Jump to content

SouthernEm

Members
  • Posts

    10
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you so much!!! It seems that my pc might be clean! I am kind-of scared to say that... I have been fighting viruses/problems for at least 4 months now, and am scared I might jinx something! But, thank you, thank you!!!
  2. 2010/12/13 06:56:35.0296 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40 2010/12/13 06:56:35.0296 ================================================================================ 2010/12/13 06:56:35.0296 SystemInfo: 2010/12/13 06:56:35.0296 2010/12/13 06:56:35.0296 OS Version: 5.1.2600 ServicePack: 3.0 2010/12/13 06:56:35.0296 Product type: Workstation 2010/12/13 06:56:35.0296 ComputerName: EMILY 2010/12/13 06:56:35.0296 UserName: Emily Johnson 2010/12/13 06:56:35.0296 Windows directory: C:\WINDOWS 2010/12/13 06:56:35.0296 System windows directory: C:\WINDOWS 2010/12/13 06:56:35.0296 Processor architecture: Intel x86 2010/12/13 06:56:35.0296 Number of processors: 2 2010/12/13 06:56:35.0296 Page size: 0x1000 2010/12/13 06:56:35.0296 Boot type: Normal boot 2010/12/13 06:56:35.0296 ================================================================================ 2010/12/13 06:56:35.0875 Initialize success 2010/12/13 06:56:56.0078 ================================================================================ 2010/12/13 06:56:56.0078 Scan started 2010/12/13 06:56:56.0078 Mode: Manual; 2010/12/13 06:56:56.0078 ================================================================================ 2010/12/13 06:56:59.0531 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/12/13 06:56:59.0609 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/12/13 06:56:59.0703 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys 2010/12/13 06:57:00.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2010/12/13 06:57:00.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/12/13 06:57:01.0562 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/12/13 06:57:01.0703 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/12/13 06:57:01.0781 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/12/13 06:57:01.0937 ati2mtag (2573c08729dd52b7b4f18df1592e0b37) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2010/12/13 06:57:02.0171 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/12/13 06:57:02.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/12/13 06:57:02.0421 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2010/12/13 06:57:02.0671 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 2010/12/13 06:57:02.0718 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/12/13 06:57:02.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/12/13 06:57:02.0875 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/12/13 06:57:02.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/12/13 06:57:03.0093 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/12/13 06:57:03.0218 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2010/12/13 06:57:03.0265 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2010/12/13 06:57:03.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/12/13 06:57:03.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/12/13 06:57:03.0515 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/12/13 06:57:03.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/12/13 06:57:03.0656 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/12/13 06:57:03.0703 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/12/13 06:57:03.0750 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/12/13 06:57:03.0781 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2010/12/13 06:57:03.0812 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/12/13 06:57:03.0906 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2010/12/13 06:57:03.0984 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/12/13 06:57:04.0078 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/12/13 06:57:04.0140 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/12/13 06:57:04.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/12/13 06:57:04.0328 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2010/12/13 06:57:04.0500 HSF_DPV (e8ec1767ea315a39a0dd8989952ca0e9) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys 2010/12/13 06:57:04.0609 HSXHWAZL (61478fa42ee04562e7f11f4dca87e9c8) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys 2010/12/13 06:57:04.0843 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/12/13 06:57:05.0234 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/12/13 06:57:05.0562 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/12/13 06:57:05.0953 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/12/13 06:57:06.0000 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/12/13 06:57:06.0093 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/12/13 06:57:06.0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/12/13 06:57:06.0187 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/12/13 06:57:06.0250 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/12/13 06:57:06.0328 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/12/13 06:57:06.0421 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/12/13 06:57:06.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/12/13 06:57:06.0578 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/12/13 06:57:06.0640 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/12/13 06:57:06.0812 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/12/13 06:57:06.0906 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/12/13 06:57:07.0000 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2010/12/13 06:57:07.0046 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/12/13 06:57:07.0078 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/12/13 06:57:07.0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/12/13 06:57:07.0234 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/12/13 06:57:07.0359 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/12/13 06:57:07.0468 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/12/13 06:57:07.0500 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/12/13 06:57:07.0531 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/12/13 06:57:07.0609 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/12/13 06:57:07.0656 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/12/13 06:57:07.0718 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/12/13 06:57:07.0765 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/12/13 06:57:07.0828 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/12/13 06:57:07.0875 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/12/13 06:57:07.0906 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/12/13 06:57:07.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/12/13 06:57:08.0062 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/12/13 06:57:08.0203 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/12/13 06:57:08.0250 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/12/13 06:57:08.0359 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/12/13 06:57:08.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/12/13 06:57:08.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/12/13 06:57:08.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/12/13 06:57:08.0890 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/12/13 06:57:08.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2010/12/13 06:57:09.0031 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/12/13 06:57:09.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/12/13 06:57:09.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/12/13 06:57:09.0250 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/12/13 06:57:09.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/12/13 06:57:09.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/12/13 06:57:09.0609 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/12/13 06:57:09.0687 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/12/13 06:57:09.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/12/13 06:57:09.0875 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/12/13 06:57:09.0906 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/12/13 06:57:09.0921 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/12/13 06:57:09.0968 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/12/13 06:57:10.0000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/12/13 06:57:10.0109 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/12/13 06:57:10.0156 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/12/13 06:57:10.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/12/13 06:57:10.0343 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2010/12/13 06:57:10.0390 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 2010/12/13 06:57:10.0437 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 2010/12/13 06:57:10.0531 SAVOnAccessControl (ec5529e41e9b51162a5efdb4c6ffd5ce) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys 2010/12/13 06:57:10.0578 SAVOnAccessFilter (c20683980c38605457fea45bc32ed38c) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys 2010/12/13 06:57:10.0703 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2010/12/13 06:57:10.0734 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys 2010/12/13 06:57:10.0781 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/12/13 06:57:10.0859 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2010/12/13 06:57:10.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/12/13 06:57:11.0031 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys 2010/12/13 06:57:11.0187 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2010/12/13 06:57:11.0265 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/12/13 06:57:11.0343 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/12/13 06:57:11.0421 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 2010/12/13 06:57:11.0453 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/12/13 06:57:11.0468 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2010/12/13 06:57:11.0625 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2010/12/13 06:57:11.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/12/13 06:57:11.0781 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/12/13 06:57:11.0859 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/12/13 06:57:11.0906 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/12/13 06:57:12.0031 TermDD (1623ca915d38f7b9f53cc021210e825c) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/13 06:57:12.0031 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: 1623ca915d38f7b9f53cc021210e825c, Fake md5: 1ad549db9d8f305dbfbc9387017405fe 2010/12/13 06:57:12.0046 TermDD - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/12/13 06:57:12.0125 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/12/13 06:57:12.0218 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/12/13 06:57:12.0312 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/12/13 06:57:12.0375 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/12/13 06:57:12.0453 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/12/13 06:57:12.0515 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/12/13 06:57:12.0578 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/12/13 06:57:12.0687 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/12/13 06:57:12.0750 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/12/13 06:57:12.0828 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/12/13 06:57:12.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/12/13 06:57:12.0921 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/12/13 06:57:13.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/12/13 06:57:13.0140 winachsf (ba6b6fb242a6ba4068c8b763063beb63) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys 2010/12/13 06:57:13.0250 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2010/12/13 06:57:13.0468 ================================================================================ 2010/12/13 06:57:13.0468 Scan finished 2010/12/13 06:57:13.0468 ================================================================================ 2010/12/13 06:57:13.0468 Detected object count: 1 2010/12/13 06:57:28.0421 TermDD (1623ca915d38f7b9f53cc021210e825c) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/12/13 06:57:28.0421 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\termdd.sys. Real md5: 1623ca915d38f7b9f53cc021210e825c, Fake md5: 1ad549db9d8f305dbfbc9387017405fe 2010/12/13 06:57:31.0046 Backup copy found, using it.. 2010/12/13 06:57:31.0156 C:\WINDOWS\system32\DRIVERS\termdd.sys - will be cured after reboot 2010/12/13 06:57:31.0156 Rootkit.Win32.TDSS.tdl3(TermDD) - User select action: Cure 2010/12/13 06:57:47.0000 Deinitialize success
  3. Thank you again!!! I will continue to follow your instructions. ComboFix 10-12-11.06 - Emily Johnson 12/12/2010 14:28:51.14.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.597 [GMT -6:00] Running from: c:\documents and settings\Emily Johnson\Desktop\Combo-Fix.exe AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Emily Johnson\Application Data\Adobe\AdobeUpdate .exe c:\documents and settings\Emily Johnson\Application Data\Adobe\plugs c:\documents and settings\Emily Johnson\Local Settings\Application Data\{68536428-DDDF-4FCC-BD90-901A79DF78FD} c:\documents and settings\Emily Johnson\Local Settings\Application Data\{68536428-DDDF-4FCC-BD90-901A79DF78FD}\chrome.manifest c:\documents and settings\Emily Johnson\Local Settings\Application Data\{68536428-DDDF-4FCC-BD90-901A79DF78FD}\chrome\content\_cfg.js c:\documents and settings\Emily Johnson\Local Settings\Application Data\{68536428-DDDF-4FCC-BD90-901A79DF78FD}\chrome\content\overlay.xul c:\documents and settings\Emily Johnson\Local Settings\Application Data\{68536428-DDDF-4FCC-BD90-901A79DF78FD}\install.rdf c:\documents and settings\Emily Johnson\Local Settings\Application Data\wmiMainServices\AgereGLxx.dll c:\windows\HPZimsr.dll c:\windows\system32\DRIVERS\termdd.sys . . . is infected!! . . . Failed to find a valid replacement. . ((((((((((((((((((((((((( Files Created from 2010-11-12 to 2010-12-12 ))))))))))))))))))))))))))))))) . 2010-12-12 20:15 . 2010-12-12 20:15 -------- d--h--w- c:\windows\PIF 2010-12-12 17:11 . 2010-12-12 17:11 -------- d-----w- c:\documents and settings\Emily Johnson\Application Data\Quark 2010-12-11 16:36 . 2010-12-11 16:36 -------- d-----w- c:\documents and settings\Emily Johnson\Local Settings\Application Data\Mozilla 2010-12-11 16:35 . 2010-12-11 16:35 8582536 ----a-w- c:\program files\Firefox Setup 3.6.13.exe 2010-12-11 16:27 . 2010-12-12 20:37 -------- d-----w- c:\documents and settings\Emily Johnson\Local Settings\Application Data\wmiMainServices 2010-12-11 14:56 . 2010-12-11 14:56 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe 2010-12-11 13:50 . 2010-12-11 13:51 -------- d-----w- c:\program files\Crawler 2010-12-11 13:45 . 2010-12-11 13:45 666896 ----a-w- c:\program files\SpywareTerminatorSetup.exe 2010-12-11 08:17 . 2010-12-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla! 2010-12-10 01:22 . 2010-12-11 08:06 0 ----a-w- c:\windows\Lkezumatoyaqog.bin . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-11-29 23:42 . 2010-07-08 19:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-29 23:42 . 2010-07-08 19:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-08-05 23:53 . 2010-08-05 23:53 6259064 ----a-w- c:\program files\Silverlight.exe 2010-07-11 21:23 . 2010-07-11 21:23 74059445 ----a-w- c:\program files\SophosU11-r12.exe 2010-07-08 19:16 . 2010-07-08 19:10 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe 2010-07-08 11:36 . 2010-07-08 11:36 921376 ----a-w- c:\program files\JavaSetup6u20.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] Sophos AutoUpdate Monitor.lnk - c:\program files\Sophos\AutoUpdate\ALMon.exe [2010-1-26 429096] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] 2006-01-02 22:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [7/2/2010 1:08 PM 152192] R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [7/2/2010 1:08 PM 24064] R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [7/2/2010 1:08 PM 104488] R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [7/2/2010 1:08 PM 93736] S0 cerc6;cerc6; [x] S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [7/2/2010 1:08 PM 23928] S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [7/2/2010 1:08 PM 14976] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2010-12-12 c:\windows\Tasks\Nightly Scan.job - c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-07-02 19:08] 2010-12-12 c:\windows\Tasks\User_Feed_Synchronization-{B33EA784-3716-4A61-B4D1-FABAB0608739}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = hxxp://www.ti.com/ uInternet Settings,ProxyOverride = <local> IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mpix.com/customer/uploading/activex/ImageUploader6.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab . - - - - ORPHANS REMOVED - - - - HKCU-Run-AgereGLxx - c:\documents and settings\Emily Johnson\Local Settings\Application Data\wmiMainServices\AgereGLxx.dll HKCU-Run-Skirijan - c:\windows\HPZimsr.dll HKLM-Run-Cviwizodul - c:\windows\emefuper.dll ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: FUJITSU_MHV2060BH rev.00850028 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3 device: opened successfully user: MBR read successfully Disk trace: kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; } detected disk devices: \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2060BH_______________________00850028#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: \Driver\atapi DriverStartIo -> 0x864CFAEA user & kernel MBR OK sectors 114270343 (+255): user != kernel ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(896) c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\System32\BCMLogon.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll - - - - - - - > 'lsass.exe'(960) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3344) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\System32\WLTRYSVC.EXE c:\windows\System32\bcmwltry.exe c:\program files\Flip Video\FlipShare\FlipShareService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Sophos\AutoUpdate\ALsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe . ************************************************************************** . Completion time: 2010-12-12 14:44:53 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-12 20:44 Pre-Run: 16,657,575,936 bytes free Post-Run: 16,709,939,200 bytes free - - End Of File - - 725C06691A977DFBFCFDBEDA8182D34B
  4. It will not allow me to upload it there either, keeps giving me an error message. I converted it to a .jpeg, titled "Untitled-1." http://www.mediafire.com/?zf9a8w288rbvvsr You can find it above, or I believe I got it to attach to this post, also!
  5. STEP 2: DDS For some reason this website will not allow me to copy/paste or upload the DDS file? What can I do to get it to you?
  6. STEP 2: DDS For some reason this website will not allow me to copy/paste
  7. STEP 1: Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5299 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/12/2010 8:02:26 AM mbam-log-2010-12-12 (08-02-26).txt Scan type: Quick scan Objects scanned: 143347 Time elapsed: 12 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\emily johnson\local settings\temp\8.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully. c:\documents and settings\emily johnson\local settings\temporary internet files\Content.IE5\XRAM7BES\exe[1].php (Spyware.Passwords.XGen) -> Quarantined and deleted successfully. c:\documents and settings\emily johnson\application data\Adobe\plugs\kb1929453.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\emily johnson\application data\Adobe\plugs\kb1948750.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\emily johnson\application data\Adobe\plugs\kb1956593.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  8. I have had virus/malware problems for months! Now that I have had my credit card number stolen, I realize that this is more than just an annoyance, it is a serius problem. I have tried a few cleaners, but nothing is helping. Can anyone out there help me?! Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.