Jump to content

Need help to remove Malware, Malwarebyte crash after clicking scan


nic977

Recommended Posts

Hi, my computer is infected with some malware. I initially did a full scan using malwarebyte and have cleaned out something. Then I further did a AV scan in safe mode and it found another virus. However, after the computer restart, I try to scan it again with Malwarebytes, it crash after clicking scan, the software crashed. Later I try to use it again, it gives me this message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". Prior to the AV scan, I see "Antivirus 2010". The computer seems fine but it opens up random websites and I don't know what other malware is running. I see some other people here experience the same problem and hope somebody can help. Thank you so much!!

Link to post
Share on other sites

:)

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Note: If you loose your internet connection after the above

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

On the desktop, doubleclick fix.reg and allow it to run. Let it merge

After the reboot, we will reinstall TCP/IP

  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box

After that, Reboot your computer and see if you have regained your connection.

Link to post
Share on other sites

Here is log

2010/10/26 20:37:28.0203 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49

2010/10/26 20:37:28.0203 ================================================================================

2010/10/26 20:37:28.0203 SystemInfo:

2010/10/26 20:37:28.0203

2010/10/26 20:37:28.0203 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/26 20:37:28.0203 Product type: Workstation

2010/10/26 20:37:28.0203 ComputerName: MROOM

2010/10/26 20:37:28.0203 UserName: Nicole

2010/10/26 20:37:28.0203 Windows directory: C:\WINDOWS

2010/10/26 20:37:28.0203 System windows directory: C:\WINDOWS

2010/10/26 20:37:28.0203 Processor architecture: Intel x86

2010/10/26 20:37:28.0203 Number of processors: 4

2010/10/26 20:37:28.0203 Page size: 0x1000

2010/10/26 20:37:28.0203 Boot type: Normal boot

2010/10/26 20:37:28.0203 ================================================================================

2010/10/26 20:37:28.0500 Initialize success

2010/10/26 20:37:33.0125 ================================================================================

2010/10/26 20:37:33.0125 Scan started

2010/10/26 20:37:33.0125 Mode: Manual;

2010/10/26 20:37:33.0125 ================================================================================

2010/10/26 20:37:34.0078 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2010/10/26 20:37:34.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/26 20:37:34.0218 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/26 20:37:34.0281 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2010/10/26 20:37:34.0359 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/26 20:37:34.0437 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/10/26 20:37:34.0515 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/26 20:37:34.0562 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2010/10/26 20:37:34.0640 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2010/10/26 20:37:34.0703 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2010/10/26 20:37:34.0750 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2010/10/26 20:37:34.0796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2010/10/26 20:37:34.0890 Alidevice (2f17c06cda54bfbe13c4046b19055f7b) C:\WINDOWS\system32\drivers\Alidevice.sys

2010/10/26 20:37:34.0968 ALIEHCD (c5f267a1ea036a662e42691b790ca283) C:\WINDOWS\system32\Drivers\ALIEHCI.sys

2010/10/26 20:37:35.0031 alihub (c437810476529836b0329ef51a734aa6) C:\WINDOWS\system32\DRIVERS\AliHub.sys

2010/10/26 20:37:35.0140 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2010/10/26 20:37:35.0359 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2010/10/26 20:37:35.0640 aliroothub (8fae0ad01154140fa8e1da0eca833936) C:\WINDOWS\system32\DRIVERS\AliRtHub.sys

2010/10/26 20:37:35.0687 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2010/10/26 20:37:35.0750 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2010/10/26 20:37:35.0828 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/10/26 20:37:35.0890 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2010/10/26 20:37:35.0968 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2010/10/26 20:37:36.0015 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2010/10/26 20:37:36.0093 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/26 20:37:36.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/26 20:37:36.0250 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/26 20:37:36.0312 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/26 20:37:36.0421 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys

2010/10/26 20:37:36.0453 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys

2010/10/26 20:37:36.0546 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\WINDOWS\System32\Drivers\avgtdix.sys

2010/10/26 20:37:36.0609 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/26 20:37:36.0734 c2scsi (9a410a90f06a2812a24a164d896ea755) C:\WINDOWS\system32\drivers\c2scsi.sys

2010/10/26 20:37:36.0828 CamDrL (0f5ca31bb3fdb5c1e63c170cfbecc93b) C:\WINDOWS\system32\DRIVERS\Camdrl.sys

2010/10/26 20:37:36.0906 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2010/10/26 20:37:36.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/26 20:37:37.0031 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/26 20:37:37.0093 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2010/10/26 20:37:37.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/26 20:37:37.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/26 20:37:37.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/26 20:37:37.0390 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2010/10/26 20:37:37.0468 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2010/10/26 20:37:37.0531 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2010/10/26 20:37:37.0578 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2010/10/26 20:37:37.0703 DELL_A02 (42f8f6db03ef5c5a70d3bb0ba3273927) C:\WINDOWS\system32\DRIVERS\PRISMA02.sys

2010/10/26 20:37:37.0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/26 20:37:37.0906 DLABOIOM (d8d58a84f3ece3359df95fd2e459b330) C:\WINDOWS\system32\DLA\DLABOIOM.SYS

2010/10/26 20:37:37.0921 DLACDBHM (ec6ae8bc9f773382d2eed49e4dfdae2a) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS

2010/10/26 20:37:37.0953 DLADResN (27c78078bd9c4f2de2ad3eb04bfe101b) C:\WINDOWS\system32\DLA\DLADResN.SYS

2010/10/26 20:37:37.0968 DLAIFS_M (7f2d93e560b763ef5d11422d78da8ed0) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS

2010/10/26 20:37:38.0000 DLAOPIOM (f643637de6aac57e38d197aa63d9ea74) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS

2010/10/26 20:37:38.0015 DLAPoolM (340705474807f57a46d59d18fc2959f1) C:\WINDOWS\system32\DLA\DLAPoolM.SYS

2010/10/26 20:37:38.0031 DLARTL_N (0605b66052f82b6f07204dbdb61c13ff) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS

2010/10/26 20:37:38.0046 DLAUDFAM (6984ea763907c045ce813468882bc587) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS

2010/10/26 20:37:38.0093 DLAUDF_M (12b30c449cfd36adbed53eb6560933c6) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS

2010/10/26 20:37:38.0156 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/26 20:37:38.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/26 20:37:38.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/26 20:37:38.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/26 20:37:38.0343 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2010/10/26 20:37:38.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/26 20:37:38.0406 drvmcdb (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS

2010/10/26 20:37:38.0437 drvnddm (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS

2010/10/26 20:37:38.0484 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/10/26 20:37:38.0546 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2010/10/26 20:37:38.0609 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/26 20:37:38.0687 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/26 20:37:38.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/26 20:37:38.0812 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/26 20:37:38.0890 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/26 20:37:39.0015 FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys

2010/10/26 20:37:39.0187 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2010/10/26 20:37:39.0250 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/26 20:37:39.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/26 20:37:39.0406 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/26 20:37:39.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/26 20:37:39.0562 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/26 20:37:39.0625 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/26 20:37:39.0734 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2010/10/26 20:37:39.0812 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/26 20:37:39.0875 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/26 20:37:39.0937 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2010/10/26 20:37:39.0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/26 20:37:40.0187 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/26 20:37:40.0546 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys

2010/10/26 20:37:40.0656 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/26 20:37:40.0750 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2010/10/26 20:37:40.0906 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/26 20:37:41.0000 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/10/26 20:37:41.0046 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/26 20:37:41.0093 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/10/26 20:37:41.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/26 20:37:41.0187 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/26 20:37:41.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/26 20:37:41.0265 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/26 20:37:41.0296 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/26 20:37:41.0343 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/26 20:37:41.0390 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/26 20:37:41.0437 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/26 20:37:41.0500 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/26 20:37:41.0546 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/26 20:37:41.0781 LVcKap (9a3d4fc6b86e7e36473079ab76ac703d) C:\WINDOWS\system32\DRIVERS\LVcKap.sys

2010/10/26 20:37:41.0890 LVMVDrv (0acbc11f19320af6c19f2e20013d9095) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys

2010/10/26 20:37:41.0968 LVPr2Mon (12866641284ebb41e627bb53c04da959) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2010/10/26 20:37:42.0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/26 20:37:42.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/26 20:37:42.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/26 20:37:42.0375 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/26 20:37:42.0453 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/26 20:37:42.0515 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2010/10/26 20:37:42.0593 MRVW225 (b79f48ae900eb9e171f72c6e2fec2c55) C:\WINDOWS\system32\DRIVERS\MRVW225.sys

2010/10/26 20:37:42.0687 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/26 20:37:42.0750 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/26 20:37:42.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/26 20:37:42.0859 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/26 20:37:42.0906 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/26 20:37:42.0968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/26 20:37:43.0031 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/26 20:37:43.0093 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/26 20:37:43.0156 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/26 20:37:43.0234 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/26 20:37:43.0296 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/26 20:37:43.0375 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/26 20:37:43.0421 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/26 20:37:43.0484 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/26 20:37:43.0531 NdisWan (d618eedfdbe3c753c9bf82611427fad5) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/26 20:37:43.0546 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ndiswan.sys. Real md5: d618eedfdbe3c753c9bf82611427fad5, Fake md5: edc1531a49c80614b2cfda43ca8659ab

2010/10/26 20:37:43.0562 NdisWan - detected Forged file (1)

2010/10/26 20:37:43.0578 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/26 20:37:43.0656 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/26 20:37:43.0718 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/26 20:37:43.0812 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/10/26 20:37:43.0875 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/26 20:37:43.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/26 20:37:44.0062 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/26 20:37:44.0156 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/26 20:37:44.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/26 20:37:44.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/26 20:37:44.0500 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/26 20:37:44.0562 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/26 20:37:44.0625 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/26 20:37:44.0671 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/26 20:37:44.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/26 20:37:44.0859 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/26 20:37:45.0062 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2010/10/26 20:37:45.0140 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2010/10/26 20:37:45.0375 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/26 20:37:45.0578 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/26 20:37:45.0656 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/26 20:37:45.0703 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/26 20:37:45.0765 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2010/10/26 20:37:45.0812 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2010/10/26 20:37:45.0859 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2010/10/26 20:37:45.0921 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2010/10/26 20:37:46.0000 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2010/10/26 20:37:46.0062 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/26 20:37:46.0125 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/26 20:37:46.0203 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/26 20:37:46.0250 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/26 20:37:46.0328 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/26 20:37:46.0406 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/26 20:37:46.0468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/26 20:37:46.0562 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/26 20:37:46.0656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/26 20:37:46.0812 rt2870 (c2a6f7f35e617744a65dbfb0c0a64adc) C:\WINDOWS\system32\DRIVERS\rt2870.sys

2010/10/26 20:37:46.0906 RT61 (581e74880aeb1dba1cb5ac8e6e6c0a69) C:\WINDOWS\system32\DRIVERS\RT61.sys

2010/10/26 20:37:47.0015 RxFilter (80cae340f37b52d1cb75ff74e6a087cd) C:\WINDOWS\system32\DRIVERS\RxFilter.sys

2010/10/26 20:37:47.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/26 20:37:47.0187 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/26 20:37:47.0265 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/26 20:37:47.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/26 20:37:47.0421 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2010/10/26 20:37:47.0500 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/26 20:37:47.0578 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2010/10/26 20:37:47.0656 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/26 20:37:47.0750 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/26 20:37:47.0890 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/26 20:37:47.0968 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/26 20:37:48.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/26 20:37:48.0062 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/26 20:37:48.0109 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2010/10/26 20:37:48.0140 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2010/10/26 20:37:48.0156 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2010/10/26 20:37:48.0187 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2010/10/26 20:37:48.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/26 20:37:48.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/26 20:37:48.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/26 20:37:48.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/26 20:37:48.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/26 20:37:48.0546 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2010/10/26 20:37:48.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/26 20:37:48.0671 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2010/10/26 20:37:48.0718 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/26 20:37:48.0828 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/26 20:37:48.0890 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/26 20:37:48.0937 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/26 20:37:49.0015 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys

2010/10/26 20:37:49.0093 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/26 20:37:49.0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/26 20:37:49.0234 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2010/10/26 20:37:49.0312 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/26 20:37:49.0375 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/26 20:37:49.0437 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/26 20:37:49.0468 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/26 20:37:49.0500 Suspicious service (NoAccess): vbmaddc4

2010/10/26 20:37:49.0562 vbmaddc4 (6e8327c9b5f76e22d712b62c982c444c) C:\WINDOWS\system32\drivers\vbmaddc4.sys

2010/10/26 20:37:49.0593 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmaddc4.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/26 20:37:49.0609 vbmaddc4 - detected Locked service (1)

2010/10/26 20:37:49.0640 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/26 20:37:49.0718 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2010/10/26 20:37:49.0796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/26 20:37:49.0890 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/26 20:37:49.0937 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/26 20:37:50.0000 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/10/26 20:37:50.0109 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/26 20:37:50.0281 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/10/26 20:37:50.0390 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/26 20:37:50.0484 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/26 20:37:50.0546 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/26 20:37:50.0656 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/26 20:37:50.0671 ================================================================================

2010/10/26 20:37:50.0671 Scan finished

2010/10/26 20:37:50.0671 ================================================================================

2010/10/26 20:37:50.0687 Detected object count: 3

2010/10/26 20:38:40.0515 Forged file(NdisWan) - User select action: Skip

2010/10/26 20:38:40.0515 Locked service(vbmaddc4) - User select action: Skip

2010/10/26 20:38:40.0562 \HardDisk0\MBR - will be cured after reboot

2010/10/26 20:38:40.0562 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/26 20:38:43.0953 Deinitialize success

Link to post
Share on other sites

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the ABCD.exe ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Note:

If combofix (ABCD) won't run from the desktop, try running it from the USB device.

Note: Combofix will run without the Recovery Console installed.

[*]As part of it's process, combofix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

"copy/paste" a new HijackThis log file into this thread as well.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Are you getting a black box that opens?

If so, you need to give it some time to do it's thing. It can take up to 30 minutes to run.

delete the copy you have on your desktop and download a fresh copy but rename it to svchost.exe before saving it and try it again

Be sure to download and not just rena,e the one you have now

Link to post
Share on other sites

Please download Rootkit Unhooker and save it to your desktop.

  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

I think the infection has taken ownership of the tools we're trying to use.

Take ownership of ABCD.exe and C:\Combofix

To take ownership of a file or a folder

How to take ownership of a file

You must have ownership of a protected file in order to access it. If another user has restricted access and you are the computer administrator, you can access the file by taking ownership.

To take ownership of a file, follow these steps:

1. Right-click the file that you want to take ownership of, and then click Properties.

2. Click the Security tab, and then click OK on the Security message (if one appears).

3. Click Advanced, and then click the Owner tab.

4. In the Name list, click Your User Name, or Administrator, or click the Administrators group, and then click OK.

Your User Name, or administrator or the administrators group now owns the file.

To change the permissions on the file that you now own, follow these steps:

1. Click Add.

2. In the Enter the object names to select (examples) list, type the user or group account that you want to have access to the file. For example, type Administrator.

3. Click OK.

4. In the Group or user names list, click the account that you want, and then select the check boxes of the permissions that you want to assign that user.

5. When you are finished assigning permissions, click OK.

6. You can now access the file.

How to take ownership of a folder

You must have ownership of a protected folder in order to access it. If another user has restricted access and you are the computer administrator, you can access the folder by taking ownership.

To take ownership of a folder, follow these steps:

1. Right-click the folder that you want to take ownership of, and then click Properties.

2. Click the Security tab, and then click OK on the Security message (if one appears).

3. Click Advanced, and then click the Owner tab.

4. In the Name list, click your user name, or click Administrator if you are logged in as Administrator, or click the Administrators group. If you want to take ownership of the contents of the folder, select the Replace owner on subcontainers and objects check box.

5. Click OK, and then click Yes when you receive the following message:

You do not have permission to read the contents of directory folder name. Do you want to replace the directory permissions with permissions granting you Full Control?

All permissions will be replaced if you click Yes.

Note folder name is the name of the folder that you want to take ownership of.

6. Click OK, and then reapply the permissions and security settings that you want for the folder and its contents.

Link to post
Share on other sites

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=9c6496ee72bd244992bb3a9358ebd63d

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-29 06:55:56

# local_time=2010-10-29 02:55:56 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777191 100 0 20568924 20568924 0 0

# compatibility_mode=5892 16776574 100 100 20565901 128196630 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=150908

# found=5

# cleaned=4

# scan_time=2674

C:\TDSSKiller_Quarantine\27.10.2010_20.49.50\susp0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\27.10.2010_20.49.50\susp0001\svc0000\tsk0000.dta a variant of Win32/Rootkit.Agent.NTT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X7QR1K3D\uninstall[1] Win32/Adware.Antivirus2010 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YQ9JTUVW\script_card[1] Win32/Adware.Antivirus2010 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\ndiswan.sys a variant of Win32/Rootkit.Agent.NSF trojan (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.