KoolerKii Posted October 17, 2010 ID:328704 Share Posted October 17, 2010 Hello.I have the free version of AVG, and lately I've been getting http://free.avg.com/us-en/homepageand I have this popping up sometimes:Which could be normal, but it just started.But then I started getting warnings and how I should remove the threats with the svchost.exe. Which I know can be faked, but I knew this was fake when it reported mbam.exe as a threat when I did a update + full scan on my entire computer(which found nothing). But I also know it could have been picked up because, well, it does things normal anti-viruses don't do. But wait, there is more! Then, one time, it reported firefox.exe as a threat.So I am completely lost.Oh, and I have been getting google re-directs as well, but I they aren't as annoying.After doing 2 full scans of every drive and everything on my computer with no results on MalwareBytes, this is what I turned to.I run on Windows XP; Home Edition.When I try removing these threats, nothing happens besides it pops up again later with the same threats.Also note that these threat pop-ups seem to open when the computer is un-active. They won't pop-up when I am using the computer. So when I go to bed, and turn my monitor on, it will be there.As far as I have experienced, my computer isn't running any slower, or performing less as it was before.I am kind-of confused whether it is real, or not.I will add one of those mbam logs that I talked about here:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4825Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.1870210/15/2010 4:07:12 AMmbam-log-2010-10-15 (04-07-12).txtScan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)Objects scanned: 685757Time elapsed: 6 hour(s), 7 minute(s), 7 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)I tried killing a view AVG looking processes with the Task Manager, but they just re-appeared, here are the names:avgnsx.exe (2)avgcsrvx.exe (2)avgtray.exeavgwdsvc.exeI added a (2) because there is 2 of them.Please help me, thanks in advance,KoolerKii Link to post Share on other sites More sharing options...
sjpritch25 Posted October 18, 2010 ID:328955 Share Posted October 18, 2010 Welcome to MBAM Scan with RKUnHookerPlease download Rootkit Unhooker Save it to your desktop.Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth. Uncheck the rest, then Click Ok.Wait till the scanner has finished then click File, Save Report.Save the report to your Desktop. Click Close.In your next reply, copy and paste the contents of the log.Note*** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!!It is recommended to remove parasite, okay?"=======================================================Please download mbr.exe to your root drive (usually C;).[*]Go to Start -? Run and type the following mbr.exe Link to post Share on other sites More sharing options...
KoolerKii Posted October 18, 2010 Author ID:329017 Share Posted October 18, 2010 RKUnHooker Report:RkU Version: 3.8.388.590, Type LE (SR2)==============================================OS Name: Windows XPVersion 5.1.2600 (Service Pack 3)Number of processors #1==============================================>Drivers==============================================0xBF012000 C:\WINDOWS\System32\vtdisp.dll 3448832 bytes (VIA/S3 Graphics Co, Ltd., VIA/S3G Graphics Driver)0xF6490000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2281472 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189184 bytes (Microsoft Corporation, NT Kernel & System)0x804D7000 PnpManager 2189184 bytes0x804D7000 RAW 2189184 bytes0x804D7000 WMIxWDM 2189184 bytes0xBF800000 Win32k 1851392 bytes0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)0xF6704000 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys 634880 bytes (Agere Systems, Agere Windows Modem)0xF72AE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)0xF4B10000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)0xF63D2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)0xF5125000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)0xEEB6C000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)0xEE63E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)0xF50EB000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)0xF46EC000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)0xF7438000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)0xEED03000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)0xF7281000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)0xEC44B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)0xF4B80000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)0xF67B3000 C:\WINDOWS\System32\DRIVERS\vtmini.sys 176128 bytes (Copyright © VIA/S3 Graphics Co, Ltd., VIA/S3G Miniport Driver)0xF4BCD000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)0xF50C5000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)0xF3990000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)0xF646C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))0xF66BD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)0xF73CD000 fasttx2k.sys 143360 bytes (Promise Technology, Inc., Promise FastTrak Series Driver for WindowsXP)0xF66E1000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)0xF4BAB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)0x806EE000 ACPI_HAL 131840 bytes0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)0xF7395000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)0xF7408000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)0xF7365000 TPkd.sys 122880 bytes (PACE Anti-Piracy, Inc., InterLok system file)0xF7267000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)0xF73F0000 ATAPI.SYS 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)0xF73B5000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)0xF734E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)0xF6441000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))0xEE76F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)0xF6458000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)0xF679F000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)0xF517E000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)0xF733B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)0xF7383000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)0xF7427000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)0xF6430000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)0xF4C35000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)0xF7677000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)0xF7547000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)0xF74F7000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)0xF76B7000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)0xF684E000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)0xF7697000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)0xF7687000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)0xEE824000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)0xF6DFB000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)0xF7507000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)0xF74C7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)0xF76C7000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)0xF76E7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)0xF7557000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)0xF7517000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)0xF76A7000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)0xF67DE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)0xF7657000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)0xF76F7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)0xF7647000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)0xF6E0B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)0xF74D7000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)0xF6E1B000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)0xF7667000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)0xF76D7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)0xF6E5B000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)0xF67FE000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)0xEE3F6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)0xF6E2B000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 36864 bytes (VSO Software, Patin-Couffin low level access layer for CD devices)0xF74E7000 SISAGPX.sys 36864 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)0xF685E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)0xF786F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)0xF77E7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)0xF7887000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)0xF77AF000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)0xF788F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)0xF7767000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)0xF77EF000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)0xF7717000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)0xF77FF000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)0xF7877000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)0xF775F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)0xF774F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)0xF771F000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)0xF7757000 C:\WINDOWS\System32\DRIVERS\PS2.sys 24576 bytes (Hewlett-Packard Company, PS2 SYS)0xF787F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)0xF77D7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)0xF77C7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)0xF77DF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)0xF779F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)0xF77A7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)0xF776F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)0xF7867000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)0xEEFB4000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)0xF7937000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)0xEEFB0000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)0xF68E9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)0xF5332000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)0xF793B000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)0xF68E1000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)0xF7923000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)0xF5352000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)0xF68E5000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)0xF5356000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)0xF7A25000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)0xF79EF000 C:\Program Files\321Studios\Shared\CDRPDACC.SYS 8192 bytes (Arrowkey, CD Device Access)0xF7A23000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)0xF7A27000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)0xF79B3000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)0xF7A29000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)0xF7A1B000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)0xF7A1D000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)0xF7A5D000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)0xF7B53000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)0xF7A54000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)!!!!!!!!!!!Hidden driver: 0x860B4AEA ?_empty_? 1302 bytes!!!!!!!!!!!Hidden driver: 0x8613D928 ?_empty_? 0 bytes==============================================>Stealth==============================================0xF73F0000 WARNING: suspicious driver modification [ATAPI.SYS::0x860B4AEA]0x00FE0000 Hidden Image-->Kodak.Diagnostics.dll [ EPROCESS 0x85BFA020 ] PID: 1172, 45056 bytes0xF7687000 WARNING: Virus alike driver modification [redbook.sys], 61440 bytes!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)The mbr.exe did not work for me. I put it in My Computer > PRESARIO (C:), then did start > run, and put "mbr.exe Link to post Share on other sites More sharing options...
sjpritch25 Posted October 18, 2010 ID:329213 Share Posted October 18, 2010 Download TDSSKiller.zip and extract TDSSKiller.exe to your desktopExecute TDSSKiller.exe by doubleclicking on it.Press Start ScanIf Malicious objects are found, ensure Cure is selected (it should be by default)Click Continue then click Reboot nowOnce complete, a log will be produced at the root drive which is typically C:\For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txtAttach that log, please. Link to post Share on other sites More sharing options...
KoolerKii Posted October 18, 2010 Author ID:329447 Share Posted October 18, 2010 Here you go:2010/10/18 17:15:36.0806 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:592010/10/18 17:15:36.0806 ================================================================================2010/10/18 17:15:36.0806 SystemInfo:2010/10/18 17:15:36.0806 2010/10/18 17:15:36.0806 OS Version: 5.1.2600 ServicePack: 3.02010/10/18 17:15:36.0806 Product type: Workstation2010/10/18 17:15:36.0806 ComputerName: AWES2010/10/18 17:15:36.0806 UserName: The Boys2010/10/18 17:15:36.0806 Windows directory: C:\WINDOWS2010/10/18 17:15:36.0806 System windows directory: C:\WINDOWS2010/10/18 17:15:36.0806 Processor architecture: Intel x862010/10/18 17:15:36.0806 Number of processors: 12010/10/18 17:15:36.0806 Page size: 0x10002010/10/18 17:15:36.0806 Boot type: Normal boot2010/10/18 17:15:36.0806 ================================================================================2010/10/18 17:15:37.0400 Initialize success2010/10/18 17:15:57.0884 ================================================================================2010/10/18 17:15:57.0884 Scan started2010/10/18 17:15:57.0884 Mode: Manual;2010/10/18 17:15:57.0884 ================================================================================2010/10/18 17:15:59.0275 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/10/18 17:15:59.0494 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/10/18 17:15:59.0806 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys2010/10/18 17:15:59.0994 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys2010/10/18 17:16:00.0197 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys2010/10/18 17:16:00.0416 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/10/18 17:16:01.0103 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS2010/10/18 17:16:01.0572 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys2010/10/18 17:16:01.0884 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys2010/10/18 17:16:02.0588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/10/18 17:16:02.0775 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS2010/10/18 17:16:03.0119 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/10/18 17:16:03.0291 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/10/18 17:16:03.0509 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys2010/10/18 17:16:03.0744 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys2010/10/18 17:16:03.0931 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys2010/10/18 17:16:04.0166 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/10/18 17:16:04.0509 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/10/18 17:16:04.0728 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys2010/10/18 17:16:05.0056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/10/18 17:16:05.0259 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys2010/10/18 17:16:05.0478 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/10/18 17:16:05.0634 CDRPDACC (f4dd5641576334e4eeabfe50b065e572) C:\Program Files\321Studios\Shared\CDRPDACC.SYS2010/10/18 17:16:06.0978 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys2010/10/18 17:16:07.0197 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys2010/10/18 17:16:07.0400 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys2010/10/18 17:16:07.0603 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/10/18 17:16:07.0806 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys2010/10/18 17:16:08.0119 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys2010/10/18 17:16:08.0478 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys2010/10/18 17:16:08.0744 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys2010/10/18 17:16:08.0978 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys2010/10/18 17:16:09.0119 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys2010/10/18 17:16:09.0322 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys2010/10/18 17:16:09.0509 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys2010/10/18 17:16:09.0728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2010/10/18 17:16:09.0916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys2010/10/18 17:16:10.0119 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/10/18 17:16:10.0306 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/10/18 17:16:10.0525 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys2010/10/18 17:16:10.0728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/10/18 17:16:10.0869 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys2010/10/18 17:16:11.0025 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/10/18 17:16:11.0322 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys2010/10/18 17:16:11.0494 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys2010/10/18 17:16:11.0697 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys2010/10/18 17:16:11.0900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys2010/10/18 17:16:12.0353 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/10/18 17:16:12.0541 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys2010/10/18 17:16:12.0744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/10/18 17:16:13.0072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys2010/10/18 17:16:13.0275 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys2010/10/18 17:16:13.0431 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/10/18 17:16:13.0619 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/10/18 17:16:13.0822 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/10/18 17:16:14.0025 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/10/18 17:16:14.0181 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/10/18 17:16:14.0369 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/10/18 17:16:14.0556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/10/18 17:16:14.0759 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2010/10/18 17:16:14.0994 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys2010/10/18 17:16:15.0213 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys2010/10/18 17:16:15.0603 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys2010/10/18 17:16:15.0822 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys2010/10/18 17:16:16.0056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/10/18 17:16:16.0259 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys2010/10/18 17:16:16.0431 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/10/18 17:16:16.0634 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2010/10/18 17:16:16.0838 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys2010/10/18 17:16:17.0322 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/10/18 17:16:17.0509 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/10/18 17:16:17.0759 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys2010/10/18 17:16:17.0931 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/10/18 17:16:18.0228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/10/18 17:16:18.0447 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys2010/10/18 17:16:18.0619 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/10/18 17:16:18.0869 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys2010/10/18 17:16:19.0072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys2010/10/18 17:16:19.0244 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys2010/10/18 17:16:19.0447 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys2010/10/18 17:16:19.0634 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys2010/10/18 17:16:19.0853 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/10/18 17:16:20.0009 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/10/18 17:16:20.0166 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/10/18 17:16:20.0384 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys2010/10/18 17:16:20.0603 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/10/18 17:16:20.0822 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/10/18 17:16:21.0072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys2010/10/18 17:16:21.0275 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys2010/10/18 17:16:21.0416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys2010/10/18 17:16:21.0728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys2010/10/18 17:16:21.0978 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/10/18 17:16:22.0244 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2010/10/18 17:16:22.0509 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys2010/10/18 17:16:22.0744 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys2010/10/18 17:16:22.0931 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys2010/10/18 17:16:23.0119 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/10/18 17:16:23.0306 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/10/18 17:16:23.0494 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys2010/10/18 17:16:23.0728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys2010/10/18 17:16:23.0931 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys2010/10/18 17:16:24.0119 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/10/18 17:16:24.0306 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys2010/10/18 17:16:24.0634 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/10/18 17:16:24.0838 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/10/18 17:16:25.0025 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys2010/10/18 17:16:25.0181 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\WINDOWS\system32\PCTINDIS5.SYS2010/10/18 17:16:26.0822 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/10/18 17:16:27.0228 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys2010/10/18 17:16:27.0619 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys2010/10/18 17:16:28.0025 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys2010/10/18 17:16:28.0416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/10/18 17:16:29.0103 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys2010/10/18 17:16:30.0931 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/10/18 17:16:31.0228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/10/18 17:16:31.0431 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/10/18 17:16:31.0744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/10/18 17:16:31.0931 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/10/18 17:16:32.0072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/10/18 17:16:32.0291 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys2010/10/18 17:16:32.0588 redbook (8705b7457368375fab40a7e5459b4bcc) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/10/18 17:16:32.0588 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8705b7457368375fab40a7e5459b4bcc, Fake md5: f828dd7e1419b6653894a8f97a0094c52010/10/18 17:16:32.0603 redbook - detected Rootkit.Win32.TDSS.tdl3 (0)2010/10/18 17:16:32.0822 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS2010/10/18 17:16:33.0041 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys2010/10/18 17:16:33.0275 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/10/18 17:16:33.0541 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/10/18 17:16:33.0759 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys2010/10/18 17:16:33.0963 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/10/18 17:16:34.0338 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys2010/10/18 17:16:34.0650 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys2010/10/18 17:16:34.0853 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys2010/10/18 17:16:35.0025 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys2010/10/18 17:16:35.0353 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys2010/10/18 17:16:35.0572 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys2010/10/18 17:16:35.0806 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys2010/10/18 17:16:35.0963 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/10/18 17:16:36.0150 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys2010/10/18 17:16:36.0869 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys2010/10/18 17:16:37.0119 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/10/18 17:16:37.0322 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/10/18 17:16:37.0509 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys2010/10/18 17:16:37.0713 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/10/18 17:16:38.0041 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\WINDOWS\system32\drivers\TPkd.sys2010/10/18 17:16:38.0353 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys2010/10/18 17:16:38.0697 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys2010/10/18 17:16:38.0978 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys2010/10/18 17:16:39.0166 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys2010/10/18 17:16:39.0353 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/10/18 17:16:39.0556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/10/18 17:16:39.0759 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/10/18 17:16:39.0947 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys2010/10/18 17:16:40.0134 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys2010/10/18 17:16:40.0306 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/10/18 17:16:40.0509 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/10/18 17:16:40.0713 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/10/18 17:16:40.0931 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/10/18 17:16:41.0259 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys2010/10/18 17:16:41.0556 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys2010/10/18 17:16:41.0713 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys2010/10/18 17:16:41.0884 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys2010/10/18 17:16:42.0056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys2010/10/18 17:16:42.0228 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys2010/10/18 17:16:42.0447 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys2010/10/18 17:16:42.0650 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys2010/10/18 17:16:42.0853 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/10/18 17:16:43.0213 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys2010/10/18 17:16:43.0400 wlanndi5 (224d5a22893cee9dca7b984433549735) C:\WINDOWS\system32\wlanndi5.SYS2010/10/18 17:16:43.0634 WlanUIG (01a3d371863250118591fb829eec91ac) C:\WINDOWS\system32\DRIVERS\WlanUIG.sys2010/10/18 17:16:43.0916 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys2010/10/18 17:16:44.0103 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2010/10/18 17:16:44.0306 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS2010/10/18 17:16:44.0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/10/18 17:16:44.0744 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/10/18 17:16:44.0931 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys2010/10/18 17:16:45.0228 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys2010/10/18 17:16:45.0494 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys2010/10/18 17:16:45.0588 ================================================================================2010/10/18 17:16:45.0588 Scan finished2010/10/18 17:16:45.0588 ================================================================================2010/10/18 17:16:45.0619 Detected object count: 12010/10/18 17:17:02.0400 redbook (8705b7457368375fab40a7e5459b4bcc) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/10/18 17:17:02.0400 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8705b7457368375fab40a7e5459b4bcc, Fake md5: f828dd7e1419b6653894a8f97a0094c52010/10/18 17:17:04.0478 Backup copy found, using it..2010/10/18 17:17:04.0509 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot2010/10/18 17:17:04.0509 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure2010/10/18 17:17:18.0119 Deinitialize success Link to post Share on other sites More sharing options...
sjpritch25 Posted October 19, 2010 ID:329532 Share Posted October 19, 2010 Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions.2. To optimize scanning time and produce a more sensible report for review:Close any open programsTurn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.3. Click Run at the Security prompt.The program will then begin downloading and installing and will also update the database.Please be patient as this can take quite a long time to download.Once the update is complete, click on Settings.Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:Spyware, adware, dialers, and other riskwareArchivesE-mail databases[*]Click on My Computer under the green Scan bar to the left to start the scan. [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. [*]Click View report... at the bottom.[*] Click the Save report... button.[*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply Link to post Share on other sites More sharing options...
KoolerKii Posted October 19, 2010 Author ID:329533 Share Posted October 19, 2010 When I loaded the website, it asked me for java's "OK" to run, and I allowed it, but then I got this error:So I went to the java website, downloaded the latest version of Java, and re-loaded it, but I got the same error.Oh, and a yellow shield with a "!" mark appeared in my icon tray, it says it has a whole bunch of updates for me, I'm not sure if this is real, or fake. (Automatic updates I think) Link to post Share on other sites More sharing options...
sjpritch25 Posted October 19, 2010 ID:329546 Share Posted October 19, 2010 Go into Add/Remove Programs and remove all other old java versions. REboot and see if you still get that error. Link to post Share on other sites More sharing options...
KoolerKii Posted October 19, 2010 Author ID:330075 Share Posted October 19, 2010 I deleted the java versions except for version 6.22 (the current one)rebooted, tried again, and got the same error.Is it because that warning said "Java framework version 1.5 or later"?Or is that still plain old Java?Oh and here is another screenshot of the window saying that firefox is a threat: Link to post Share on other sites More sharing options...
sjpritch25 Posted October 20, 2010 ID:330146 Share Posted October 20, 2010 Got to love AVG. I hate it by the way. Looks like its blocking it. Try disabling it and see if it runs. Link to post Share on other sites More sharing options...
KoolerKii Posted October 22, 2010 Author ID:331426 Share Posted October 22, 2010 I've gotten it to run now, the last 2 times I ran it, my computer mysteriously turned off, and the 2nd time firefox crashed, so I will post again when I get the report, It takes 8+ hours.Just wanted to post this to let'cha know. Link to post Share on other sites More sharing options...
sjpritch25 Posted October 22, 2010 ID:331444 Share Posted October 22, 2010 okay let me know how it goes Link to post Share on other sites More sharing options...
KoolerKii Posted October 23, 2010 Author ID:332033 Share Posted October 23, 2010 Yay, I finally was spared enough time to finish it, here you go: (it's also attached)--------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER 7.0: scan report Friday, October 22, 2010 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Thursday, October 21, 2010 17:43:52 Records in database: 4184827--------------------------------------------------------------------------------Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yesScan area - My Computer: A:\ C:\ D:\ E:\ F:\ G:\Scan statistics: Objects scanned: 450947 Threats found: 34 Infected objects found: 63 Suspicious objects found: 0 Scan duration: 14:40:48File name / Threat / Threats countC:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\0\69007440-1eb4b000 Infected: Trojan.Java.Agent.l 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\0\69007440-1eb4b000 Infected: Trojan-Downloader.Java.Agent.do 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\0\69007440-1eb4b000 Infected: Trojan-Downloader.Java.Agent.dn 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\10\653a8b4a-2202475d Infected: Exploit.Java.Agent.bu 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\13\d1e278d-46f409fe Infected: Trojan-Downloader.Java.Agent.gh 2C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\18\109bffd2-453243aa Infected: Exploit.Java.Agent.f 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\18\109bffd2-453243aa Infected: Trojan-Downloader.Java.OpenStream.af 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\18\109bffd2-453243aa Infected: Trojan-Downloader.Java.OpenStream.ah 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\2\1f3f8202-628475a8 Infected: Exploit.Java.Agent.f 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\24\36eea358-1a9312aa Infected: Exploit.Java.Agent.aq 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\24\36eea358-1a9312aa Infected: Exploit.Java.Agent.ap 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\24\36eea358-1a9312aa Infected: Exploit.Java.Agent.ao 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\35\41e8aee3-187e2f6c Infected: Exploit.Java.Agent.bu 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-5c7694b6 Infected: Trojan-Downloader.Java.Agent.gr 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-5c7694b6 Infected: Trojan-Downloader.Java.Agent.gs 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-5c7694b6 Infected: Trojan-Downloader.Java.Agent.gt 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\42\32c0eb6a-4d90c5e8 Infected: Exploit.Java.Agent.an 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\42\32c0eb6a-4d90c5e8 Infected: Exploit.Java.Agent.am 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-32c8c9f2 Infected: Exploit.Java.Agent.f 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-32c8c9f2 Infected: Trojan-Downloader.Java.OpenStream.af 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-32c8c9f2 Infected: Trojan-Downloader.Java.OpenStream.ah 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-66e23619 Infected: Exploit.Java.Agent.bu 2C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\53\3911fc75-1d418637 Infected: Trojan-Downloader.Java.Agent.dm 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\53\3911fc75-1d418637 Infected: Trojan-Downloader.Java.Agent.dl 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\53\3911fc75-1d418637 Infected: Exploit.Java.Agent.e 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1ac65c84 Infected: Trojan-Downloader.Java.OpenConnection.at 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1ac65c84 Infected: Exploit.Java.Agent.f 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\6\24e14bc6-25fd8d48 Infected: Exploit.Java.Agent.f 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\6\24e14bc6-25fd8d48 Infected: Trojan-Downloader.Java.OpenStream.af 1C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\6\24e14bc6-25fd8d48 Infected: Trojan-Downloader.Java.OpenStream.ah 1C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rcrack.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtdump.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtgen.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtsort.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1C:\Documents and Settings\The Boys\Local Settings\Temp\3A4.tmp Infected: Trojan-Ransom.Win32.XBlocker.bhg 1C:\Documents and Settings\The Boys\Local Settings\Temp\jar_cache4423205869487119224.tmp Infected: Trojan-Downloader.Java.Agent.ah 2C:\Documents and Settings\The Boys\Local Settings\Temp\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1C:\Documents and Settings\The Boys\Local Settings\Temp\plugtmp-8\plugin-other.swf Infected: Exploit.SWF.Agent.dn 1C:\Documents and Settings\The Boys\Local Settings\Temp\RC1.2.zip Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 4C:\Documents and Settings\The Boys\Local Settings\Temp\stp47647.exe Infected: Trojan-Downloader.Win32.FraudLoad.xbjn 1C:\Documents and Settings\The Boys\Local Settings\Temp\temp.exe Infected: Trojan-Downloader.Win32.Agent.cgzd 1C:\Documents and Settings\The Boys\Local Settings\Temp\Transformice_Hacked_v0.48.rar Infected: Trojan-Dropper.Win32.Mudrop.jtu 1C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\1S3DGIVJ\q002106201317r0409Rc6f0eb70Xda6ba365Y91e3faebZ0100f070[1].pdf Infected: Exploit.JS.Pdfka.bqp 1C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\7PCLA2PM\myreadme[1].pdf Infected: Exploit.JS.Pdfka.btt 1C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\7PCLA2PM\myreadme[2].pdf Infected: Exploit.JS.Pdfka.btt 1C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\95GB8ZQE\q002106201317r0409R12ec7ef0Xda667e9fY91e3faebZ0100f070[1].pdf Infected: Exploit.JS.Pdfka.bqp 1C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup(2).exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1C:\Program Files\Cain\Abel.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1C:\WINDOWS\system32\alcxmntr.exe Infected: Trojan-Clicker.Win32.Cycler.peh 1C:\WINDOWS\system32\ltmsg.exe Infected: Trojan-Clicker.Win32.Cycler.peh 1C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe Infected: Trojan-Clicker.Win32.Cycler.peh 1C:\WINDOWS\Temp\5c84e576.exe Infected: Trojan-Spy.Win32.Zbot.altu 1C:\WINDOWS\Temp\6C.tmp Infected: Trojan-Spy.Win32.Zbot.altu 1Selected area has been scanned.KasReport.txt Link to post Share on other sites More sharing options...
sjpritch25 Posted October 23, 2010 ID:332259 Share Posted October 23, 2010 Where did you download the following file from?C:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3 Link to post Share on other sites More sharing options...
KoolerKii Posted October 23, 2010 Author ID:332338 Share Posted October 23, 2010 Heh, no clue, that's from my step-dad's user(and I don't know that music artist ), I'm guessing Limewire. Link to post Share on other sites More sharing options...
sjpritch25 Posted October 23, 2010 ID:332363 Share Posted October 23, 2010 Please download the OTM.exe by OldTimer. Save it to your desktop. Please double-click OTM.exe to run it.Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::filesC:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rcrack.exeC:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtdump.exeC:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtgen.exeC:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtsort.exeC:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup(2).exeC:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup.exeC:\WINDOWS\system32\alcxmntr.exe C:\WINDOWS\system32\ltmsg.exeC:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe:commands[emptytemp][emptyflash][reboot] Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.Click the red Moveit! button.Click Ok to allow OTM reboot your machine.After reboot, a log file will appear. Copy the contents to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTM Link to post Share on other sites More sharing options...
KoolerKii Posted October 23, 2010 Author ID:332403 Share Posted October 23, 2010 When I click that link to download OTM, I get the Firefox problem page, you know;Server not foundFirefox can't find the server at <a%20href="http. * Check the address for typing errors such as ww.example.com instead of www.example.com * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the We Link to post Share on other sites More sharing options...
sjpritch25 Posted October 23, 2010 ID:332436 Share Posted October 23, 2010 sorry about that it was a syntax problem. It should work now Link to post Share on other sites More sharing options...
KoolerKii Posted October 23, 2010 Author ID:332664 Share Posted October 23, 2010 There you go:All processes killed========== FILES ==========C:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3 moved successfully.C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rcrack.exe moved successfully.C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtdump.exe moved successfully.C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtgen.exe moved successfully.C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtsort.exe moved successfully.C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup(2).exe moved successfully.C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup.exe moved successfully.C:\WINDOWS\system32\alcxmntr.exe moved successfully.C:\WINDOWS\system32\ltmsg.exe moved successfully.C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe moved successfully.========== COMMANDS ==========[EMPTYTEMP]User: Administrator->Temp folder emptied: 11540 bytes->Temporary Internet Files folder emptied: 45388 bytesUser: All UsersUser: Application DataUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytes->Flash cache emptied: 41620 bytesUser: LocalService->Temp folder emptied: 83220 bytes->Temporary Internet Files folder emptied: 342428 bytes->Flash cache emptied: 0 bytesUser: Marty->Temp folder emptied: 410028701 bytes->Temporary Internet Files folder emptied: 344439276 bytes->Java cache emptied: 69287771 bytes->Apple Safari cache emptied: 7663616 bytes->Flash cache emptied: 136821 bytesUser: Marty.AWESOME->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 271126982 bytes->Java cache emptied: 5100161 bytes->Flash cache emptied: 30829 bytesUser: MOM->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 289989342 bytes->Java cache emptied: 4989591 bytes->Flash cache emptied: 8156 bytesUser: MOM.AWES->Temp folder emptied: 5823680004 bytes->Temporary Internet Files folder emptied: 273090500 bytes->Java cache emptied: 248695585 bytes->Apple Safari cache emptied: 1473536 bytes->Flash cache emptied: 195524 bytesUser: Mom.AWESOME->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 348 bytesUser: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 1353420 bytes->Flash cache emptied: 31793 bytesUser: Ricky.AWESOME->Java cache emptied: 337571 bytes->Flash cache emptied: 17009 bytesUser: Test Account->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 32902 bytesUser: The Boys->Temp folder emptied: 7573897466 bytes->Temporary Internet Files folder emptied: 1306863875 bytes->Java cache emptied: 473718179 bytes->FireFox cache emptied: 64580443 bytes->Apple Safari cache emptied: 923648 bytes->Flash cache emptied: 2711337 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 413753 bytes%systemroot%\System32 .tmp files removed: 3590161 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 489914458 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91256110 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytesRecycleBin emptied: 3778431410 bytesTotal Files Cleaned = 20,541.00 mbOTM by OldTimer - Version 3.1.17.0 log created on 10232010_182837Files moved on Reboot...File C:\Documents and Settings\The Boys\Local Settings\Temp\fla4E8.tmp not found!C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_001_ moved successfully.C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_002_ moved successfully.C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_003_ moved successfully.C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_MAP_ moved successfully.C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\urlclassifier3.sqlite moved successfully.C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\XUL.mfl moved successfully.Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
sjpritch25 Posted October 24, 2010 ID:332694 Share Posted October 24, 2010 how is everything running??? Link to post Share on other sites More sharing options...
KoolerKii Posted October 24, 2010 Author ID:332964 Share Posted October 24, 2010 I hate to say it, but worse! Sometimes my mouse stops, and it will NOT move until I shut the computer down and start it up again, I get the AVG Resident Shield alert multiple threat detection almost every minute (every time its a white-lighted object with explorer.exe and winlogon.exe).Computer speed is still fine though, I had to get here using the arrow keys and the tab button though.I also couldn't find any bad services in run>msconfig to not allow to startup on start-up, so I am lost. Heh.Oh, and I checked my mouse cord, it is fine and plugged in. Link to post Share on other sites More sharing options...
sjpritch25 Posted October 24, 2010 ID:333126 Share Posted October 24, 2010 Okay. i need you to uninstall AVG because it will affect the running of ComboFix. Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix**Note: It is important that it is saved directly to your desktop**--------------------------------------------------------------------1. Close any open browsers.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.--------------------------------------------------------------------Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" .Note:Do not mouseclick combofix's window while it's running. That may cause it to stall Link to post Share on other sites More sharing options...
KoolerKii Posted October 28, 2010 Author ID:335119 Share Posted October 28, 2010 Hey, I downloaded it, but I can't find out how to dis-able AVG. I followed the link it gave me, and followed the directions there, but ComboFix still said it was on.I went into run > msconfig and turned it off in the startup and services tabs, and rebooted and it still said It was running. I also killed all the processes too. Link to post Share on other sites More sharing options...
sjpritch25 Posted October 28, 2010 ID:335523 Share Posted October 28, 2010 You might be better off just uninstalling AVG for now. Link to post Share on other sites More sharing options...
KoolerKii Posted October 28, 2010 Author ID:335698 Share Posted October 28, 2010 Heh, okay, I will un-install that and reply again when ComboFix is done. Link to post Share on other sites More sharing options...
Recommended Posts