: Skip 2010/11/06 10:00:13.0281 Deinitialize success -
Infected PC won't run any antivirus or scan
bunruh replied to bunruh's topic in Resolved Malware Removal Logs
LDTate, below is the text from TDSSKiller log file: 2010/11/05 22:07:40.0937 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43 2010/11/05 22:07:40.0937 ================================================================================ 2010/11/05 22:07:40.0937 SystemInfo: 2010/11/05 22:07:40.0937 2010/11/05 22:07:40.0937 OS Version: 5.1.2600 ServicePack: 3.0 2010/11/05 22:07:40.0937 Product type: Workstation 2010/11/05 22:07:40.0937 ComputerName: COMPAQ 2010/11/05 22:07:40.0937 UserName: Compaq_Owner 2010/11/05 22:07:40.0937 Windows directory: C:\WINDOWS 2010/11/05 22:07:40.0937 System windows directory: C:\WINDOWS 2010/11/05 22:07:40.0937 Processor architecture: Intel x86 2010/11/05 22:07:40.0937 Number of processors: 1 2010/11/05 22:07:40.0937 Page size: 0x1000 2010/11/05 22:07:40.0937 Boot type: Normal boot 2010/11/05 22:07:40.0937 ================================================================================ 2010/11/05 22:07:41.0218 Initialize success 2010/11/05 22:07:48.0687 ================================================================================ 2010/11/05 22:07:48.0687 Scan started 2010/11/05 22:07:48.0687 Mode: Manual; 2010/11/05 22:07:48.0687 ================================================================================ 2010/11/05 22:07:50.0031 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/11/05 22:07:50.0234 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/11/05 22:07:50.0531 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/11/05 22:07:50.0718 AFD (3d57e667e01b695a298dc553761742a3) C:\WINDOWS\System32\drivers\afd.sys 2010/11/05 22:07:50.0718 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 3d57e667e01b695a298dc553761742a3, Fake md5: 7e775010ef291da96ad17ca4b17137d7 2010/11/05 22:07:50.0734 AFD - detected Forged file (1) 2010/11/05 22:07:50.0968 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2010/11/05 22:07:51.0484 ALCXWDM (781c5ec517c53f5214b61253b20c13c4) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/11/05 22:07:51.0859 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/11/05 22:07:52.0281 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/11/05 22:07:52.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/11/05 22:07:52.0671 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/11/05 22:07:52.0859 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/11/05 22:07:53.0046 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys 2010/11/05 22:07:53.0203 avgntflt (1eb7d72a82f94f7e9496d363fce00b68) C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010/11/05 22:07:53.0359 avipbb (f8c56231ed5ecf7d1b46b0330880ccef) C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010/11/05 22:07:53.0546 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/11/05 22:07:53.0703 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/11/05 22:07:53.0953 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/11/05 22:07:54.0125 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/11/05 22:07:54.0312 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/11/05 22:07:55.0203 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/11/05 22:07:55.0406 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/11/05 22:07:55.0609 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/11/05 22:07:55.0765 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/11/05 22:07:55.0937 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/11/05 22:07:56.0171 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/11/05 22:07:56.0359 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/11/05 22:07:56.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/11/05 22:07:56.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/11/05 22:07:56.0859 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/11/05 22:07:57.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/11/05 22:07:57.0171 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/11/05 22:07:57.0343 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/11/05 22:07:57.0484 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2010/11/05 22:07:57.0625 GEARAspiWDM (2fb04db459c71f416ee8b05448ca4ac3) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2010/11/05 22:07:57.0765 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/11/05 22:07:57.0953 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/11/05 22:07:58.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/11/05 22:07:58.0859 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/11/05 22:07:59.0046 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/11/05 22:07:59.0296 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/11/05 22:07:59.0453 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/11/05 22:07:59.0609 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2010/11/05 22:07:59.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/11/05 22:07:59.0906 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/11/05 22:08:00.0078 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/11/05 22:08:00.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/11/05 22:08:00.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/11/05 22:08:00.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/11/05 22:08:00.0734 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/11/05 22:08:00.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/11/05 22:08:01.0093 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/11/05 22:08:01.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/11/05 22:08:01.0531 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/11/05 22:08:01.0703 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2010/11/05 22:08:01.0843 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/11/05 22:08:01.0984 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/11/05 22:08:02.0140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/11/05 22:08:02.0375 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/11/05 22:08:02.0578 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/11/05 22:08:02.0765 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/11/05 22:08:02.0921 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/11/05 22:08:03.0093 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/11/05 22:08:03.0250 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/11/05 22:08:03.0437 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/11/05 22:08:03.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/11/05 22:08:03.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/11/05 22:08:03.0953 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/11/05 22:08:04.0125 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/11/05 22:08:04.0281 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/11/05 22:08:04.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/11/05 22:08:04.0593 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/11/05 22:08:04.0734 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/11/05 22:08:04.0937 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/11/05 22:08:05.0109 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/11/05 22:08:05.0312 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/11/05 22:08:05.0531 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/11/05 22:08:05.0687 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/11/05 22:08:05.0843 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/11/05 22:08:06.0000 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/11/05 22:08:06.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/11/05 22:08:06.0343 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/11/05 22:08:06.0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/11/05 22:08:06.0640 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys 2010/11/05 22:08:06.0812 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/11/05 22:08:07.0015 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/11/05 22:08:07.0187 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/11/05 22:08:07.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/11/05 22:08:07.0937 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/11/05 22:08:08.0109 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys 2010/11/05 22:08:08.0250 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/11/05 22:08:08.0421 PSINAflt (469943fb4398df5662dd5d06193c0bb0) C:\WINDOWS\system32\DRIVERS\PSINAflt.sys 2010/11/05 22:08:08.0625 PSINFile (d5c75c5238c52f0c664d23a7ffe38a5c) C:\WINDOWS\system32\DRIVERS\PSINFile.sys 2010/11/05 22:08:08.0812 PSINKNC (3942d3cfab0545f599e6eff2b8a1aad2) C:\WINDOWS\system32\DRIVERS\psinknc.sys 2010/11/05 22:08:08.0984 PSINProc (d3730032f61fca2d2ae6a2daf90347b1) C:\WINDOWS\system32\DRIVERS\PSINProc.sys 2010/11/05 22:08:09.0171 PSINProt (7803cb196f872c7e359c5c71e0a9ac69) C:\WINDOWS\system32\DRIVERS\PSINProt.sys 2010/11/05 22:08:09.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/11/05 22:08:09.0468 PxHelp20 (30cbae0a34359f1cd19d1576245149ed) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/11/05 22:08:10.0000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/11/05 22:08:10.0171 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/11/05 22:08:10.0343 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/11/05 22:08:10.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/11/05 22:08:10.0640 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/11/05 22:08:10.0796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/11/05 22:08:11.0031 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/11/05 22:08:11.0296 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/11/05 22:08:11.0546 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2010/11/05 22:08:11.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/11/05 22:08:11.0953 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/11/05 22:08:12.0109 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/11/05 22:08:12.0406 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2010/11/05 22:08:12.0687 SiS315 (509d96916c7d9218e4083940b8711b9b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys 2010/11/05 22:08:12.0890 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys 2010/11/05 22:08:13.0031 SiSkp (2c921a4cce0b3eb372ebf448939fa3bf) C:\WINDOWS\system32\DRIVERS\srvkp.sys 2010/11/05 22:08:13.0187 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys 2010/11/05 22:08:13.0359 smserial (bc871f7565c714252e836234043f77a5) C:\WINDOWS\system32\DRIVERS\smserial.sys 2010/11/05 22:08:13.0625 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/11/05 22:08:13.0781 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/11/05 22:08:13.0953 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/11/05 22:08:14.0140 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010/11/05 22:08:14.0296 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/11/05 22:08:14.0484 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/11/05 22:08:14.0984 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/11/05 22:08:15.0203 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/11/05 22:08:15.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/11/05 22:08:15.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/11/05 22:08:15.0765 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/11/05 22:08:16.0031 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/11/05 22:08:16.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/11/05 22:08:16.0531 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/11/05 22:08:16.0828 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/11/05 22:08:17.0062 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2010/11/05 22:08:17.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/11/05 22:08:17.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/11/05 22:08:17.0406 Suspicious service (NoAccess): vbma297a 2010/11/05 22:08:17.0546 vbma297a (a2e13ce027a5bd8c798039ae4559eec1) C:\WINDOWS\system32\drivers\vbma297a.sys 2010/11/05 22:08:17.0546 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma297a.sys. md5: a2e13ce027a5bd8c798039ae4559eec1 2010/11/05 22:08:17.0562 vbma297a - detected Locked service (1) 2010/11/05 22:08:17.0718 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/11/05 22:08:17.0859 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/11/05 22:08:18.0000 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/11/05 22:08:18.0218 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/11/05 22:08:18.0437 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/11/05 22:08:18.0781 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/11/05 22:08:18.0781 ================================================================================ 2010/11/05 22:08:18.0781 Scan finished 2010/11/05 22:08:18.0781 ================================================================================ 2010/11/05 22:08:18.0796 Detected object count: 3 2010/11/05 22:08:39.0515 Forged file(AFD) - User select action: Skip 2010/11/05 22:08:39.0515 Locked service(vbma297a) - User select action: Skip 2010/11/05 22:08:39.0531 \HardDisk0 - will be cured after reboot 2010/11/05 22:08:39.0531 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/11/05 22:08:45.0593 Deinitialize success -
Hello, thanks in advance for the help you provide! I started down the path from "I'm infected - What do I do now?" but I can't get any antivirus programs to run correctly (Panda Cloud, or Avira) and I can't get Malwarebytes to run either. So I skipped to the Deffogger, DDS, GMER steps. I ran DeFogger and DDS but GMER won't run, when I click the Scan button it just disappears and no scan is done. below are the DDS.txt and Attach.txt contents. Thanks, Bryan U. DDS.txt DDS (Ver_10-11-03.01) - NTFSx86 Run by Compaq_Owner at 10:31:02.34 on Thu 11/04/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.379 [GMT -5:00] AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393} AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\AGRSMMSG.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe C:\Documents and Settings\All Users\Application Data\Panda Security Toolbar Antiphishing\panda2_0dn.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Compaq_Owner.COMPAQ\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://start.facemoods.com/?a=antn uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q105&bd=presario&pf=desktop uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://start.facemoods.com/?a=antn&s={searchTerms}&f=4 mURLSearchHooks: H - No File BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Internet Explorer Plugin: {3f7df0a5-ee85-4f8d-bf0d-9a6579e54f66} - oxia7.dll BHO: {51771a02-f117-4917-a014-02db9095f856} - Internet Explorer Plugin BHO: Internet Explorer Plugin: {695660b2-a29a-4ba2-b6ba-9467371a2af6} - usmkppl.dll BHO: {77dc0baa-3235-4ba9-8be8-aa9eb678fa02} - ADC PlugIn BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Internet Explorer Plugin: {dfc1a8d5-f5a4-453d-bb54-0a886678b9b0} - jnjvcpxk1.dll BHO: Internet Explorer Plugin: {f504486f-d95f-4098-a5fe-a510bbeee556} - pbutk.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [KBD] c:\hp\kbd\KBD.EXE mRun: [TkBellExe] //~c:\program files\common files\real\update_ob\realsched.exe -osboot mRun: [iTunesHelper] //~c:\program files\itunes\ituneshelper.exe mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE mRun: [PS2] c:\windows\system32\ps2.exe mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [Reminder] "c:\windows\creator\Remind_XP.exe" mRun: [AlcxMonitor] ALCXMNTR.EXE mRun: [siSPower] Rundll32.exe SiSPower.dll,ModeAgent mRun: [sMSERIAL] //~sm56hlpr.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar mRun: [Panda Security Toolbar Antiphishing] "c:\documents and settings\all users\application data\panda security toolbar antiphishing\panda2_0dn.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mPolicies-system: DisableTaskMgr = 1 (0x1) IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Notify: setcell - setcell.dll SSODL: bibiwaluk - {23890fbe-a206-400f-8a89-f094b6efd9d9} - No File SSODL: vimazodag - {b43f8a73-c416-4add-91f9-33f0e5a270ca} - No File SSODL: yeruzijep - {8b87616f-ccd9-4076-9873-1b724da2f16e} - No File SSODL: fagoziruy - {c4172249-1f32-4832-8982-80b4f33ff7f0} - No File SSODL: layezewan - {f1f47ee6-2383-4e1a-84b3-d4455fd87bdd} - No File SSODL: wuyagihes - {f012e104-dfa5-4939-8c39-b827ce01ae78} - No File STS: {23890fbe-a206-400f-8a89-f094b6efd9d9}: gahurihor STS: {b43f8a73-c416-4add-91f9-33f0e5a270ca}: gahurihor STS: {8b87616f-ccd9-4076-9873-1b724da2f16e}: mujuzedij STS: {c4172249-1f32-4832-8982-80b4f33ff7f0}: tokatiluy STS: {f1f47ee6-2383-4e1a-84b3-d4455fd87bdd}: tokatiluy STS: {f012e104-dfa5-4939-8c39-b827ce01ae78}: kupuhivus LSA: Notification Packages = scecli fopinope.dll mASetup: {11522865-037B-4E24-99D6-B43A3782302F} - rundll32 uaihv27.dll,laspi mASetup: {1DFC0CB0-CE09-4E94-BD01-91C2E9D2A7CA} - rundll32 oxia7.dll,laspi mASetup: {3513A6A1-9E64-411E-A763-BE8CF8F8F1BC} - rundll32 iwauqng5.dll,laspi mASetup: {7D94FE9D-0031-4911-9D51-2A24CB88120C} - rundll32 pbutk.dll,laspi mASetup: {C1DDC416-23B2-4876-A75C-2D1902CCD0C3} - rundll32 usmkppl.dll,laspi mASetup: {D44AAFDA-1AF4-45AA-9813-6337EDFA496C} - rundll32 jnjvcpxk1.dll,laspi ============= SERVICES / DRIVERS =============== R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-11-1 28552] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-2 11608] R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-2 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-2 267944] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-2 60936] R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384] R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096] R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624] R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456] S2 AdbUpd;Adobe Update Service; [x] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608] S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?] =============== Created Last 30 ================ 2010-11-02 20:59:40 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\Avira 2010-11-02 20:55:03 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-11-02 20:55:02 -------- d-----w- c:\program files\Avira 2010-11-02 20:55:02 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-11-02 17:50:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-02 17:50:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-02 02:41:35 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys 2010-11-01 23:41:17 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\Malwarebytes 2010-11-01 23:41:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-01 23:41:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-11-01 23:26:40 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\SurfSecret Privacy Suite 2010-11-01 23:21:57 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\Panda Security 2010-11-01 23:21:12 -------- d-----w- c:\docume~1\compaq~1.com\locals~1\applic~1\panda2_0dn 2010-11-01 23:21:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security Toolbar Antiphishing 2010-11-01 23:21:09 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\pandasecuritytb 2010-11-01 23:20:17 -------- d-----w- c:\program files\Panda Security 2010-11-01 23:20:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security 2010-10-31 04:28:25 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\facemoods.com 2010-10-25 16:58:36 -------- d-----w- c:\docume~1\compaq~1.com\applic~1\AskToolbar 2010-10-25 04:52:43 -------- d-----w- c:\docume~1\compaq~1.com\locals~1\applic~1\AskToolbar 2010-10-25 04:21:15 -------- d-----w- c:\program files\Ask.com 2010-10-13 01:26:57 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-13 01:26:56 974848 ------w- c:\windows\system32\dllcache\mfc42.dll 2010-10-13 01:26:44 617472 ------w- c:\windows\system32\dllcache\comctl32.dll ==================== Find3M ==================== 2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll 2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll 2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll 2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll 2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll 2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl 2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll 2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys 2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll 2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll 2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll 2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe 2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll 2005-06-22 00:40:56 774144 ----a-w- c:\program files\RngInterstitial.dll =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.1 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: SAMSUNG_SP0802N rev.TK200-04 -> \Device\Ide\PciIde1Channel0-2 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xF7E9411B]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; PUSH EBX; PUSH ESI; PUSH EDI; CMP EAX, [0xf7e97888]; JNZ 0x1f; MOV EBX, [EBP+0xc]; CALL 0xfffffffffffffd3b; } 1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x833773F8] 3 CLASSPNP[0xF7CEFFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x83219878] \Driver\Disk[0x82D25338] -> IRP_MJ_CREATE -> 0xF7E9411B error: Read The system cannot find the file specified. kernel: MBR read successfully _asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5c; } detected hooks: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_SP0802N_________________________TK200-04#30534a30324a5830374334353538202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found \Driver\atapi DriverStartIo -> 0x8337D292 user & kernel MBR OK Warning: possible TDL3 rootkit infection ! Filesystem trace: called modules: ntkrnlpa.exe hal.dll fltmgr.sys PSINFile.sys avgntflt.sys sr.sys Ntfs.sys c:\windows\system32\drivers\PSINFile.sys Panda Security, S.L. Panda Cloud Antivirus c:\windows\system32\drivers\avgntflt.sys Avira GmbH AntiVir Workstation 1 ntkrnlpa!IofCallDriver[0x804EE130] -> [0x82CFD020] 3 fltmgr[0xF7B1BE95] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x832E7DD0] 5 sr[0xF7B0B870] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x832E7520] 7 ntkrnlpa[0x80574DCB] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x82CFD020] 9 fltmgr[0xF7B1C098] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x832E7DD0] 11 sr[0xF7B06453] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x832E7520] Registry trace: called modules: ntkrnlpa.exe hal.dll >>UNKNOWN [0x82EBF3F0]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x10; PUSH ESI; XOR ESI, ESI; CMP [0x82ec5030], ESI; JZ 0x14b; CALL [0x82ec401c]; } ============= FINISH: 10:33:16.65 =============== Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-11-03.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume2 Install Date: 12/11/2009 11:48:03 PM System Uptime: 11/4/2010 10:28:14 AM (0 hours ago) Motherboard: ASUSTek Computer INC. | | Salmon Processor: AMD Sempron Processor 3000+ | Socket 754 | 1808/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 69 GiB total, 30.058 GiB free. D: is Removable E: is Removable F: is Removable G: is Removable H: is FIXED (FAT32) - 5 GiB total, 0.757 GiB free. I: is CDROM () J: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP1: 5/18/2010 9:15:45 PM - System Checkpoint RP2: 5/19/2010 3:00:21 AM - Software Distribution Service 3.0 RP3: 5/20/2010 3:00:15 AM - Software Distribution Service 3.0 RP4: 5/21/2010 3:00:18 AM - Software Distribution Service 3.0 RP5: 5/22/2010 12:01:47 AM - Software Distribution Service 3.0 RP6: 5/22/2010 3:00:14 AM - Software Distribution Service 3.0 RP7: 5/22/2010 12:06:55 PM - Software Distribution Service 3.0 RP8: 5/23/2010 3:00:15 AM - Software Distribution Service 3.0 RP9: 5/24/2010 3:00:20 AM - Software Distribution Service 3.0 RP10: 5/25/2010 9:20:54 AM - Software Distribution Service 3.0 RP11: 5/26/2010 3:00:20 AM - Software Distribution Service 3.0 RP12: 5/27/2010 3:00:18 AM - Software Distribution Service 3.0 RP13: 5/28/2010 10:12:09 AM - Software Distribution Service 3.0 RP14: 5/29/2010 3:00:18 AM - Software Distribution Service 3.0 RP15: 5/29/2010 4:26:09 PM - Software Distribution Service 3.0 RP16: 5/29/2010 7:09:24 PM - Software Distribution Service 3.0 RP17: 5/30/2010 3:00:17 AM - Software Distribution Service 3.0 RP18: 5/30/2010 3:19:35 PM - Software Distribution Service 3.0 RP19: 6/7/2010 11:05:09 AM - Software Distribution Service 3.0 RP20: 6/7/2010 1:30:16 PM - Software Distribution Service 3.0 RP21: 6/7/2010 8:47:07 PM - Software Distribution Service 3.0 RP22: 6/8/2010 9:05:40 PM - Software Distribution Service 3.0 RP23: 6/9/2010 12:59:06 PM - Software Distribution Service 3.0 RP24: 6/18/2010 4:34:51 PM - Software Distribution Service 3.0 RP25: 6/19/2010 1:38:59 PM - Software Distribution Service 3.0 RP26: 7/6/2010 11:37:38 PM - Software Distribution Service 3.0 RP27: 7/11/2010 11:38:43 PM - Software Distribution Service 3.0 RP28: 7/16/2010 10:35:18 PM - Software Distribution Service 3.0 RP29: 7/16/2010 10:44:49 PM - Avg Update RP30: 7/16/2010 11:14:20 PM - Software Distribution Service 3.0 RP31: 7/17/2010 10:25:40 PM - Software Distribution Service 3.0 RP32: 7/23/2010 11:53:36 PM - Software Distribution Service 3.0 RP33: 7/24/2010 12:23:16 AM - Software Distribution Service 3.0 RP34: 7/24/2010 6:53:47 PM - Software Distribution Service 3.0 RP35: 7/25/2010 1:06:51 AM - Software Distribution Service 3.0 RP36: 7/26/2010 1:22:36 AM - Software Distribution Service 3.0 RP37: 7/28/2010 6:03:21 PM - Software Distribution Service 3.0 RP38: 7/29/2010 12:09:15 PM - Software Distribution Service 3.0 RP39: 8/8/2010 5:29:30 PM - Software Distribution Service 3.0 RP40: 8/9/2010 3:25:09 PM - Software Distribution Service 3.0 RP41: 8/10/2010 1:46:39 PM - Software Distribution Service 3.0 RP42: 8/12/2010 12:27:28 PM - Software Distribution Service 3.0 RP43: 8/15/2010 3:00:21 AM - Software Distribution Service 3.0 RP44: 8/16/2010 3:00:16 AM - Software Distribution Service 3.0 RP45: 8/16/2010 3:04:50 AM - Software Distribution Service 3.0 RP46: 8/16/2010 10:37:31 PM - Software Distribution Service 3.0 RP47: 8/16/2010 10:42:51 PM - Installed Java 6 Update 21 RP48: 8/16/2010 10:48:57 PM - Avg Update RP49: 8/17/2010 3:00:16 AM - Software Distribution Service 3.0 RP50: 8/17/2010 6:04:37 PM - Software Distribution Service 3.0 RP51: 8/18/2010 3:00:19 AM - Software Distribution Service 3.0 RP52: 8/19/2010 3:03:24 AM - Software Distribution Service 3.0 RP53: 8/20/2010 3:00:15 AM - Software Distribution Service 3.0 RP54: 8/21/2010 3:30:04 AM - Software Distribution Service 3.0 RP55: 8/22/2010 3:00:18 AM - Software Distribution Service 3.0 RP56: 8/23/2010 10:36:07 PM - Software Distribution Service 3.0 RP57: 8/24/2010 3:00:24 AM - Software Distribution Service 3.0 RP58: 8/24/2010 10:48:57 PM - Software Distribution Service 3.0 RP59: 8/26/2010 3:18:24 PM - Software Distribution Service 3.0 RP60: 8/28/2010 6:51:27 PM - Software Distribution Service 3.0 RP61: 8/29/2010 3:00:25 AM - Software Distribution Service 3.0 RP62: 8/30/2010 3:00:21 AM - Software Distribution Service 3.0 RP63: 8/31/2010 3:51:42 PM - Software Distribution Service 3.0 RP64: 9/1/2010 3:00:16 AM - Software Distribution Service 3.0 RP65: 9/2/2010 3:00:16 AM - Software Distribution Service 3.0 RP66: 9/3/2010 3:00:16 AM - Software Distribution Service 3.0 RP67: 9/4/2010 10:15:50 PM - Software Distribution Service 3.0 RP68: 9/5/2010 3:00:22 AM - Software Distribution Service 3.0 RP69: 9/6/2010 1:16:05 AM - Software Distribution Service 3.0 RP70: 9/6/2010 1:03:39 PM - Software Distribution Service 3.0 RP71: 9/7/2010 3:00:21 AM - Software Distribution Service 3.0 RP72: 9/8/2010 3:00:26 AM - Software Distribution Service 3.0 RP73: 9/9/2010 3:00:19 AM - Software Distribution Service 3.0 RP74: 9/10/2010 3:00:20 AM - Software Distribution Service 3.0 RP75: 9/11/2010 9:24:05 AM - Software Distribution Service 3.0 RP76: 9/12/2010 3:00:22 AM - Software Distribution Service 3.0 RP77: 9/13/2010 3:00:18 AM - Software Distribution Service 3.0 RP78: 9/14/2010 3:00:18 AM - Software Distribution Service 3.0 RP79: 9/15/2010 3:34:16 AM - Software Distribution Service 3.0 RP80: 9/16/2010 3:00:22 AM - Software Distribution Service 3.0 RP81: 9/18/2010 5:40:49 PM - Software Distribution Service 3.0 RP82: 9/18/2010 8:29:29 PM - Software Distribution Service 3.0 RP83: 9/19/2010 9:38:17 AM - Software Distribution Service 3.0 RP84: 9/20/2010 3:00:21 AM - Software Distribution Service 3.0 RP85: 9/21/2010 3:00:22 AM - Software Distribution Service 3.0 RP86: 9/22/2010 3:00:21 AM - Software Distribution Service 3.0 RP87: 9/23/2010 6:39:45 AM - Software Distribution Service 3.0 RP88: 9/23/2010 9:40:25 PM - Avg Update RP89: 9/23/2010 9:41:01 PM - Avg Update RP90: 9/24/2010 3:00:20 AM - Software Distribution Service 3.0 RP91: 9/25/2010 3:00:14 AM - Software Distribution Service 3.0 RP92: 9/26/2010 3:00:18 AM - Software Distribution Service 3.0 RP93: 9/27/2010 3:00:22 AM - Software Distribution Service 3.0 RP94: 9/28/2010 3:00:16 AM - Software Distribution Service 3.0 RP95: 9/29/2010 11:19:47 PM - Software Distribution Service 3.0 RP96: 10/3/2010 1:09:16 PM - Software Distribution Service 3.0 RP97: 10/4/2010 3:00:18 AM - Software Distribution Service 3.0 RP98: 10/4/2010 6:34:50 PM - Avg Update RP99: 10/4/2010 9:32:00 PM - Software Distribution Service 3.0 RP100: 10/5/2010 8:26:22 PM - Software Distribution Service 3.0 RP101: 10/6/2010 8:24:20 AM - Software Distribution Service 3.0 RP102: 10/7/2010 3:00:20 AM - Software Distribution Service 3.0 RP103: 10/8/2010 7:50:05 AM - Software Distribution Service 3.0 RP104: 10/8/2010 10:31:34 PM - Software Distribution Service 3.0 RP105: 10/9/2010 8:59:14 AM - Software Distribution Service 3.0 RP106: 10/10/2010 5:55:13 AM - Software Distribution Service 3.0 RP107: 10/11/2010 3:00:21 AM - Software Distribution Service 3.0 RP108: 10/12/2010 7:31:55 AM - Software Distribution Service 3.0 RP109: 10/13/2010 3:00:30 AM - Software Distribution Service 3.0 RP110: 10/14/2010 7:42:22 PM - Software Distribution Service 3.0 RP111: 10/15/2010 1:03:05 AM - Software Distribution Service 3.0 RP112: 10/15/2010 11:44:24 AM - Software Distribution Service 3.0 RP113: 10/16/2010 9:19:44 AM - Software Distribution Service 3.0 RP114: 10/17/2010 10:19:54 PM - Software Distribution Service 3.0 RP115: 10/18/2010 6:55:34 AM - Software Distribution Service 3.0 RP116: 10/19/2010 3:00:14 AM - Software Distribution Service 3.0 RP117: 10/21/2010 12:04:40 AM - Software Distribution Service 3.0 RP118: 10/21/2010 10:21:20 AM - Software Distribution Service 3.0 RP119: 10/22/2010 1:35:32 PM - Software Distribution Service 3.0 RP120: 10/23/2010 3:00:22 AM - Software Distribution Service 3.0 RP121: 10/24/2010 1:11:51 PM - Software Distribution Service 3.0 RP122: 10/25/2010 3:00:22 AM - Software Distribution Service 3.0 RP123: 10/27/2010 12:24:28 AM - Software Distribution Service 3.0 RP124: 10/30/2010 9:22:17 PM - Software Distribution Service 3.0 RP125: 10/31/2010 3:00:23 AM - Software Distribution Service 3.0 RP126: 11/1/2010 3:00:23 AM - Software Distribution Service 3.0 RP127: 11/1/2010 6:27:22 PM - Removed AVG Free 9.0 RP128: 11/1/2010 6:29:24 PM - Installed AVG Free 9.0 RP129: 11/1/2010 9:17:04 PM - Software Distribution Service 3.0 RP130: 11/1/2010 9:38:33 PM - Software Distribution Service 3.0 RP131: 11/2/2010 11:12:06 AM - Software Distribution Service 3.0 RP132: 11/2/2010 2:59:24 PM - Software Distribution Service 3.0 RP133: 11/2/2010 3:55:02 PM - Avira AntiVir Personal - 11/2/2010 15:54 RP134: 11/4/2010 9:32:18 AM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Acrobat - Reader 6.0.2 Update Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 6.0.1 Agere Systems PCI Soft Modem Antivirus 2010 Ask Toolbar Avira AntiVir Personal - Free Antivirus Blackhawk Striker 2 from Compaq (remove only) Blasterball 2 from Compaq (remove only) Blasterball 2 Remix from Compaq (remove only) Bounce Symphony from Compaq (remove only) Crystal Maze from Compaq (remove only) Easy Internet Sign-up Help and Support Additions Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HP Product Detection HpSdpAppCoreApp InterVideo WinDVD Player iTunes Java 2 Runtime Environment, SE v1.4.2_03 Java Auto Updater Java 6 Update 21 KBD LimeWire 5.5.16 Malwarebytes' Anti-Malware Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Microsoft Office Standard Edition 2003 Microsoft Plus! Dancer LE Microsoft Plus! Digital Media Edition Installer Microsoft Plus! Photo Story 2 LE Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Works Motorola SM56 Speakerphone Modem MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Orbital from Compaq (remove only) Overball from Compaq (remove only) Panda ActiveScan 2.0 Panda Cloud Antivirus Panda Identity Protect 3.0.45 Panda Security Toolbar Panda Security Toolbar URL Filtering PC-Doctor for Windows Polar Bowler from Compaq (remove only) Polar Golfer from Compaq (remove only) PS2 QuickTime RealPlayer Registry Life version 1.24 Road Ready Streetwise from Compaq (remove only) Roblox for Compaq_Owner Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371-v2) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976325) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Shrek 2 Ogre Bowler from Compaq (remove only) SiS VGA Utilities Sonic Express Labeler Sonic RecordNow! Super Granny from Compaq (remove only) Tradewinds from Compaq (remove only) Update for Windows Internet Explorer 8 (KB975364) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) WebFldrs XP Windows Backup Utility Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 11/2/2010 3:53:59 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. . 11/2/2010 3:53:59 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\COMPAQ~1.COM\LOCALS~1\Temp\RarSFX1\redist.dll. Reference error message: The operation completed successfully. . 11/2/2010 3:53:59 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system. 11/1/2010 9:46:34 PM, error: Service Control Manager [7034] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). 11/1/2010 8:52:46 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The system cannot find the file specified. 11/1/2010 8:52:46 PM, error: Service Control Manager [7000] - The Panda Cloud Antivirus Service service failed to start due to the following error: Access is denied. 11/1/2010 8:52:46 PM, error: Service Control Manager [7000] - The Adobe Update Service service failed to start due to the following error: The system cannot find the path specified. 11/1/2010 6:25:02 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 11/1/2010 3:03:27 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447). 10/31/2010 5:19:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86. 10/30/2010 11:19:45 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found. ==== End Of File ===========================
-
I've got a sick Win XP computer in my daughters room. I have found several interesting suggestions and have tried some but to no avail. One of the things I tried was to run Root Repeal and will attach that report here. rKill runs but I'm not sure if it finishes correctly. I need some steps to follow. Thanks in advance, Bryan U. RootRepeal_report_11_02_10__13_55_45_.txt