Rills
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Rills
-
-
i downloaded combofix and began to run it after turning off AVG resident shield but it told me that AVG antivirus would stop its process and to uninstall it. i then attempted to but the uninstall process for AVG gave me a error saying
"Error code 0xc0070643
the Windows installer service could not be accessed. this can occur if you are running Windows in safe mode, or if the windows installer is not correctly installed. contact your support personnel for assistance."
-
yes it found 5 infected objects. here is the log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5437
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
1/2/2011 6:19:57 PM
mbam-log-2011-01-02 (18-19-57).txt
Scan type: Full scan (C:\|)
Objects scanned: 244263
Time elapsed: 34 minute(s), 40 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\jace stark 2\file.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\jace stark 2\application data\hyghghjhjghjhj.bat (Malware.Trace) -> Quarantined and deleted successfully.
-
IT worked malwarebytes is able to scan now
-
yea i ran it again it is finding 3 threats but they are under suspisious and the default is skip so i did not cure them. here is the log after i ran it again
2011/01/02 10:27:38.0484 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/02 10:27:38.0484 ================================================================================
2011/01/02 10:27:38.0484 SystemInfo:
2011/01/02 10:27:38.0484
2011/01/02 10:27:38.0484 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/02 10:27:38.0484 Product type: Workstation
2011/01/02 10:27:38.0484 ComputerName: JKSTARK2
2011/01/02 10:27:38.0500 UserName: Jace Stark 2
2011/01/02 10:27:38.0500 Windows directory: C:\WINDOWS
2011/01/02 10:27:38.0500 System windows directory: C:\WINDOWS
2011/01/02 10:27:38.0500 Processor architecture: Intel x86
2011/01/02 10:27:38.0500 Number of processors: 2
2011/01/02 10:27:38.0500 Page size: 0x1000
2011/01/02 10:27:38.0500 Boot type: Normal boot
2011/01/02 10:27:38.0500 ================================================================================
2011/01/02 10:27:38.0609 Initialize success
2011/01/02 10:27:41.0984 ================================================================================
2011/01/02 10:27:41.0984 Scan started
2011/01/02 10:27:41.0984 Mode: Manual;
2011/01/02 10:27:41.0984 ================================================================================
2011/01/02 10:27:43.0062 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/02 10:27:43.0125 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/02 10:27:43.0171 ADIHdAudAddService (3637d692b25a842fb4bb7ea75b39184f) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/01/02 10:27:43.0265 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/01/02 10:27:43.0328 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/02 10:27:43.0390 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/01/02 10:27:43.0468 ahci8086 (3162702a838386f7bc6f6b4711044cf2) C:\WINDOWS\system32\DRIVERS\ahci8086.sys
2011/01/02 10:27:43.0656 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/02 10:27:43.0781 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/01/02 10:27:43.0828 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/02 10:27:43.0859 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/02 10:27:44.0062 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/02 10:27:44.0125 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/02 10:27:44.0156 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/02 10:27:44.0218 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/01/02 10:27:44.0218 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/01/02 10:27:44.0296 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/02 10:27:44.0421 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/02 10:27:44.0734 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/02 10:27:44.0953 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/02 10:27:45.0031 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/02 10:27:45.0062 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/02 10:27:45.0109 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/02 10:27:45.0171 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/02 10:27:45.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/02 10:27:45.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/02 10:27:45.0343 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/02 10:27:45.0406 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/02 10:27:45.0468 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/02 10:27:45.0640 Suspicious service (NoAccess): demxii
2011/01/02 10:27:45.0718 demxii (20aa6e9783731344e08aa3af92a2d1b8) C:\WINDOWS\system32\drivers\demxii.sys
2011/01/02 10:27:45.0718 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\demxii.sys. md5: 20aa6e9783731344e08aa3af92a2d1b8
2011/01/02 10:27:45.0718 demxii - detected Locked service (1)
2011/01/02 10:27:45.0765 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/02 10:27:45.0812 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/02 10:27:45.0859 dmio (01b32f435e3507e72851b7411a779258) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/02 10:27:45.0859 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 01b32f435e3507e72851b7411a779258, Fake md5: 18d650f98ffdfdd1d8a4922de1d3ed9b
2011/01/02 10:27:45.0859 dmio - detected Forged file (1)
2011/01/02 10:27:45.0890 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/02 10:27:45.0953 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/02 10:27:46.0031 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/02 10:27:46.0062 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/02 10:27:46.0109 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/02 10:27:46.0125 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/02 10:27:46.0171 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/02 10:27:46.0218 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/02 10:27:46.0265 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/02 10:27:46.0296 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/02 10:27:46.0343 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/02 10:27:46.0390 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/02 10:27:46.0437 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/02 10:27:46.0531 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/02 10:27:46.0640 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/02 10:27:46.0671 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/02 10:27:46.0765 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/02 10:27:46.0812 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/02 10:27:46.0859 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/02 10:27:46.0890 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/02 10:27:46.0921 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/02 10:27:46.0953 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/02 10:27:47.0000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/02 10:27:47.0031 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/02 10:27:47.0078 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/02 10:27:47.0140 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/02 10:27:47.0171 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/02 10:27:47.0296 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/01/02 10:27:47.0359 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/02 10:27:47.0421 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/02 10:27:47.0468 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/02 10:27:47.0515 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/02 10:27:47.0531 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/02 10:27:47.0593 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/02 10:27:47.0640 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/02 10:27:47.0671 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/02 10:27:47.0703 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/02 10:27:47.0750 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/02 10:27:47.0765 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/02 10:27:47.0812 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/02 10:27:47.0859 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/01/02 10:27:47.0906 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/02 10:27:47.0984 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/02 10:27:48.0046 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/02 10:27:48.0109 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/02 10:27:48.0156 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/02 10:27:48.0187 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/02 10:27:48.0218 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/02 10:27:48.0281 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/02 10:27:48.0375 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/02 10:27:48.0406 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/02 10:27:48.0468 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/02 10:27:48.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/02 10:27:48.0562 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/02 10:27:48.0593 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/02 10:27:48.0640 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/02 10:27:48.0687 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/02 10:27:48.0703 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/02 10:27:48.0750 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/02 10:27:48.0796 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/02 10:27:48.0843 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/02 10:27:48.0890 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/02 10:27:49.0109 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/02 10:27:49.0171 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/02 10:27:49.0203 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/02 10:27:49.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/02 10:27:49.0296 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/02 10:27:49.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/02 10:27:49.0687 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/02 10:27:49.0718 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/02 10:27:49.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/02 10:27:49.0843 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/02 10:27:49.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/02 10:27:49.0937 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/02 10:27:50.0000 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/02 10:27:50.0031 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/02 10:27:50.0125 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/02 10:27:50.0203 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/01/02 10:27:50.0234 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/02 10:27:50.0265 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/02 10:27:50.0296 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/02 10:27:50.0453 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/02 10:27:50.0500 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/02 10:27:50.0609 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/02 10:27:51.0250 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/02 10:27:51.0281 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/02 10:27:51.0437 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/02 10:27:51.0500 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/02 10:27:51.0562 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/02 10:27:51.0609 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/02 10:27:51.0671 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/02 10:27:51.0765 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/02 10:27:51.0859 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/02 10:27:51.0921 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/02 10:27:51.0953 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/02 10:27:51.0984 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/02 10:27:52.0031 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/02 10:27:52.0078 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/02 10:27:52.0140 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/02 10:27:52.0156 Suspicious service (NoAccess): vbmab64d
2011/01/02 10:27:52.0187 vbmab64d (2238b0a45fdcff73dfa5d47c4e59a692) C:\WINDOWS\system32\drivers\vbmab64d.sys
2011/01/02 10:27:52.0203 vbmab64d - detected Locked service (1)
2011/01/02 10:27:52.0250 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/02 10:27:52.0343 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
2011/01/02 10:27:52.0390 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2011/01/02 10:27:52.0421 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/02 10:27:52.0484 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/02 10:27:52.0562 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/02 10:27:52.0671 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/01/02 10:27:52.0796 ================================================================================
2011/01/02 10:27:52.0796 Scan finished
2011/01/02 10:27:52.0796 ================================================================================
2011/01/02 10:27:52.0812 Detected object count: 3
2011/01/02 10:27:58.0203 Locked service(demxii) - User select action: Skip
2011/01/02 10:27:58.0203 Forged file(dmio) - User select action: Skip
2011/01/02 10:27:58.0203 Locked service(vbmab64d) - User select action: Skip
-
when i choose a profile at start screen it will SOMETIMES freeze i just turn it off and try again
-
at the moment its many small things searchs redirect me to other sites, it takes awhile to turn on and shut down, when i choose a profile at start screen it will freeze, scans *Malwarebytes/ Superantispyware/ Adaware/ AVG/ Avast* start scanning then will be shut after a few seconds it will then close the program and deny access to it, firefox also frequently crashs on some sites or when streaming videos. sorry its such a mess
Here is the TDSSKiller log:
2011/01/01 20:32:38.0343 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/01 20:32:38.0343 ================================================================================
2011/01/01 20:32:38.0343 SystemInfo:
2011/01/01 20:32:38.0343
2011/01/01 20:32:38.0343 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/01 20:32:38.0343 Product type: Workstation
2011/01/01 20:32:38.0343 ComputerName: JKSTARK2
2011/01/01 20:32:38.0343 UserName: Jace Stark 2
2011/01/01 20:32:38.0343 Windows directory: C:\WINDOWS
2011/01/01 20:32:38.0343 System windows directory: C:\WINDOWS
2011/01/01 20:32:38.0343 Processor architecture: Intel x86
2011/01/01 20:32:38.0343 Number of processors: 2
2011/01/01 20:32:38.0343 Page size: 0x1000
2011/01/01 20:32:38.0343 Boot type: Normal boot
2011/01/01 20:32:38.0343 ================================================================================
2011/01/01 20:32:38.0531 Initialize success
2011/01/01 20:33:03.0890 ================================================================================
2011/01/01 20:33:03.0890 Scan started
2011/01/01 20:33:03.0890 Mode: Manual;
2011/01/01 20:33:03.0890 ================================================================================
2011/01/01 20:33:04.0687 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/01 20:33:04.0750 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/01 20:33:04.0796 ADIHdAudAddService (3637d692b25a842fb4bb7ea75b39184f) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/01/01 20:33:04.0875 AEAudio (e8694fc1dac061ad989506b470552415) C:\WINDOWS\system32\drivers\AEAudio.sys
2011/01/01 20:33:04.0937 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/01/01 20:33:05.0000 AFD (658be0b78efea1b253d2dd02ccd6e1ce) C:\WINDOWS\System32\drivers\afd.sys
2011/01/01 20:33:05.0000 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 658be0b78efea1b253d2dd02ccd6e1ce, Fake md5: 839f801247d0d1927ed8c26ea6bef77a
2011/01/01 20:33:05.0000 AFD - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/01/01 20:33:05.0109 ahci8086 (3162702a838386f7bc6f6b4711044cf2) C:\WINDOWS\system32\DRIVERS\ahci8086.sys
2011/01/01 20:33:05.0281 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/01/01 20:33:05.0390 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
2011/01/01 20:33:05.0468 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/01 20:33:05.0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/01 20:33:05.0656 ati2mtag (81c3e6674d0609aa84c07681bca252de) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/01/01 20:33:05.0718 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/01 20:33:05.0750 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/01 20:33:05.0796 Avgfwdx (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/01/01 20:33:05.0796 Avgfwfd (0c5941af0b6bf2fdf378937392865217) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/01/01 20:33:05.0859 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/01/01 20:33:05.0921 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/01/01 20:33:06.0000 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/01/01 20:33:06.0031 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/01/01 20:33:06.0078 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/01/01 20:33:06.0093 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/01/01 20:33:06.0140 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/01/01 20:33:06.0171 Avgtdix (2fd3e3a57fb90679a3a83eeed0360cfd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/01/01 20:33:06.0234 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/01 20:33:06.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/01 20:33:06.0328 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/01 20:33:06.0359 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/01 20:33:06.0421 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/01 20:33:06.0625 Suspicious service (NoAccess): demxii
2011/01/01 20:33:06.0687 demxii (20aa6e9783731344e08aa3af92a2d1b8) C:\WINDOWS\system32\drivers\demxii.sys
2011/01/01 20:33:06.0687 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\demxii.sys. md5: 20aa6e9783731344e08aa3af92a2d1b8
2011/01/01 20:33:06.0703 demxii - detected Locked service (1)
2011/01/01 20:33:06.0734 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/01 20:33:06.0796 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/01 20:33:06.0843 dmio (01b32f435e3507e72851b7411a779258) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/01 20:33:06.0843 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: 01b32f435e3507e72851b7411a779258, Fake md5: 18d650f98ffdfdd1d8a4922de1d3ed9b
2011/01/01 20:33:06.0859 dmio - detected Forged file (1)
2011/01/01 20:33:06.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/01 20:33:06.0937 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/01 20:33:07.0015 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/01 20:33:07.0062 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/01 20:33:07.0093 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/01 20:33:07.0109 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/01 20:33:07.0140 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/01 20:33:07.0171 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/01/01 20:33:07.0218 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/01 20:33:07.0234 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/01 20:33:07.0265 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/01 20:33:07.0312 HDAudBus (cbc3def409549672b915fb9403d63f74) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/01/01 20:33:07.0390 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/01 20:33:07.0531 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/01 20:33:07.0625 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/01 20:33:07.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/01 20:33:07.0734 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/01/01 20:33:07.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/01 20:33:07.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/01 20:33:07.0828 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/01 20:33:07.0859 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/01 20:33:07.0890 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/01 20:33:07.0921 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/01 20:33:07.0937 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/01 20:33:07.0953 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/01 20:33:08.0000 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/01 20:33:08.0031 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/01 20:33:08.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/01 20:33:08.0171 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/01 20:33:08.0187 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/01 20:33:08.0218 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/01 20:33:08.0234 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/01 20:33:08.0296 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/01 20:33:08.0343 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/01 20:33:08.0421 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/01 20:33:08.0453 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/01 20:33:08.0468 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/01 20:33:08.0484 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/01 20:33:08.0515 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/01 20:33:08.0562 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/01/01 20:33:08.0578 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/01 20:33:08.0609 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/01 20:33:08.0687 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/01 20:33:08.0718 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/01 20:33:08.0734 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/01 20:33:08.0781 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/01 20:33:08.0796 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/01 20:33:08.0812 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/01 20:33:08.0859 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/01/01 20:33:08.0890 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/01 20:33:08.0937 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/01 20:33:09.0000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/01 20:33:09.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/01 20:33:09.0062 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/01 20:33:09.0093 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/01/01 20:33:09.0140 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/01/01 20:33:09.0171 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/01 20:33:09.0218 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/01 20:33:09.0234 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/01 20:33:09.0281 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/01 20:33:09.0328 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/01 20:33:09.0625 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/01 20:33:09.0671 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/01 20:33:09.0687 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/01 20:33:09.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/01 20:33:09.0781 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/01 20:33:09.0968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/01 20:33:09.0984 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/01 20:33:10.0015 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/01 20:33:10.0046 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/01 20:33:10.0062 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/01 20:33:10.0093 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/01 20:33:10.0125 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/01/01 20:33:10.0187 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/01 20:33:10.0234 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/01 20:33:10.0296 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/01 20:33:10.0375 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys
2011/01/01 20:33:10.0437 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/01 20:33:10.0453 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/01 20:33:10.0468 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/01 20:33:10.0593 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/01 20:33:10.0640 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/01 20:33:10.0718 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/01 20:33:10.0796 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/01 20:33:10.0812 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/01 20:33:10.0937 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/01 20:33:10.0984 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/01 20:33:11.0046 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/01 20:33:11.0062 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/01 20:33:11.0109 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/01 20:33:11.0203 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/01 20:33:11.0312 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/01 20:33:11.0375 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/01 20:33:11.0390 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/01 20:33:11.0406 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/01 20:33:11.0437 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/01/01 20:33:11.0484 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/01 20:33:11.0531 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/01 20:33:11.0546 Suspicious service (NoAccess): vbmab64d
2011/01/01 20:33:11.0578 vbmab64d (2238b0a45fdcff73dfa5d47c4e59a692) C:\WINDOWS\system32\drivers\vbmab64d.sys
2011/01/01 20:33:11.0593 vbmab64d - detected Locked service (1)
2011/01/01 20:33:11.0640 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/01 20:33:11.0718 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
2011/01/01 20:33:11.0750 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2011/01/01 20:33:11.0765 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/01 20:33:11.0843 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/01 20:33:11.0906 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/01 20:33:12.0031 yukonwxp (228d0403f0210d6d67a9acf907597efe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/01/01 20:33:12.0078 \HardDisk0 - detected Trojan-Clicker.Win32.Wistler.a (0)
2011/01/01 20:33:12.0078 ================================================================================
2011/01/01 20:33:12.0078 Scan finished
2011/01/01 20:33:12.0078 ================================================================================
2011/01/01 20:33:12.0125 Detected object count: 5
2011/01/01 20:33:58.0609 AFD (658be0b78efea1b253d2dd02ccd6e1ce) C:\WINDOWS\System32\drivers\afd.sys
2011/01/01 20:33:58.0609 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 658be0b78efea1b253d2dd02ccd6e1ce, Fake md5: 839f801247d0d1927ed8c26ea6bef77a
2011/01/01 20:34:00.0187 Backup copy found, using it..
2011/01/01 20:34:00.0203 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot
2011/01/01 20:34:00.0203 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure
2011/01/01 20:34:00.0203 Locked service(demxii) - User select action: Skip
2011/01/01 20:34:00.0203 Forged file(dmio) - User select action: Skip
2011/01/01 20:34:00.0203 Locked service(vbmab64d) - User select action: Skip
2011/01/01 20:34:00.0265 \HardDisk0 - will be cured after reboot
2011/01/01 20:34:00.0265 Trojan-Clicker.Win32.Wistler.a(\HardDisk0) - User select action: Cure
2011/01/01 20:34:13.0312 Deinitialize success
-
Mbam sucsessfully updated and explorer works again run mbam now?
Ran scan on mbam and it closed it again and blocked permission to access. i used cacls to unlock the path. it opens now but still cannot run scan
-
Mbam sucsessfully updated and explorer works again run mbam now?
-
DDS (Ver_10-12-12.02) - NTFSx86
Run by Jace Stark 2 at 12:20:17.96 on Fri 12/31/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1414 [GMT -8:00]
============== Running Processes ===============
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
svchost.exe 4
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe 4
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\Explorer.EXE
"\\.\globalroot\Device\svchost.exe\svchost.exe"
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
"C:\WINDOWS\System32\svchost.exe"
"C:\WINDOWS\System32\svchost.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uInternet Settings,ProxyServer = http=127.0.0.1:8074
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [Google Update] "c:\documents and settings\localservice\local settings\application data\google\update\GoogleUpdate.exe" /c
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
StartupFolder: c:\docume~1\jacest~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jacest~1\applic~1\mozilla\firefox\profiles\zsz22gli.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
FF - component: c:\documents and settings\jace stark 2\application data\mozilla\firefox\profiles\zsz22gli.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jace stark 2\application data\mozilla\firefox\profiles\zsz22gli.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\jace stark 2\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: PimpZilla: {a02c0c70-605c-11da-8cd6-0800200c9a66} - %profile%\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
FF - Ext: Bloody Red: {2458abc0-f443-11dd-87af-0800200c9a66} - %profile%\extensions\{2458abc0-f443-11dd-87af-0800200c9a66}
FF - Ext: Green Fox: {d122ad80-ff45-11dd-87af-0800200c9a66} - %profile%\extensions\{d122ad80-ff45-11dd-87af-0800200c9a66}
FF - Ext: MushroomKingdom: {BF32D2C8-9C75-404b-ACF4-880DB4679236} - %profile%\extensions\{BF32D2C8-9C75-404b-ACF4-880DB4679236}
FF - Ext: zblack: {50931610-3d8e-11dd-ae16-0800200c9a66} - %profile%\extensions\{50931610-3d8e-11dd-ae16-0800200c9a66}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
============= SERVICES / DRIVERS ===============
R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2008-8-17 119808]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 298448]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-9-3 6104144]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-9-10 265400]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2008-8-17 6016]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 5DE6C4AB;5DE6C4AB; [x]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-17 24652]
=============== Created Last 30 ================
2010-12-31 07:26:55 -------- d-----w- c:\program files\Pidgin
2010-12-30 20:09:42 -------- d-----w- c:\program files\Pando Networks
2010-12-30 16:58:06 -------- d-----w- c:\docume~1\jacest~1\applic~1\QuickScan
2010-12-30 16:52:43 -------- d-----w- c:\program files\Panda Security
2010-12-28 19:00:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-28 19:00:48 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-28 09:32:45 321024 ----a-w- c:\documents and settings\jace stark 2\file.exe
==================== Find3M ====================
2010-10-14 05:27:04 35332 ----a-w- c:\windows\system32\rundll32.exe.tmp
2010-10-12 22:35:57 2256 ----a-w- c:\docume~1\jacest~1\applic~1\hyghghjhjghjhj.bat
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89A7FEC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x88ec1872; SUB DWORD [EBP-0x4], 0x88ec112e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x8A659768]
3 CLASSPNP[0xBA10905B] -> ntkrnlpa!IofCallDriver[0x804EEEB8] -> [0x89BEB030]
[0x89BDDF38] -> IRP_MJ_CREATE -> 0x89A7FEC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV DS, AX; MOV ES, AX; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x80; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x61e; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 12:20:58.42 ===============
-
Hello on and off ive been doing everything i can to try to clean my computer from the virus i keep getting *blames unsafe surfing* they have begun to pile up and i cant use scans anymore scan starts and closes after 10 seconds, i cant start up a few pc games, my Firefox crash's fairly often with most sites, cant open email and lost the ability to get on most messengers. if anyone could help me i would be eternally greatful i have my DDS log and attachment if needed.
Helpless against the viruses!
in Resolved Malware Removal Logs
Posted
i ran the programs in sequence but it wont go the avgremoverc64 wont run it says it is not a valid win32 application