Jump to content

Fake AVG?


Recommended Posts

Hello.

I have the free version of AVG, and lately I've been getting

http://free.avg.com/us-en/homepage

and I have this popping up sometimes:

2zrnrwl.png

Which could be normal, but it just started.

But then I started getting warnings and how I should remove the threats with the svchost.exe. Which I know can be faked, but I knew this was fake when it reported mbam.exe as a threat when I did a update + full scan on my entire computer(which found nothing). But I also know it could have been picked up because, well, it does things normal anti-viruses don't do. But wait, there is more! Then, one time, it reported firefox.exe as a threat.

So I am completely lost.

Oh, and I have been getting google re-directs as well, but I they aren't as annoying.

After doing 2 full scans of every drive and everything on my computer with no results on MalwareBytes, this is what I turned to.

I run on Windows XP; Home Edition.

When I try removing these threats, nothing happens besides it pops up again later with the same threats.

Also note that these threat pop-ups seem to open when the computer is un-active. They won't pop-up when I am using the computer. So when I go to bed, and turn my monitor on, it will be there.

As far as I have experienced, my computer isn't running any slower, or performing less as it was before.

I am kind-of confused whether it is real, or not.

I will add one of those mbam logs that I talked about here:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4825

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/15/2010 4:07:12 AM

mbam-log-2010-10-15 (04-07-12).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 685757

Time elapsed: 6 hour(s), 7 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

I tried killing a view AVG looking processes with the Task Manager, but they just re-appeared, here are the names:

avgnsx.exe (2)

avgcsrvx.exe (2)

avgtray.exe

avgwdsvc.exe

I added a (2) because there is 2 of them.

Please help me, thanks in advance,

KoolerKii

Link to post
Share on other sites

Welcome to MBAM :)

Scan with RKUnHooker

  • Please download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest, then Click Ok.
  • Wait till the scanner has finished then click File, Save Report.
  • Save the report to your Desktop. Click Close.

In your next reply, copy and paste the contents of the log.

Note*** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!!

It is recommended to remove parasite, okay?"

=======================================================

Please download mbr.exe to your root drive (usually C;).

[*]Go to Start -? Run and type the following mbr.exe

Link to post
Share on other sites

RKUnHooker Report:

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #1

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\vtdisp.dll 3448832 bytes (VIA/S3 Graphics Co, Ltd., VIA/S3G Graphics Driver)

0xF6490000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2281472 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))

0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189184 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2189184 bytes

0x804D7000 RAW 2189184 bytes

0x804D7000 WMIxWDM 2189184 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF6704000 C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys 634880 bytes (Agere Systems, Agere Windows Modem)

0xF72AE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF4B10000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF63D2000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)

0xF5125000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xEEB6C000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xEE63E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF50EB000 C:\WINDOWS\System32\Drivers\avgtdix.sys 237568 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0xF46EC000 C:\WINDOWS\System32\Drivers\avgldx86.sys 212992 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xF7438000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xEED03000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xF7281000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xEC44B000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF4B80000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF67B3000 C:\WINDOWS\System32\DRIVERS\vtmini.sys 176128 bytes (Copyright © VIA/S3 Graphics Co, Ltd., VIA/S3G Miniport Driver)

0xF4BCD000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF50C5000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)

0xF3990000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)

0xF646C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF66BD000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF73CD000 fasttx2k.sys 143360 bytes (Promise Technology, Inc., Promise FastTrak Series Driver for WindowsXP)

0xF66E1000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF4BAB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x806EE000 ACPI_HAL 131840 bytes

0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF7395000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF7408000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7365000 TPkd.sys 122880 bytes (PACE Anti-Piracy, Inc., InterLok system file)

0xF7267000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF73F0000 ATAPI.SYS 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)

0xF73B5000 C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)

0xF734E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xF6441000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0xEE76F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)

0xF6458000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)

0xF679F000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)

0xF517E000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)

0xF733B000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)

0xF7383000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)

0xF7427000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0xF6430000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)

0xF4C35000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)

0xF7677000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xF7547000 C:\WINDOWS\System32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)

0xF74F7000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0xF76B7000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)

0xF684E000 C:\WINDOWS\System32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)

0xF7697000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0xF7687000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)

0xEE824000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)

0xF6DFB000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)

0xF7507000 C:\WINDOWS\System32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0xF74C7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)

0xF76C7000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)

0xF76E7000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xF74A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0xF7557000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0xF7517000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)

0xF76A7000 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys 45056 bytes (VIA Technologies, Inc. , NDIS 5.0 miniport driver)

0xF67DE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)

0xF7657000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)

0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)

0xF76F7000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0xF7647000 C:\WINDOWS\System32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)

0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)

0xF6E0B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)

0xF74D7000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0xF6E1B000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)

0xF7667000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)

0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)

0xF76D7000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)

0xF6E5B000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)

0xF67FE000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)

0xEE3F6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0xF6E2B000 C:\WINDOWS\System32\Drivers\Pcouffin.sys 36864 bytes (VSO Software, Patin-Couffin low level access layer for CD devices)

0xF74E7000 SISAGPX.sys 36864 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)

0xF685E000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0xF786F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)

0xF77E7000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)

0xF7887000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0xF77AF000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)

0xF788F000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0xF7767000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0xF7707000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0xF77EF000 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)

0xF7717000 viaagp1.sys 28672 bytes (VIA Technologies, Inc., VIA NT AGP Filter)

0xF77FF000 C:\WINDOWS\System32\Drivers\avgmfx86.sys 24576 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xF7877000 C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0xF775F000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)

0xF774F000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)

0xF771F000 nv_agp.sys 24576 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)

0xF7757000 C:\WINDOWS\System32\DRIVERS\PS2.sys 24576 bytes (Hewlett-Packard Company, PS2 SYS)

0xF787F000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xF77D7000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xF77C7000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)

0xF77DF000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)

0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)

0xF779F000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)

0xF77A7000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)

0xF776F000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)

0xF7867000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)

0xEEFB4000 C:\WINDOWS\system32\DRIVERS\mdc8021x.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)

0xF7937000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)

0xEEFB0000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)

0xF68E9000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)

0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)

0xF5332000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)

0xF793B000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0xF68E1000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0xF7923000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0xF5352000 C:\WINDOWS\System32\DRIVERS\srvkp.sys 12288 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)

0xF68E5000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)

0xF5356000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)

0xF7A25000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)

0xF79EF000 C:\Program Files\321Studios\Shared\CDRPDACC.SYS 8192 bytes (Arrowkey, CD Device Access)

0xF7A23000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)

0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0xF7A27000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)

0xF79B3000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)

0xF7A29000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)

0xF7A1B000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0xF7A1D000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0xF798B000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

0xF7989000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0xF7A5D000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)

0xF7B53000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)

0xF7A54000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)

0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)

!!!!!!!!!!!Hidden driver: 0x860B4AEA ?_empty_? 1302 bytes

!!!!!!!!!!!Hidden driver: 0x8613D928 ?_empty_? 0 bytes

==============================================

>Stealth

==============================================

0xF73F0000 WARNING: suspicious driver modification [ATAPI.SYS::0x860B4AEA]

0x00FE0000 Hidden Image-->Kodak.Diagnostics.dll [ EPROCESS 0x85BFA020 ] PID: 1172, 45056 bytes

0xF7687000 WARNING: Virus alike driver modification [redbook.sys], 61440 bytes

!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

The mbr.exe did not work for me. I put it in My Computer > PRESARIO (C:), then did start > run, and put "mbr.exe

Link to post
Share on other sites

  • Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, ensure Cure is selected (it should be by default)
  • Click Continue then click Reboot now
  • Once complete, a log will be produced at the root drive which is typically C:\
    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Attach that log, please.

Link to post
Share on other sites

Here you go:

2010/10/18 17:15:36.0806 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/18 17:15:36.0806 ================================================================================

2010/10/18 17:15:36.0806 SystemInfo:

2010/10/18 17:15:36.0806

2010/10/18 17:15:36.0806 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/18 17:15:36.0806 Product type: Workstation

2010/10/18 17:15:36.0806 ComputerName: AWES

2010/10/18 17:15:36.0806 UserName: The Boys

2010/10/18 17:15:36.0806 Windows directory: C:\WINDOWS

2010/10/18 17:15:36.0806 System windows directory: C:\WINDOWS

2010/10/18 17:15:36.0806 Processor architecture: Intel x86

2010/10/18 17:15:36.0806 Number of processors: 1

2010/10/18 17:15:36.0806 Page size: 0x1000

2010/10/18 17:15:36.0806 Boot type: Normal boot

2010/10/18 17:15:36.0806 ================================================================================

2010/10/18 17:15:37.0400 Initialize success

2010/10/18 17:15:57.0884 ================================================================================

2010/10/18 17:15:57.0884 Scan started

2010/10/18 17:15:57.0884 Mode: Manual;

2010/10/18 17:15:57.0884 ================================================================================

2010/10/18 17:15:59.0275 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/18 17:15:59.0494 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/18 17:15:59.0806 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/18 17:15:59.0994 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/18 17:16:00.0197 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2010/10/18 17:16:00.0416 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/18 17:16:01.0103 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/18 17:16:01.0572 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys

2010/10/18 17:16:01.0884 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/18 17:16:02.0588 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/18 17:16:02.0775 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\ATAPI.SYS

2010/10/18 17:16:03.0119 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/18 17:16:03.0291 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/18 17:16:03.0509 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/10/18 17:16:03.0744 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/10/18 17:16:03.0931 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/10/18 17:16:04.0166 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/18 17:16:04.0509 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/18 17:16:04.0728 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/18 17:16:05.0056 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/18 17:16:05.0259 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/18 17:16:05.0478 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/18 17:16:05.0634 CDRPDACC (f4dd5641576334e4eeabfe50b065e572) C:\Program Files\321Studios\Shared\CDRPDACC.SYS

2010/10/18 17:16:06.0978 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/18 17:16:07.0197 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/18 17:16:07.0400 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/18 17:16:07.0603 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/18 17:16:07.0806 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/18 17:16:08.0119 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/18 17:16:08.0478 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/18 17:16:08.0744 fasttx2k (6339aaf63240df0634902b98c0f56049) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys

2010/10/18 17:16:08.0978 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/18 17:16:09.0119 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

2010/10/18 17:16:09.0322 FETNDISB (29063004926b225c417e7147822f5866) C:\WINDOWS\system32\DRIVERS\fetnd5b.sys

2010/10/18 17:16:09.0509 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/18 17:16:09.0728 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/18 17:16:09.0916 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/18 17:16:10.0119 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/18 17:16:10.0306 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/18 17:16:10.0525 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/18 17:16:10.0728 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/18 17:16:10.0869 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys

2010/10/18 17:16:11.0025 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/18 17:16:11.0322 HPZid412 (287a63bd8509bd78e7978823b38afa81) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2010/10/18 17:16:11.0494 HPZipr12 (0b4fda2657c3e0315eaa57f9c6d4fd1f) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2010/10/18 17:16:11.0697 HPZius12 (29559db25258b60510a60c4e470fce32) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2010/10/18 17:16:11.0900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/18 17:16:12.0353 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/18 17:16:12.0541 ialm (1406d6ef4436aee970efe13193123965) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/10/18 17:16:12.0744 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/18 17:16:13.0072 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2010/10/18 17:16:13.0275 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/18 17:16:13.0431 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/18 17:16:13.0619 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/18 17:16:13.0822 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/18 17:16:14.0025 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/18 17:16:14.0181 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/18 17:16:14.0369 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/18 17:16:14.0556 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/18 17:16:14.0759 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/18 17:16:14.0994 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/18 17:16:15.0213 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/18 17:16:15.0603 ltmodem5 (829ef680a308c12e2a80e5e0da0d958d) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys

2010/10/18 17:16:15.0822 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

2010/10/18 17:16:16.0056 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/18 17:16:16.0259 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/18 17:16:16.0431 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/18 17:16:16.0634 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/18 17:16:16.0838 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/18 17:16:17.0322 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/18 17:16:17.0509 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/18 17:16:17.0759 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/18 17:16:17.0931 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/18 17:16:18.0228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/18 17:16:18.0447 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/18 17:16:18.0619 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/18 17:16:18.0869 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/18 17:16:19.0072 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/18 17:16:19.0244 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/18 17:16:19.0447 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/18 17:16:19.0634 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/18 17:16:19.0853 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/18 17:16:20.0009 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/18 17:16:20.0166 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/18 17:16:20.0384 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/18 17:16:20.0603 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/18 17:16:20.0822 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/18 17:16:21.0072 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/18 17:16:21.0275 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

2010/10/18 17:16:21.0416 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/18 17:16:21.0728 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/18 17:16:21.0978 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/18 17:16:22.0244 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/18 17:16:22.0509 nvcap (9b7accfac9b19b98d54f45a9cf61ca39) C:\WINDOWS\system32\DRIVERS\nvcap.sys

2010/10/18 17:16:22.0744 NVXBAR (bef79a5b5a01bb749afbed27837e6311) C:\WINDOWS\system32\DRIVERS\NVxbar.sys

2010/10/18 17:16:22.0931 nv_agp (01621905ae34bc24aaa2fddb93977299) C:\WINDOWS\system32\DRIVERS\nv_agp.sys

2010/10/18 17:16:23.0119 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/18 17:16:23.0306 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/18 17:16:23.0494 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/10/18 17:16:23.0728 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/18 17:16:23.0931 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/18 17:16:24.0119 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/18 17:16:24.0306 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/18 17:16:24.0634 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/18 17:16:24.0838 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/18 17:16:25.0025 Pcouffin (62c72e912a04aa927d9eaf9a0b157aaf) C:\WINDOWS\system32\Drivers\Pcouffin.sys

2010/10/18 17:16:25.0181 PCTINDIS5 (351bd8c80b2c411ea5a122fcfed4d7c8) C:\WINDOWS\system32\PCTINDIS5.SYS

2010/10/18 17:16:26.0822 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/18 17:16:27.0228 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/18 17:16:27.0619 Ps2 (9b793a1ffd480155fe9ee5261153f21b) C:\WINDOWS\system32\DRIVERS\PS2.sys

2010/10/18 17:16:28.0025 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/18 17:16:28.0416 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/18 17:16:29.0103 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2010/10/18 17:16:30.0931 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/18 17:16:31.0228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/18 17:16:31.0431 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/18 17:16:31.0744 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/18 17:16:31.0931 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/18 17:16:32.0072 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/18 17:16:32.0291 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/18 17:16:32.0588 redbook (8705b7457368375fab40a7e5459b4bcc) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 17:16:32.0588 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8705b7457368375fab40a7e5459b4bcc, Fake md5: f828dd7e1419b6653894a8f97a0094c5

2010/10/18 17:16:32.0603 redbook - detected Rootkit.Win32.TDSS.tdl3 (0)

2010/10/18 17:16:32.0822 rtl8139 (2ef9c0dc26b30b2318b1fc3faa1f0ae7) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2010/10/18 17:16:33.0041 S3Psddr (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys

2010/10/18 17:16:33.0275 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/18 17:16:33.0541 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/18 17:16:33.0759 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/18 17:16:33.0963 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/18 17:16:34.0338 SiS315 (bdfef5c5d41ba377852389e8f07104ea) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2010/10/18 17:16:34.0650 SISAGP (923d23638c616eecb0d811461161d0b8) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys

2010/10/18 17:16:34.0853 SiSkp (7e9e5823afbb5af2851abb1659ff627d) C:\WINDOWS\system32\DRIVERS\srvkp.sys

2010/10/18 17:16:35.0025 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/18 17:16:35.0353 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/18 17:16:35.0572 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/18 17:16:35.0806 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/18 17:16:35.0963 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/18 17:16:36.0150 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/18 17:16:36.0869 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/18 17:16:37.0119 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/18 17:16:37.0322 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/18 17:16:37.0509 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/18 17:16:37.0713 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/18 17:16:38.0041 TPkd (5815ae5ef8519066f19e575d67f6f191) C:\WINDOWS\system32\drivers\TPkd.sys

2010/10/18 17:16:38.0353 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/18 17:16:38.0697 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/18 17:16:38.0978 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/18 17:16:39.0166 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/18 17:16:39.0353 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/18 17:16:39.0556 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/18 17:16:39.0759 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/18 17:16:39.0947 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys

2010/10/18 17:16:40.0134 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/18 17:16:40.0306 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/18 17:16:40.0509 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/18 17:16:40.0713 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/18 17:16:40.0931 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/18 17:16:41.0259 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/18 17:16:41.0556 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/10/18 17:16:41.0713 viagfx (45489356501ec6cbb789dece991d393f) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2010/10/18 17:16:41.0884 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/18 17:16:42.0056 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/18 17:16:42.0228 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys

2010/10/18 17:16:42.0447 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys

2010/10/18 17:16:42.0650 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys

2010/10/18 17:16:42.0853 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/18 17:16:43.0213 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/18 17:16:43.0400 wlanndi5 (224d5a22893cee9dca7b984433549735) C:\WINDOWS\system32\wlanndi5.SYS

2010/10/18 17:16:43.0634 WlanUIG (01a3d371863250118591fb829eec91ac) C:\WINDOWS\system32\DRIVERS\WlanUIG.sys

2010/10/18 17:16:43.0916 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/18 17:16:44.0103 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/18 17:16:44.0306 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/18 17:16:44.0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/18 17:16:44.0744 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/18 17:16:44.0931 ZD1211BU(ZyDAS) (154fe6a5a608cd725266877901e883c2) C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

2010/10/18 17:16:45.0228 {6080A529-897E-4629-A488-ABA0C29B635E} (fd1f4e9cf06c71c8d73a24acf18d8296) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/10/18 17:16:45.0494 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (d4d7331d33d1fa73e588e5ce0d90a4c1) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/10/18 17:16:45.0588 ================================================================================

2010/10/18 17:16:45.0588 Scan finished

2010/10/18 17:16:45.0588 ================================================================================

2010/10/18 17:16:45.0619 Detected object count: 1

2010/10/18 17:17:02.0400 redbook (8705b7457368375fab40a7e5459b4bcc) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/18 17:17:02.0400 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8705b7457368375fab40a7e5459b4bcc, Fake md5: f828dd7e1419b6653894a8f97a0094c5

2010/10/18 17:17:04.0478 Backup copy found, using it..

2010/10/18 17:17:04.0509 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot

2010/10/18 17:17:04.0509 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure

2010/10/18 17:17:18.0119 Deinitialize success

Link to post
Share on other sites

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    KasReport.png

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Link to post
Share on other sites

When I loaded the website, it asked me for java's "OK" to run, and I allowed it, but then I got this error:

2qd3mdw.png

So I went to the java website, downloaded the latest version of Java, and re-loaded it, but I got the same error.

Oh, and a yellow shield with a "!" mark appeared in my icon tray, it says it has a whole bunch of updates for me, I'm not sure if this is real, or fake. (Automatic updates I think)

Link to post
Share on other sites

I deleted the java versions except for version 6.22 (the current one)

rebooted, tried again, and got the same error.

Is it because that warning said "Java framework version 1.5 or later"?

Or is that still plain old Java?

Oh and here is another screenshot of the window saying that firefox is a threat:

2j10l5u.png

Link to post
Share on other sites

Yay, I finally was spared enough time to finish it, here you go: (it's also attached)

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Friday, October 22, 2010

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Thursday, October 21, 2010 17:43:52

Records in database: 4184827

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

Scan statistics:

Objects scanned: 450947

Threats found: 34

Infected objects found: 63

Suspicious objects found: 0

Scan duration: 14:40:48

File name / Threat / Threats count

C:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3 Infected: Trojan-Downloader.WMA.GetCodec.w 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\0\69007440-1eb4b000 Infected: Trojan.Java.Agent.l 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\0\69007440-1eb4b000 Infected: Trojan-Downloader.Java.Agent.do 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\0\69007440-1eb4b000 Infected: Trojan-Downloader.Java.Agent.dn 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\10\653a8b4a-2202475d Infected: Exploit.Java.Agent.bu 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\13\d1e278d-46f409fe Infected: Trojan-Downloader.Java.Agent.gh 2

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\18\109bffd2-453243aa Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\18\109bffd2-453243aa Infected: Trojan-Downloader.Java.OpenStream.af 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\18\109bffd2-453243aa Infected: Trojan-Downloader.Java.OpenStream.ah 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\2\1f3f8202-628475a8 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\24\36eea358-1a9312aa Infected: Exploit.Java.Agent.aq 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\24\36eea358-1a9312aa Infected: Exploit.Java.Agent.ap 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\24\36eea358-1a9312aa Infected: Exploit.Java.Agent.ao 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\35\41e8aee3-187e2f6c Infected: Exploit.Java.Agent.bu 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-5c7694b6 Infected: Trojan-Downloader.Java.Agent.gr 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-5c7694b6 Infected: Trojan-Downloader.Java.Agent.gs 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\41\19f9d829-5c7694b6 Infected: Trojan-Downloader.Java.Agent.gt 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\42\32c0eb6a-4d90c5e8 Infected: Exploit.Java.Agent.an 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\42\32c0eb6a-4d90c5e8 Infected: Exploit.Java.Agent.am 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-32c8c9f2 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-32c8c9f2 Infected: Trojan-Downloader.Java.OpenStream.af 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\43\7c36b3ab-32c8c9f2 Infected: Trojan-Downloader.Java.OpenStream.ah 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\48\4084a7b0-66e23619 Infected: Exploit.Java.Agent.bu 2

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\53\3911fc75-1d418637 Infected: Trojan-Downloader.Java.Agent.dm 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\53\3911fc75-1d418637 Infected: Trojan-Downloader.Java.Agent.dl 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\53\3911fc75-1d418637 Infected: Exploit.Java.Agent.e 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1ac65c84 Infected: Trojan-Downloader.Java.OpenConnection.at 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\57\4839f1b9-1ac65c84 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\6\24e14bc6-25fd8d48 Infected: Exploit.Java.Agent.f 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\6\24e14bc6-25fd8d48 Infected: Trojan-Downloader.Java.OpenStream.af 1

C:\Documents and Settings\The Boys\Application Data\Sun\Java\Deployment\cache\6.0\6\24e14bc6-25fd8d48 Infected: Trojan-Downloader.Java.OpenStream.ah 1

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rcrack.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtdump.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtgen.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtsort.exe Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 1

C:\Documents and Settings\The Boys\Local Settings\Temp\3A4.tmp Infected: Trojan-Ransom.Win32.XBlocker.bhg 1

C:\Documents and Settings\The Boys\Local Settings\Temp\jar_cache4423205869487119224.tmp Infected: Trojan-Downloader.Java.Agent.ah 2

C:\Documents and Settings\The Boys\Local Settings\Temp\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\Documents and Settings\The Boys\Local Settings\Temp\plugtmp-8\plugin-other.swf Infected: Exploit.SWF.Agent.dn 1

C:\Documents and Settings\The Boys\Local Settings\Temp\RC1.2.zip Infected: not-a-virus:PSWTool.Win32.Rainbow.12.a 4

C:\Documents and Settings\The Boys\Local Settings\Temp\stp47647.exe Infected: Trojan-Downloader.Win32.FraudLoad.xbjn 1

C:\Documents and Settings\The Boys\Local Settings\Temp\temp.exe Infected: Trojan-Downloader.Win32.Agent.cgzd 1

C:\Documents and Settings\The Boys\Local Settings\Temp\Transformice_Hacked_v0.48.rar Infected: Trojan-Dropper.Win32.Mudrop.jtu 1

C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\1S3DGIVJ\q002106201317r0409Rc6f0eb70Xda6ba365Y91e3faebZ0100f070[1].pdf Infected: Exploit.JS.Pdfka.bqp 1

C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\7PCLA2PM\myreadme[1].pdf Infected: Exploit.JS.Pdfka.btt 1

C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\7PCLA2PM\myreadme[2].pdf Infected: Exploit.JS.Pdfka.btt 1

C:\Documents and Settings\The Boys\Local Settings\Temporary Internet Files\Content.IE5\95GB8ZQE\q002106201317r0409R12ec7ef0Xda667e9fY91e3faebZ0100f070[1].pdf Infected: Exploit.JS.Pdfka.bqp 1

C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup(2).exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1

C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1

C:\Program Files\Cain\Abel.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1

C:\Program Files\mIRC\backups\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

C:\WINDOWS\system32\alcxmntr.exe Infected: Trojan-Clicker.Win32.Cycler.peh 1

C:\WINDOWS\system32\ltmsg.exe Infected: Trojan-Clicker.Win32.Cycler.peh 1

C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe Infected: Trojan-Clicker.Win32.Cycler.peh 1

C:\WINDOWS\Temp\5c84e576.exe Infected: Trojan-Spy.Win32.Zbot.altu 1

C:\WINDOWS\Temp\6C.tmp Infected: Trojan-Spy.Win32.Zbot.altu 1

Selected area has been scanned.

KasReport.txt

Link to post
Share on other sites

Please download the OTM.exe by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :files
    C:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3
    C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rcrack.exe
    C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtdump.exe
    C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtgen.exe
    C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtsort.exe
    C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup(2).exe
    C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup.exe
    C:\WINDOWS\system32\alcxmntr.exe
    C:\WINDOWS\system32\ltmsg.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe
    :commands
    [emptytemp]
    [emptyflash]
    [reboot]


  • Return to OTMoveIt3, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Click Ok to allow OTM reboot your machine.
  • After reboot, a log file will appear. Copy the contents to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM

Link to post
Share on other sites

When I click that link to download OTM, I get the Firefox problem page, you know;

Server not found

Firefox can't find the server at <a%20href="http.

* Check the address for typing errors such as

ww.example.com instead of

www.example.com

* If you are unable to load any pages, check your computer's network

connection.

* If your computer or network is protected by a firewall or proxy, make sure

that Firefox is permitted to access the We

Link to post
Share on other sites

There you go:

All processes killed

========== FILES ==========

C:\Documents and Settings\Marty\Desktop\Ipod\Bruce Springsteen - Prove It All Night - live (31-12-78).mp3 moved successfully.

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rcrack.exe moved successfully.

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtdump.exe moved successfully.

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtgen.exe moved successfully.

C:\Documents and Settings\The Boys\Desktop\Junk\jacktheripper\rtsort.exe moved successfully.

C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup(2).exe moved successfully.

C:\Documents and Settings\The Boys\My Documents\Downloads\ca_setup.exe moved successfully.

C:\WINDOWS\system32\alcxmntr.exe moved successfully.

C:\WINDOWS\system32\ltmsg.exe moved successfully.

C:\WINDOWS\system32\spool\drivers\w32x86\3\ekij5000mui.exe moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 11540 bytes

->Temporary Internet Files folder emptied: 45388 bytes

User: All Users

User: Application Data

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 41620 bytes

User: LocalService

->Temp folder emptied: 83220 bytes

->Temporary Internet Files folder emptied: 342428 bytes

->Flash cache emptied: 0 bytes

User: Marty

->Temp folder emptied: 410028701 bytes

->Temporary Internet Files folder emptied: 344439276 bytes

->Java cache emptied: 69287771 bytes

->Apple Safari cache emptied: 7663616 bytes

->Flash cache emptied: 136821 bytes

User: Marty.AWESOME

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 271126982 bytes

->Java cache emptied: 5100161 bytes

->Flash cache emptied: 30829 bytes

User: MOM

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 289989342 bytes

->Java cache emptied: 4989591 bytes

->Flash cache emptied: 8156 bytes

User: MOM.AWES

->Temp folder emptied: 5823680004 bytes

->Temporary Internet Files folder emptied: 273090500 bytes

->Java cache emptied: 248695585 bytes

->Apple Safari cache emptied: 1473536 bytes

->Flash cache emptied: 195524 bytes

User: Mom.AWESOME

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 348 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1353420 bytes

->Flash cache emptied: 31793 bytes

User: Ricky.AWESOME

->Java cache emptied: 337571 bytes

->Flash cache emptied: 17009 bytes

User: Test Account

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: The Boys

->Temp folder emptied: 7573897466 bytes

->Temporary Internet Files folder emptied: 1306863875 bytes

->Java cache emptied: 473718179 bytes

->FireFox cache emptied: 64580443 bytes

->Apple Safari cache emptied: 923648 bytes

->Flash cache emptied: 2711337 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 413753 bytes

%systemroot%\System32 .tmp files removed: 3590161 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 489914458 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91256110 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 3778431410 bytes

Total Files Cleaned = 20,541.00 mb

OTM by OldTimer - Version 3.1.17.0 log created on 10232010_182837

Files moved on Reboot...

File C:\Documents and Settings\The Boys\Local Settings\Temp\fla4E8.tmp not found!

C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_001_ moved successfully.

C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_002_ moved successfully.

C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_003_ moved successfully.

C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\Cache\_CACHE_MAP_ moved successfully.

C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\urlclassifier3.sqlite moved successfully.

C:\Documents and Settings\The Boys\Local Settings\Application Data\Mozilla\Firefox\Profiles\y19ysl71.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

I hate to say it, but worse! Sometimes my mouse stops, and it will NOT move until I shut the computer down and start it up again, I get the AVG Resident Shield alert multiple threat detection almost every minute (every time its a white-lighted object with explorer.exe and winlogon.exe).

Computer speed is still fine though, I had to get here using the arrow keys and the tab button though.

I also couldn't find any bad services in run>msconfig to not allow to startup on start-up, so I am lost. Heh.

Oh, and I checked my mouse cord, it is fine and plugged in.

Link to post
Share on other sites

Okay. i need you to uninstall AVG because it will affect the running of ComboFix.

Download Combofix from this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .

Note:

Do not mouseclick combofix's window while it's running. That may cause it to stall

Link to post
Share on other sites

Hey, I downloaded it, but I can't find out how to dis-able AVG.

I followed the link it gave me, and followed the directions there, but ComboFix still said it was on.

I went into run > msconfig and turned it off in the startup and services tabs, and rebooted and it still said It was running. I also killed all the processes too.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.