Rills
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by Rills
-
i ran the programs in sequence but it wont go the avgremoverc64 wont run it says it is not a valid win32 application
-
i downloaded combofix and began to run it after turning off AVG resident shield but it told me that AVG antivirus would stop its process and to uninstall it. i then attempted to but the uninstall process for AVG gave me a error saying "Error code 0xc0070643 the Windows installer service could not be accessed. this can occur if you are running Windows in safe mode, or if the windows installer is not correctly installed. contact your support personnel for assistance."
-
yes it found 5 infected objects. here is the log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5437 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 1/2/2011 6:19:57 PM mbam-log-2011-01-02 (18-19-57).txt Scan type: Full scan (C:\|) Objects scanned: 244263 Time elapsed: 34 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\jace stark 2\file.exe (Trojan.Dropper) -> Quarantined and deleted successfully. c:\documents and settings\jace stark 2\application data\hyghghjhjghjhj.bat (Malware.Trace) -> Quarantined and deleted successfully.
-
IT worked malwarebytes is able to scan now
-
yea i ran it again it is finding 3 threats but they are under suspisious and the default is skip so i did not cure them. here is the log after i ran it again 2011/01/02 10:27:38.0484 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2011/01/02 10:27:38.0484 ================================================================================ 2011/01/02 10:27:38.0484 SystemInfo: 2011/01/02 10:27:38.0484 2011/01/02 10:27:38.0484 OS Version: 5.1.2600 ServicePack: 2.0 2011/01/02 10:27:38.0484 Product type: Workstation 2011/01/02 10:27:38.0484 ComputerName: JKSTARK2 2011/01/02 10:27:38.0500 UserName: Jace Stark 2 2011/01/02 10:27:38.0500 Windows directory: C:\WINDOWS 2011/01/02 10:27:38.0500 System windows directory: C:\WINDOWS 2011/01/02 10:27:38.0500 Processor architecture: Intel x86 2011/01/02 10:27:38.0500 Number of processors: 2 2011/01/02 10:27:38.0500 Page size: 0x1000 2011/01/02 10:27:38.0500 Boot type: Normal boot 2011/01/02 10:27:38.0500 ================================================================================ 2011/01/02 10:27:38.0609 Initialize success 2011/01/02 10:27:41.0984 ================================================================================ 2011/01/02 10:27:41.0984 Scan started 2011/01/02 10:27:41.0984 Mode: Manual; 2011/01/02 10:27:41.0984 ================================================================================ 2011/01/02 10:27:43.0062 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/02 10:27:43.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/02 10:27:43.0171 ADIHdAudAddService (3637d692b25a842fb4bb7ea75b39184f) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2011/01/02 10:27:43.0265 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys 2011/01/02 10:27:43.0328 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2011/01/02 10:27:43.0390 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys 2011/01/02 10:27:43.0468 ahci8086 (3162702a838386f7bc6f6b4711044cf2) C:\WINDOWS\system32\DRIVERS\ahci8086.sys 2011/01/02 10:27:43.0656 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/02 10:27:43.0781 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys 2011/01/02 10:27:43.0828 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/02 10:27:43.0859 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/02 10:27:44.0062 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/01/02 10:27:44.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/02 10:27:44.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/02 10:27:44.0218 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/01/02 10:27:44.0218 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/01/02 10:27:44.0296 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/01/02 10:27:44.0421 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/01/02 10:27:44.0734 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/01/02 10:27:44.0953 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/01/02 10:27:45.0031 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/01/02 10:27:45.0062 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/01/02 10:27:45.0109 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/01/02 10:27:45.0171 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/01/02 10:27:45.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/02 10:27:45.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/02 10:27:45.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/02 10:27:45.0406 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/02 10:27:45.0468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/02 10:27:45.0640 Suspicious service (NoAccess): demxii 2011/01/02 10:27:45.0718 demxii (20aa6e9783731344e08aa3af92a2d1b8) C:\WINDOWS\system32\drivers\demxii.sys 2011/01/02 10:27:45.0718 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\demxii.sys. md5: 20aa6e9783731344e08aa3af92a2d1b8 2011/01/02 10:27:45.0718 demxii - detected Locked service (1) 2011/01/02 10:27:45.0765 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/02 10:27:45.0812 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/02 10:27:45.0859 dmio (01b32f435e3507e72851b7411a779258) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/02 10:27:45.0859 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 01b32f435e3507e72851b7411a779258, Fake md5: 18d650f98ffdfdd1d8a4922de1d3ed9b 2011/01/02 10:27:45.0859 dmio - detected Forged file (1) 2011/01/02 10:27:45.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/02 10:27:45.0953 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/02 10:27:46.0031 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/02 10:27:46.0062 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/02 10:27:46.0109 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/02 10:27:46.0125 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/02 10:27:46.0171 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/02 10:27:46.0218 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/01/02 10:27:46.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/02 10:27:46.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/02 10:27:46.0343 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/02 10:27:46.0390 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/02 10:27:46.0437 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/02 10:27:46.0531 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/02 10:27:46.0640 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/02 10:27:46.0671 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/02 10:27:46.0765 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/01/02 10:27:46.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/02 10:27:46.0859 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/02 10:27:46.0890 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/02 10:27:46.0921 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/02 10:27:46.0953 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/02 10:27:47.0000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/02 10:27:47.0031 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/02 10:27:47.0078 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/01/02 10:27:47.0140 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/02 10:27:47.0171 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/02 10:27:47.0296 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2011/01/02 10:27:47.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/02 10:27:47.0421 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/02 10:27:47.0468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/02 10:27:47.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/02 10:27:47.0531 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/02 10:27:47.0593 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/02 10:27:47.0640 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/02 10:27:47.0671 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/02 10:27:47.0703 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/02 10:27:47.0750 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/02 10:27:47.0765 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/02 10:27:47.0812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/02 10:27:47.0859 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/01/02 10:27:47.0906 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/02 10:27:47.0984 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/02 10:27:48.0046 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/02 10:27:48.0109 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/02 10:27:48.0156 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/02 10:27:48.0187 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/02 10:27:48.0218 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/02 10:27:48.0281 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/02 10:27:48.0375 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/02 10:27:48.0406 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/02 10:27:48.0468 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/02 10:27:48.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/02 10:27:48.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/02 10:27:48.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/02 10:27:48.0640 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/02 10:27:48.0687 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 2011/01/02 10:27:48.0703 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/02 10:27:48.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/02 10:27:48.0796 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/02 10:27:48.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/02 10:27:48.0890 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/01/02 10:27:49.0109 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/02 10:27:49.0171 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/01/02 10:27:49.0203 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/02 10:27:49.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/02 10:27:49.0296 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/02 10:27:49.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/02 10:27:49.0687 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/02 10:27:49.0718 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/02 10:27:49.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/02 10:27:49.0843 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/02 10:27:49.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/02 10:27:49.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/02 10:27:50.0000 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/02 10:27:50.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/02 10:27:50.0125 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/02 10:27:50.0203 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 2011/01/02 10:27:50.0234 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/02 10:27:50.0265 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/02 10:27:50.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/02 10:27:50.0453 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/02 10:27:50.0500 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/02 10:27:50.0609 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/02 10:27:51.0250 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/02 10:27:51.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/02 10:27:51.0437 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/02 10:27:51.0500 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/02 10:27:51.0562 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/02 10:27:51.0609 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/02 10:27:51.0671 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/02 10:27:51.0765 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/02 10:27:51.0859 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/02 10:27:51.0921 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/02 10:27:51.0953 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/02 10:27:51.0984 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/02 10:27:52.0031 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/01/02 10:27:52.0078 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/02 10:27:52.0140 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/02 10:27:52.0156 Suspicious service (NoAccess): vbmab64d 2011/01/02 10:27:52.0187 vbmab64d (2238b0a45fdcff73dfa5d47c4e59a692) C:\WINDOWS\system32\drivers\vbmab64d.sys 2011/01/02 10:27:52.0203 vbmab64d - detected Locked service (1) 2011/01/02 10:27:52.0250 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/01/02 10:27:52.0343 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS 2011/01/02 10:27:52.0390 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys 2011/01/02 10:27:52.0421 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/02 10:27:52.0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/02 10:27:52.0562 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/02 10:27:52.0671 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 2011/01/02 10:27:52.0796 ================================================================================ 2011/01/02 10:27:52.0796 Scan finished 2011/01/02 10:27:52.0796 ================================================================================ 2011/01/02 10:27:52.0812 Detected object count: 3 2011/01/02 10:27:58.0203 Locked service(demxii) - User select action: Skip 2011/01/02 10:27:58.0203 Forged file(dmio) - User select action: Skip 2011/01/02 10:27:58.0203 Locked service(vbmab64d) - User select action: Skip
-
when i choose a profile at start screen it will SOMETIMES freeze i just turn it off and try again
-
at the moment its many small things searchs redirect me to other sites, it takes awhile to turn on and shut down, when i choose a profile at start screen it will freeze, scans *Malwarebytes/ Superantispyware/ Adaware/ AVG/ Avast* start scanning then will be shut after a few seconds it will then close the program and deny access to it, firefox also frequently crashs on some sites or when streaming videos. sorry its such a mess Here is the TDSSKiller log: 2011/01/01 20:32:38.0343 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46 2011/01/01 20:32:38.0343 ================================================================================ 2011/01/01 20:32:38.0343 SystemInfo: 2011/01/01 20:32:38.0343 2011/01/01 20:32:38.0343 OS Version: 5.1.2600 ServicePack: 2.0 2011/01/01 20:32:38.0343 Product type: Workstation 2011/01/01 20:32:38.0343 ComputerName: JKSTARK2 2011/01/01 20:32:38.0343 UserName: Jace Stark 2 2011/01/01 20:32:38.0343 Windows directory: C:\WINDOWS 2011/01/01 20:32:38.0343 System windows directory: C:\WINDOWS 2011/01/01 20:32:38.0343 Processor architecture: Intel x86 2011/01/01 20:32:38.0343 Number of processors: 2 2011/01/01 20:32:38.0343 Page size: 0x1000 2011/01/01 20:32:38.0343 Boot type: Normal boot 2011/01/01 20:32:38.0343 ================================================================================ 2011/01/01 20:32:38.0531 Initialize success 2011/01/01 20:33:03.0890 ================================================================================ 2011/01/01 20:33:03.0890 Scan started 2011/01/01 20:33:03.0890 Mode: Manual; 2011/01/01 20:33:03.0890 ================================================================================ 2011/01/01 20:33:04.0687 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/01/01 20:33:04.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/01/01 20:33:04.0796 ADIHdAudAddService (3637d692b25a842fb4bb7ea75b39184f) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2011/01/01 20:33:04.0875 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys 2011/01/01 20:33:04.0937 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 2011/01/01 20:33:05.0000 AFD (658be0b78efea1b253d2dd02ccd6e1ce) C:\WINDOWS\System32\drivers\afd.sys 2011/01/01 20:33:05.0000 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 658be0b78efea1b253d2dd02ccd6e1ce, Fake md5: 839f801247d0d1927ed8c26ea6bef77a 2011/01/01 20:33:05.0000 AFD - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/01/01 20:33:05.0109 ahci8086 (3162702a838386f7bc6f6b4711044cf2) C:\WINDOWS\system32\DRIVERS\ahci8086.sys 2011/01/01 20:33:05.0281 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/01/01 20:33:05.0390 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys 2011/01/01 20:33:05.0468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/01/01 20:33:05.0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/01/01 20:33:05.0656 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 2011/01/01 20:33:05.0718 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/01/01 20:33:05.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/01/01 20:33:05.0796 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/01/01 20:33:05.0796 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys 2011/01/01 20:33:05.0859 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 2011/01/01 20:33:05.0921 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys 2011/01/01 20:33:06.0000 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 2011/01/01 20:33:06.0031 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 2011/01/01 20:33:06.0078 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys 2011/01/01 20:33:06.0093 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 2011/01/01 20:33:06.0140 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys 2011/01/01 20:33:06.0171 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys 2011/01/01 20:33:06.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/01/01 20:33:06.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/01/01 20:33:06.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/01/01 20:33:06.0359 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/01/01 20:33:06.0421 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/01/01 20:33:06.0625 Suspicious service (NoAccess): demxii 2011/01/01 20:33:06.0687 demxii (20aa6e9783731344e08aa3af92a2d1b8) C:\WINDOWS\system32\drivers\demxii.sys 2011/01/01 20:33:06.0687 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\demxii.sys. md5: 20aa6e9783731344e08aa3af92a2d1b8 2011/01/01 20:33:06.0703 demxii - detected Locked service (1) 2011/01/01 20:33:06.0734 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/01/01 20:33:06.0796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2011/01/01 20:33:06.0843 dmio (01b32f435e3507e72851b7411a779258) C:\WINDOWS\system32\drivers\dmio.sys 2011/01/01 20:33:06.0843 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 01b32f435e3507e72851b7411a779258, Fake md5: 18d650f98ffdfdd1d8a4922de1d3ed9b 2011/01/01 20:33:06.0859 dmio - detected Forged file (1) 2011/01/01 20:33:06.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/01/01 20:33:06.0937 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2011/01/01 20:33:07.0015 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/01/01 20:33:07.0062 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/01/01 20:33:07.0093 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/01/01 20:33:07.0109 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2011/01/01 20:33:07.0140 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/01/01 20:33:07.0171 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/01/01 20:33:07.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/01/01 20:33:07.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/01/01 20:33:07.0265 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/01/01 20:33:07.0312 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/01/01 20:33:07.0390 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/01/01 20:33:07.0531 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/01/01 20:33:07.0625 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/01/01 20:33:07.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/01/01 20:33:07.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/01/01 20:33:07.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/01/01 20:33:07.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/01/01 20:33:07.0828 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/01/01 20:33:07.0859 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/01/01 20:33:07.0890 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/01/01 20:33:07.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/01/01 20:33:07.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/01/01 20:33:07.0953 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/01/01 20:33:08.0000 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 2011/01/01 20:33:08.0031 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/01/01 20:33:08.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/01/01 20:33:08.0171 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2011/01/01 20:33:08.0187 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/01/01 20:33:08.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/01/01 20:33:08.0234 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/01/01 20:33:08.0296 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/01/01 20:33:08.0343 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/01/01 20:33:08.0421 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2011/01/01 20:33:08.0453 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/01/01 20:33:08.0468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/01/01 20:33:08.0484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/01/01 20:33:08.0515 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/01/01 20:33:08.0562 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 2011/01/01 20:33:08.0578 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2011/01/01 20:33:08.0609 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2011/01/01 20:33:08.0687 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/01/01 20:33:08.0718 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/01/01 20:33:08.0734 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/01/01 20:33:08.0781 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/01/01 20:33:08.0796 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/01/01 20:33:08.0812 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/01/01 20:33:08.0859 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/01/01 20:33:08.0890 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2011/01/01 20:33:08.0937 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/01/01 20:33:09.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/01/01 20:33:09.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/01/01 20:33:09.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/01/01 20:33:09.0093 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/01/01 20:33:09.0140 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys 2011/01/01 20:33:09.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/01/01 20:33:09.0218 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/01/01 20:33:09.0234 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/01/01 20:33:09.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/01/01 20:33:09.0328 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/01/01 20:33:09.0625 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/01/01 20:33:09.0671 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/01/01 20:33:09.0687 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/01/01 20:33:09.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/01/01 20:33:09.0781 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/01/01 20:33:09.0968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/01/01 20:33:09.0984 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/01/01 20:33:10.0015 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/01/01 20:33:10.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/01/01 20:33:10.0062 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/01/01 20:33:10.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/01/01 20:33:10.0125 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/01/01 20:33:10.0187 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/01/01 20:33:10.0234 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/01/01 20:33:10.0296 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/01/01 20:33:10.0375 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 2011/01/01 20:33:10.0437 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/01/01 20:33:10.0453 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/01/01 20:33:10.0468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/01/01 20:33:10.0593 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 2011/01/01 20:33:10.0640 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/01/01 20:33:10.0718 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/01/01 20:33:10.0796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/01/01 20:33:10.0812 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2011/01/01 20:33:10.0937 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/01/01 20:33:10.0984 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/01/01 20:33:11.0046 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/01/01 20:33:11.0062 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/01/01 20:33:11.0109 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/01/01 20:33:11.0203 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2011/01/01 20:33:11.0312 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 2011/01/01 20:33:11.0375 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/01/01 20:33:11.0390 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/01/01 20:33:11.0406 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/01/01 20:33:11.0437 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/01/01 20:33:11.0484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/01/01 20:33:11.0531 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/01/01 20:33:11.0546 Suspicious service (NoAccess): vbmab64d 2011/01/01 20:33:11.0578 vbmab64d (2238b0a45fdcff73dfa5d47c4e59a692) C:\WINDOWS\system32\drivers\vbmab64d.sys 2011/01/01 20:33:11.0593 vbmab64d - detected Locked service (1) 2011/01/01 20:33:11.0640 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2011/01/01 20:33:11.0718 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS 2011/01/01 20:33:11.0750 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys 2011/01/01 20:33:11.0765 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/01/01 20:33:11.0843 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/01/01 20:33:11.0906 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/01/01 20:33:12.0031 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys 2011/01/01 20:33:12.0078 \HardDisk0 - detected Trojan-Clicker.Win32.Wistler.a (0) 2011/01/01 20:33:12.0078 ================================================================================ 2011/01/01 20:33:12.0078 Scan finished 2011/01/01 20:33:12.0078 ================================================================================ 2011/01/01 20:33:12.0125 Detected object count: 5 2011/01/01 20:33:58.0609 AFD (658be0b78efea1b253d2dd02ccd6e1ce) C:\WINDOWS\System32\drivers\afd.sys 2011/01/01 20:33:58.0609 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 658be0b78efea1b253d2dd02ccd6e1ce, Fake md5: 839f801247d0d1927ed8c26ea6bef77a 2011/01/01 20:34:00.0187 Backup copy found, using it.. 2011/01/01 20:34:00.0203 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot 2011/01/01 20:34:00.0203 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure 2011/01/01 20:34:00.0203 Locked service(demxii) - User select action: Skip 2011/01/01 20:34:00.0203 Forged file(dmio) - User select action: Skip 2011/01/01 20:34:00.0203 Locked service(vbmab64d) - User select action: Skip 2011/01/01 20:34:00.0265 \HardDisk0 - will be cured after reboot 2011/01/01 20:34:00.0265 Trojan-Clicker.Win32.Wistler.a(\HardDisk0) - User select action: Cure 2011/01/01 20:34:13.0312 Deinitialize success
-
Ran scan on mbam and it closed it again and blocked permission to access. i used cacls to unlock the path. it opens now but still cannot run scan
-
Mbam sucsessfully updated and explorer works again run mbam now?
-
DDS (Ver_10-12-12.02) - NTFSx86 Run by Jace Stark 2 at 12:20:17.96 on Fri 12/31/2010 Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1414 [GMT -8:00] ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe 4 C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe 4 C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\WINDOWS\Explorer.EXE "\\.\globalroot\Device\svchost.exe\svchost.exe" C:\Program Files\AVG\AVG10\avgtray.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe "C:\WINDOWS\System32\svchost.exe" "C:\WINDOWS\System32\svchost.exe" C:\Program Files\Mozilla Firefox\firefox.exe C:\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.ask.com/?o=101760&l=dis uInternet Settings,ProxyServer = http=127.0.0.1:8074 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe dRun: [Google Update] "c:\documents and settings\localservice\local settings\application data\google\update\GoogleUpdate.exe" /c dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe StartupFolder: c:\docume~1\jacest~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe uPolicies-explorer: NoFolderOptions = 1 (0x1) dPolicies-explorer: NoFolderOptions = 1 (0x1) dPolicies-system: DisableRegistryTools = 1 (0x1) IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\jacest~1\applic~1\mozilla\firefox\profiles\zsz22gli.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - component: c:\documents and settings\jace stark 2\application data\mozilla\firefox\profiles\zsz22gli.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\documents and settings\jace stark 2\application data\mozilla\firefox\profiles\zsz22gli.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll FF - plugin: c:\documents and settings\jace stark 2\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66} FF - Ext: Bloody Red: {2458abc0-f443-11dd-87af-0800200c9a66} - %profile%\extensions\{2458abc0-f443-11dd-87af-0800200c9a66} FF - Ext: Green Fox: {d122ad80-ff45-11dd-87af-0800200c9a66} - %profile%\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66} FF - Ext: MushroomKingdom: {BF32D2C8-9C75-404b-ACF4-880DB4679236} - %profile%\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236} FF - Ext: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - %profile%\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66} FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false ============= SERVICES / DRIVERS =============== R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2008-8-17 119808] R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400] R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-8-17 6016] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?] S3 5DE6C4AB;5DE6C4AB; [x] S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-17 24652] =============== Created Last 30 ================ 2010-12-31 07:26:55 -------- d-----w- c:\program files\Pidgin 2010-12-30 20:09:42 -------- d-----w- c:\program files\Pando Networks 2010-12-30 16:58:06 -------- d-----w- c:\docume~1\jacest~1\applic~1\QuickScan 2010-12-30 16:52:43 -------- d-----w- c:\program files\Panda Security 2010-12-28 19:00:48 -------- d-----w- c:\windows\system32\wbem\repository\FS 2010-12-28 19:00:48 -------- d-----w- c:\windows\system32\wbem\Repository 2010-12-28 09:32:45 321024 ----a-w- c:\documents and settings\jace stark 2\file.exe ==================== Find3M ==================== 2010-10-14 05:27:04 35332 ----a-w- c:\windows\system32\rundll32.exe.tmp 2010-10-12 22:35:57 2256 ----a-w- c:\docume~1\jacest~1\applic~1\hyghghjhjghjhj.bat =================== ROOTKIT ==================== Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A7FEC5]<< _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88ec1872; SUB DWORD [EBP-0x4], 0x88ec112e; PUSH EDI; CALL 0xffffffffffffdf33; } 1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A659768] 3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x89BEB030] [0x89BDDF38] -> IRP_MJ_CREATE -> 0x89A7FEC5 kernel: MBR read successfully _asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; } user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ============= FINISH: 12:20:58.42 ===============
-
Hello on and off ive been doing everything i can to try to clean my computer from the virus i keep getting *blames unsafe surfing* they have begun to pile up and i cant use scans anymore scan starts and closes after 10 seconds, i cant start up a few pc games, my Firefox crash's fairly often with most sites, cant open email and lost the ability to get on most messengers. if anyone could help me i would be eternally greatful i have my DDS log and attachment if needed.