Jump to content

Recommended Posts

Hello lmichelle111 and welcome to Malwarebytes! :welcome:

I apologize for the delay.

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Next,

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:
http://ad13.geekstogo.com/MBRCheck.exe
http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe
http://www.kernelmode.info/MBRCheck.exe
Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".
Press the "Enter" key to close the MBRCheck window and post the contents of the log file.
-------------
Please do the following:
  • Please download aswMBR.exe from here and save it to your Desktop.
  • Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator)
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time!
  • This will also create a file on your Desktop named MBR.dat. Right click that file and select Send To->Compressed (zipped) folder. Attach that zipped folder in your next reply as well.

NOTE: The Avast! scan is not necessary ;).

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • TDSSKiller report
  • MBRCheck report
  • aswMBR log & MBR.dat zip file
  • C:\ComboFix.txt
  • checkup.txt

How is your computer running now?

Link to post
Share on other sites

18:56:57.0625 3936 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16

18:56:58.0000 3936 ============================================================

18:56:58.0000 3936 Current date / time: 2012/01/04 18:56:58.0000

18:56:58.0000 3936 SystemInfo:

18:56:58.0000 3936

18:56:58.0000 3936 OS Version: 5.1.2600 ServicePack: 2.0

18:56:58.0000 3936 Product type: Workstation

18:56:58.0000 3936 ComputerName: ANDREW01

18:56:58.0000 3936 UserName: Andrew

18:56:58.0000 3936 Windows directory: C:\WINDOWS

18:56:58.0000 3936 System windows directory: C:\WINDOWS

18:56:58.0000 3936 Processor architecture: Intel x86

18:56:58.0000 3936 Number of processors: 2

18:56:58.0000 3936 Page size: 0x1000

18:56:58.0000 3936 Boot type: Normal boot

18:56:58.0000 3936 ============================================================

18:56:58.0468 3936 Initialize success

18:57:00.0343 3816 ============================================================

18:57:00.0343 3816 Scan started

18:57:00.0343 3816 Mode: Manual;

18:57:00.0343 3816 ============================================================

18:57:01.0265 3816 Abiosdsk - ok

18:57:01.0312 3816 abp480n5 - ok

18:57:01.0375 3816 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

18:57:01.0375 3816 ACPI - ok

18:57:01.0437 3816 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

18:57:01.0437 3816 ACPIEC - ok

18:57:01.0453 3816 adpu160m - ok

18:57:01.0546 3816 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys

18:57:01.0546 3816 aec - ok

18:57:01.0609 3816 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

18:57:01.0609 3816 AFD - ok

18:57:01.0609 3816 Aha154x - ok

18:57:01.0625 3816 aic78u2 - ok

18:57:01.0656 3816 aic78xx - ok

18:57:01.0671 3816 AliIde - ok

18:57:01.0734 3816 amsint - ok

18:57:01.0750 3816 asc - ok

18:57:01.0765 3816 asc3350p - ok

18:57:01.0765 3816 asc3550 - ok

18:57:01.0812 3816 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

18:57:01.0812 3816 AsyncMac - ok

18:57:01.0875 3816 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

18:57:01.0875 3816 atapi - ok

18:57:01.0906 3816 Atdisk - ok

18:57:01.0921 3816 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

18:57:01.0921 3816 Atmarpc - ok

18:57:02.0015 3816 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

18:57:02.0015 3816 audstub - ok

18:57:02.0093 3816 AVGIDSDriver (4fa401b33c1b50c816486f6951244a14) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

18:57:02.0093 3816 AVGIDSDriver - ok

18:57:02.0109 3816 AVGIDSEH (69578bc9d43d614c6b3455db4af19762) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys

18:57:02.0109 3816 AVGIDSEH - ok

18:57:02.0140 3816 AVGIDSFilter (6df528406aa22201f392b9b19121cd6f) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys

18:57:02.0140 3816 AVGIDSFilter - ok

18:57:02.0156 3816 AVGIDSShim (1e01c2166b5599802bcd61b9691f7476) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys

18:57:02.0156 3816 AVGIDSShim - ok

18:57:02.0187 3816 Avgldx86 (bf8118cd5e2255387b715b534d64acd1) C:\WINDOWS\system32\DRIVERS\avgldx86.sys

18:57:02.0203 3816 Avgldx86 - ok

18:57:02.0218 3816 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys

18:57:02.0218 3816 Avgmfx86 - ok

18:57:02.0250 3816 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys

18:57:02.0250 3816 Avgrkx86 - ok

18:57:02.0281 3816 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\WINDOWS\system32\DRIVERS\avgtdix.sys

18:57:02.0296 3816 Avgtdix - ok

18:57:02.0406 3816 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

18:57:02.0406 3816 Beep - ok

18:57:02.0515 3816 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS

18:57:02.0515 3816 BVRPMPR5 - ok

18:57:02.0640 3816 catchme - ok

18:57:02.0687 3816 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

18:57:02.0687 3816 cbidf2k - ok

18:57:02.0765 3816 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

18:57:02.0765 3816 CCDECODE - ok

18:57:02.0781 3816 cd20xrnt - ok

18:57:02.0812 3816 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

18:57:02.0812 3816 Cdaudio - ok

18:57:02.0875 3816 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

18:57:02.0875 3816 Cdfs - ok

18:57:02.0937 3816 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

18:57:02.0937 3816 Cdrom - ok

18:57:02.0937 3816 Changer - ok

18:57:02.0968 3816 CmdIde - ok

18:57:03.0015 3816 CompFilter (bc6b87086ff0d99f87fe8af9a919a1e7) C:\WINDOWS\system32\DRIVERS\lvbusflt.sys

18:57:03.0046 3816 CompFilter - ok

18:57:03.0062 3816 Cpqarray - ok

18:57:03.0109 3816 dac2w2k - ok

18:57:03.0125 3816 dac960nt - ok

18:57:03.0140 3816 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

18:57:03.0140 3816 Disk - ok

18:57:03.0218 3816 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

18:57:03.0218 3816 dmboot - ok

18:57:03.0234 3816 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

18:57:03.0234 3816 dmio - ok

18:57:03.0312 3816 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

18:57:03.0312 3816 dmload - ok

18:57:03.0546 3816 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

18:57:03.0546 3816 DMusic - ok

18:57:03.0640 3816 dpti2o - ok

18:57:03.0687 3816 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

18:57:03.0687 3816 drmkaud - ok

18:57:03.0765 3816 E1000 (bb98a47faf8b6a99202290c1e7d49d36) C:\WINDOWS\system32\DRIVERS\e1000325.sys

18:57:03.0765 3816 E1000 - ok

18:57:03.0812 3816 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

18:57:03.0812 3816 Fastfat - ok

18:57:03.0875 3816 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

18:57:03.0875 3816 Fdc - ok

18:57:03.0890 3816 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

18:57:03.0890 3816 Fips - ok

18:57:04.0125 3816 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

18:57:04.0125 3816 Flpydisk - ok

18:57:04.0187 3816 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

18:57:04.0187 3816 FltMgr - ok

18:57:04.0203 3816 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

18:57:04.0203 3816 Fs_Rec - ok

18:57:04.0218 3816 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

18:57:04.0218 3816 Ftdisk - ok

18:57:04.0281 3816 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

18:57:04.0281 3816 GEARAspiWDM - ok

18:57:04.0312 3816 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

18:57:04.0312 3816 Gpc - ok

18:57:04.0375 3816 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

18:57:04.0375 3816 hidusb - ok

18:57:04.0390 3816 hpn - ok

18:57:04.0453 3816 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

18:57:04.0468 3816 HTTP - ok

18:57:04.0468 3816 i2omgmt - ok

18:57:04.0500 3816 i2omp - ok

18:57:04.0625 3816 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\drivers\i8042prt.sys

18:57:04.0625 3816 i8042prt - ok

18:57:04.0640 3816 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

18:57:04.0640 3816 Imapi - ok

18:57:04.0656 3816 ini910u - ok

18:57:04.0734 3816 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

18:57:04.0734 3816 IntelIde - ok

18:57:04.0781 3816 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

18:57:04.0781 3816 intelppm - ok

18:57:04.0812 3816 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

18:57:04.0812 3816 Ip6Fw - ok

18:57:04.0890 3816 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

18:57:04.0890 3816 IpFilterDriver - ok

18:57:04.0921 3816 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

18:57:04.0921 3816 IpInIp - ok

18:57:04.0953 3816 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys

18:57:04.0953 3816 IpNat - ok

18:57:05.0015 3816 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

18:57:05.0015 3816 IPSec - ok

18:57:05.0078 3816 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

18:57:05.0078 3816 IRENUM - ok

18:57:05.0125 3816 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

18:57:05.0125 3816 isapnp - ok

18:57:05.0156 3816 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

18:57:05.0156 3816 Kbdclass - ok

18:57:05.0156 3816 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

18:57:05.0156 3816 kbdhid - ok

18:57:05.0234 3816 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys

18:57:05.0234 3816 kmixer - ok

18:57:05.0296 3816 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

18:57:05.0296 3816 KSecDD - ok

18:57:05.0312 3816 lbrtfdc - ok

18:57:05.0375 3816 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

18:57:05.0375 3816 LVPr2Mon - ok

18:57:05.0421 3816 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\WINDOWS\system32\DRIVERS\lvrs.sys

18:57:05.0437 3816 LVRS - ok

18:57:05.0500 3816 lvselsus (d679bac01850b70518da1ab75e735556) C:\WINDOWS\system32\DRIVERS\lvselsus.sys

18:57:05.0500 3816 lvselsus - ok

18:57:05.0640 3816 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

18:57:05.0656 3816 LVUVC - ok

18:57:05.0781 3816 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

18:57:05.0781 3816 mnmdd - ok

18:57:05.0843 3816 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

18:57:05.0843 3816 Modem - ok

18:57:05.0890 3816 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

18:57:05.0890 3816 Mouclass - ok

18:57:05.0906 3816 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

18:57:05.0906 3816 mouhid - ok

18:57:05.0937 3816 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

18:57:05.0937 3816 MountMgr - ok

18:57:05.0937 3816 mraid35x - ok

18:57:05.0953 3816 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

18:57:05.0953 3816 MRxDAV - ok

18:57:06.0000 3816 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

18:57:06.0015 3816 MRxSmb - ok

18:57:06.0031 3816 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

18:57:06.0031 3816 Msfs - ok

18:57:06.0078 3816 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

18:57:06.0078 3816 MSKSSRV - ok

18:57:06.0140 3816 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

18:57:06.0140 3816 MSPCLOCK - ok

18:57:06.0171 3816 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

18:57:06.0187 3816 MSPQM - ok

18:57:06.0234 3816 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

18:57:06.0234 3816 mssmbios - ok

18:57:06.0296 3816 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

18:57:06.0296 3816 MSTEE - ok

18:57:06.0390 3816 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

18:57:06.0390 3816 Mup - ok

18:57:06.0437 3816 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

18:57:06.0437 3816 NABTSFEC - ok

18:57:06.0468 3816 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

18:57:06.0468 3816 NDIS - ok

18:57:06.0515 3816 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

18:57:06.0515 3816 NdisIP - ok

18:57:06.0593 3816 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

18:57:06.0593 3816 NdisTapi - ok

18:57:06.0671 3816 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

18:57:06.0671 3816 Ndisuio - ok

18:57:06.0718 3816 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

18:57:06.0734 3816 NdisWan - ok

18:57:06.0765 3816 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

18:57:06.0765 3816 NDProxy - ok

18:57:06.0781 3816 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

18:57:06.0781 3816 NetBIOS - ok

18:57:06.0843 3816 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

18:57:06.0843 3816 NetBT - ok

18:57:06.0890 3816 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

18:57:06.0906 3816 Npfs - ok

18:57:06.0937 3816 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys

18:57:06.0937 3816 Ntfs - ok

18:57:07.0031 3816 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

18:57:07.0031 3816 Null - ok

18:57:07.0390 3816 nv (707ffab991fd5c94adca2be83c159a62) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

18:57:07.0453 3816 nv - ok

18:57:07.0562 3816 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

18:57:07.0562 3816 NwlnkFlt - ok

18:57:07.0578 3816 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

18:57:07.0578 3816 NwlnkFwd - ok

18:57:07.0625 3816 nxfisurr - ok

18:57:07.0734 3816 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

18:57:07.0734 3816 Parport - ok

18:57:07.0812 3816 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

18:57:07.0812 3816 PartMgr - ok

18:57:07.0828 3816 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

18:57:07.0828 3816 ParVdm - ok

18:57:07.0859 3816 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

18:57:07.0859 3816 PCI - ok

18:57:07.0875 3816 PCIDump - ok

18:57:07.0906 3816 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

18:57:07.0921 3816 PCIIde - ok

18:57:07.0953 3816 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

18:57:07.0953 3816 Pcmcia - ok

18:57:08.0000 3816 PDCOMP - ok

18:57:08.0078 3816 PDFRAME - ok

18:57:08.0140 3816 PDRELI - ok

18:57:08.0156 3816 PDRFRAME - ok

18:57:08.0187 3816 perc2 - ok

18:57:08.0203 3816 perc2hib - ok

18:57:08.0328 3816 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

18:57:08.0328 3816 PptpMiniport - ok

18:57:08.0343 3816 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

18:57:08.0343 3816 PSched - ok

18:57:08.0390 3816 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

18:57:08.0390 3816 Ptilink - ok

18:57:08.0453 3816 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

18:57:08.0468 3816 PxHelp20 - ok

18:57:08.0484 3816 ql1080 - ok

18:57:08.0500 3816 Ql10wnt - ok

18:57:08.0546 3816 ql12160 - ok

18:57:08.0562 3816 ql1240 - ok

18:57:08.0625 3816 ql1280 - ok

18:57:08.0671 3816 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

18:57:08.0671 3816 RasAcd - ok

18:57:08.0750 3816 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

18:57:08.0750 3816 Rasl2tp - ok

18:57:08.0765 3816 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

18:57:08.0781 3816 RasPppoe - ok

18:57:08.0828 3816 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

18:57:08.0828 3816 Raspti - ok

18:57:08.0859 3816 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys

18:57:08.0875 3816 Rdbss - ok

18:57:08.0875 3816 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

18:57:08.0875 3816 RDPCDD - ok

18:57:08.0953 3816 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

18:57:08.0953 3816 rdpdr - ok

18:57:09.0015 3816 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys

18:57:09.0015 3816 RDPWD - ok

18:57:09.0046 3816 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

18:57:09.0046 3816 redbook - ok

18:57:09.0140 3816 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys

18:57:09.0140 3816 Secdrv - ok

18:57:09.0187 3816 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

18:57:09.0187 3816 senfilt - ok

18:57:09.0281 3816 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

18:57:09.0281 3816 serenum - ok

18:57:09.0296 3816 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

18:57:09.0296 3816 Serial - ok

18:57:09.0343 3816 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

18:57:09.0343 3816 Sfloppy - ok

18:57:09.0359 3816 Simbad - ok

18:57:09.0421 3816 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

18:57:09.0421 3816 SLIP - ok

18:57:09.0515 3816 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys

18:57:09.0515 3816 smwdm - ok

18:57:09.0546 3816 Sparrow - ok

18:57:09.0656 3816 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys

18:57:09.0656 3816 splitter - ok

18:57:09.0718 3816 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

18:57:09.0718 3816 sr - ok

18:57:09.0765 3816 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

18:57:09.0765 3816 Srv - ok

18:57:09.0812 3816 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

18:57:09.0812 3816 StillCam - ok

18:57:09.0859 3816 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

18:57:09.0859 3816 streamip - ok

18:57:09.0890 3816 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

18:57:09.0906 3816 swenum - ok

18:57:09.0953 3816 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

18:57:09.0953 3816 swmidi - ok

18:57:09.0968 3816 symc810 - ok

18:57:09.0984 3816 symc8xx - ok

18:57:09.0984 3816 sym_hi - ok

18:57:10.0046 3816 sym_u3 - ok

18:57:10.0078 3816 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

18:57:10.0078 3816 sysaudio - ok

18:57:10.0171 3816 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

18:57:10.0171 3816 Tcpip - ok

18:57:10.0234 3816 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

18:57:10.0234 3816 TDPIPE - ok

18:57:10.0296 3816 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

18:57:10.0296 3816 TDTCP - ok

18:57:10.0375 3816 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

18:57:10.0375 3816 TermDD - ok

18:57:10.0406 3816 TosIde - ok

18:57:10.0468 3816 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

18:57:10.0468 3816 Udfs - ok

18:57:10.0468 3816 ultra - ok

18:57:10.0515 3816 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

18:57:10.0515 3816 Update - ok

18:57:10.0578 3816 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

18:57:10.0578 3816 USBAAPL - ok

18:57:10.0640 3816 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

18:57:10.0640 3816 usbaudio - ok

18:57:10.0671 3816 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

18:57:10.0671 3816 usbccgp - ok

18:57:10.0750 3816 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys

18:57:10.0765 3816 usbehci - ok

18:57:10.0765 3816 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

18:57:10.0765 3816 usbhub - ok

18:57:10.0843 3816 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

18:57:10.0843 3816 usbscan - ok

18:57:10.0906 3816 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

18:57:10.0906 3816 USBSTOR - ok

18:57:10.0906 3816 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

18:57:10.0921 3816 usbuhci - ok

18:57:10.0968 3816 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys

18:57:10.0968 3816 usbvideo - ok

18:57:11.0015 3816 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

18:57:11.0015 3816 VgaSave - ok

18:57:11.0015 3816 ViaIde - ok

18:57:11.0078 3816 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

18:57:11.0078 3816 VolSnap - ok

18:57:11.0125 3816 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

18:57:11.0125 3816 Wanarp - ok

18:57:11.0156 3816 WDICA - ok

18:57:11.0218 3816 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys

18:57:11.0218 3816 wdmaud - ok

18:57:11.0359 3816 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

18:57:11.0359 3816 WS2IFSL - ok

18:57:11.0406 3816 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

18:57:11.0406 3816 WSTCODEC - ok

18:57:11.0468 3816 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

18:57:11.0468 3816 WudfPf - ok

18:57:11.0531 3816 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

18:57:11.0531 3816 WudfRd - ok

18:57:11.0578 3816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

18:57:11.0750 3816 \Device\Harddisk0\DR0 - ok

18:57:11.0765 3816 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

18:57:11.0765 3816 \Device\Harddisk1\DR1 - ok

18:57:11.0765 3816 Boot (0x1200) (b7e0e96064de4337b8c5cf37ba6bfedf) \Device\Harddisk0\DR0\Partition0

18:57:11.0781 3816 \Device\Harddisk0\DR0\Partition0 - ok

18:57:11.0781 3816 Boot (0x1200) (e2ae4d47e35c5d1c40a450a7c1f374b3) \Device\Harddisk1\DR1\Partition0

18:57:11.0781 3816 \Device\Harddisk1\DR1\Partition0 - ok

18:57:11.0781 3816 ============================================================

18:57:11.0781 3816 Scan finished

18:57:11.0781 3816 ============================================================

18:57:11.0796 2756 Detected object count: 0

18:57:11.0796 2756 Actual detected object count: 0

Thank you so much for your help. So far I'm not noticing any problems with the redirect virus, but this is not my primary computer and I haven't used it much in the past few days.

Thanks again,

Lindsay

MBRCheck_01.04.12_12.30.13.txt

aswMBR.txt

log.txt

checkup.txt

Link to post
Share on other sites

Glad to hear things are better ;). We have a little more to do:

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

nxfisurr

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

Your logs are looking good ;).

Before the next step, let's run an online scan to see if there's anything we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

  • 3 weeks later...

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5f304c3816d9ae4c9dffdd2d02051654

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-01-29 08:23:59

# local_time=2012-01-29 03:23:59 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=1024 16777175 100 0 5404072 5404072 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=61956

# found=8

# cleaned=0

# scan_time=2630

C:\Documents and Settings\Andrew\My Documents\Downloads\cnet2_RegpairSetup_exe.exe a variant of Win32/InstallCore.D application (unable to clean) 00000000000000000000000000000000 I

C:\Documents and Settings\Andrew\My Documents\Downloads\SoftonicDownloader_for_vlc-media-player.exe a variant of Win32/SoftonicDownloader.A application (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\0ysdur1q.default\extensions\{67954a03-3944-4e51-9fe9-12ca4d8569be}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{BA6746D7-D3AE-49C6-BD8D-7BA42614B60F}\RP305\A0011235.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{BA6746D7-D3AE-49C6-BD8D-7BA42614B60F}\RP306\A0011237.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{BA6746D7-D3AE-49C6-BD8D-7BA42614B60F}\RP364\A0015266.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{BA6746D7-D3AE-49C6-BD8D-7BA42614B60F}\RP364\A0015269.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I

Seems to be back or not gone. My AVG found and deleted two trojans before I ran this scan.

Link to post
Share on other sites

  • 2 months later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.