Jump to content

Recommended Posts

I've picked up malware calling itself Antivirus Scan. Usual fare, blocking me from opening programs, websites, and keeps opening fake porn websites to try to convince me it's on my side. I'm able to open Malwarebytes easily enough so long as I do it quickly, but I've run the quick scan and full scan several times and it isn't picking anything up. It won't let me onto any websites at all, I'm accessing this through a different computer, so I don't see a way to post my HJT logs or download any other programs that might help. I am able to open HJT and Rootrepeal, so I hope there is a way to use them to fix it without posting the logs on here.

Link to post
Share on other sites

:lol:

Please don't attach the scan results, use Copy/Paste

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

If the tool won't run from the desktop, try running it from the USB device.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

Why didn't I think of transfering things with a flash drive?

GooredFix by jpshortstuff (03.07.10.1)

Log created at 09:24 on 29/12/2010 (USER)

Firefox version [unable to determine]

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{A48BC318-6D34-4961-9B6B-4652B574BF5D} -> Success!

Deleting C:\Documents and Settings\USER\Local Settings\Application Data\{A48BC318-6D34-4961-9B6B-4652B574BF5D} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:44 26/10/2009]

-=E.O.F=-

Heres the TDSS Killer log:

2010/12/29 09:24:42.0468 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46

2010/12/29 09:24:42.0468 ================================================================================

2010/12/29 09:24:42.0468 SystemInfo:

2010/12/29 09:24:42.0468

2010/12/29 09:24:42.0468 OS Version: 5.1.2600 ServicePack: 3.0

2010/12/29 09:24:42.0468 Product type: Workstation

2010/12/29 09:24:42.0468 ComputerName: YOUR-F19A8D350F

2010/12/29 09:24:42.0468 UserName: USER

2010/12/29 09:24:42.0468 Windows directory: C:\WINDOWS

2010/12/29 09:24:42.0468 System windows directory: C:\WINDOWS

2010/12/29 09:24:42.0468 Processor architecture: Intel x86

2010/12/29 09:24:42.0468 Number of processors: 1

2010/12/29 09:24:42.0468 Page size: 0x1000

2010/12/29 09:24:42.0468 Boot type: Normal boot

2010/12/29 09:24:42.0468 ================================================================================

2010/12/29 09:24:48.0484 Initialize success

2010/12/29 09:27:12.0531 ================================================================================

2010/12/29 09:27:12.0531 Scan started

2010/12/29 09:27:12.0531 Mode: Manual;

2010/12/29 09:27:12.0531 ================================================================================

2010/12/29 09:27:14.0203 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/12/29 09:27:14.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/12/29 09:27:14.0468 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/12/29 09:27:14.0593 AegisP (076394a345ee5e9e3911fc0f058f4f38) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/12/29 09:27:14.0718 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/12/29 09:27:14.0968 AgereSoftModem (b894a08f2a01e27c1989c31c96fdde83) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2010/12/29 09:27:15.0750 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/12/29 09:27:16.0453 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/12/29 09:27:16.0843 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/12/29 09:27:16.0953 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys

2010/12/29 09:27:17.0593 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/12/29 09:27:17.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/12/29 09:27:18.0171 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2010/12/29 09:27:18.0203 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2010/12/29 09:27:18.0531 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/12/29 09:27:19.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/12/29 09:27:19.0296 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/12/29 09:27:19.0578 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/12/29 09:27:20.0109 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/12/29 09:27:20.0562 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/12/29 09:27:21.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/12/29 09:27:22.0328 DKbFltr (75ad9beb6d4b6bbcb39bfaba454ea05a) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys

2010/12/29 09:27:22.0875 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/12/29 09:27:23.0234 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/12/29 09:27:23.0609 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/12/29 09:27:23.0968 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/12/29 09:27:24.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/12/29 09:27:24.0796 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys

2010/12/29 09:27:24.0984 EpmShd (88a8301b73670f89054a33fc7d291eff) C:\WINDOWS\system32\drivers\epm-shd.sys

2010/12/29 09:27:25.0234 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/12/29 09:27:25.0515 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/12/29 09:27:26.0031 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/12/29 09:27:26.0421 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/12/29 09:27:26.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/12/29 09:27:27.0078 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/12/29 09:27:27.0156 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/12/29 09:27:27.0265 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/12/29 09:27:27.0437 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/12/29 09:27:27.0609 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/12/29 09:27:27.0734 hwdatacard (8adf5ef39e896a65beded878494ee2b6) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2010/12/29 09:27:28.0015 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/12/29 09:27:28.0109 ialm (b076eb745ec3c669d4ae953225366f1d) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/12/29 09:27:28.0296 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/12/29 09:27:28.0421 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2010/12/29 09:27:28.0531 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/12/29 09:27:28.0640 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/12/29 09:27:28.0765 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/12/29 09:27:28.0859 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/12/29 09:27:29.0000 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/12/29 09:27:29.0156 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/12/29 09:27:29.0265 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/12/29 09:27:29.0375 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/12/29 09:27:29.0734 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/12/29 09:27:29.0906 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys

2010/12/29 09:27:30.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/12/29 09:27:30.0187 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/12/29 09:27:30.0328 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/12/29 09:27:30.0656 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\WINDOWS\system32\drivers\mbam.sys

2010/12/29 09:27:30.0812 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/12/29 09:27:31.0015 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/12/29 09:27:31.0171 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/12/29 09:27:31.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/12/29 09:27:31.0500 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/12/29 09:27:31.0906 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/12/29 09:27:32.0109 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/12/29 09:27:32.0234 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/12/29 09:27:32.0515 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/12/29 09:27:32.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/12/29 09:27:32.0625 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/12/29 09:27:32.0687 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/12/29 09:27:32.0812 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/12/29 09:27:33.0000 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/12/29 09:27:33.0078 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/12/29 09:27:33.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/12/29 09:27:33.0343 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/12/29 09:27:33.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/12/29 09:27:33.0609 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/12/29 09:27:33.0718 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/12/29 09:27:33.0828 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/12/29 09:27:33.0953 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/12/29 09:27:34.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/12/29 09:27:34.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/12/29 09:27:34.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/12/29 09:27:34.0531 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/12/29 09:27:34.0656 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/12/29 09:27:34.0781 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/12/29 09:27:34.0875 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/12/29 09:27:34.0953 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/12/29 09:27:35.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/12/29 09:27:35.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/12/29 09:27:35.0390 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/12/29 09:27:36.0031 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/12/29 09:27:36.0203 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/12/29 09:27:36.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/12/29 09:27:36.0718 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/12/29 09:27:36.0890 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/12/29 09:27:37.0000 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/12/29 09:27:37.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/12/29 09:27:37.0296 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/12/29 09:27:37.0812 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/12/29 09:27:37.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/12/29 09:27:37.0968 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/12/29 09:27:38.0078 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/12/29 09:27:38.0187 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/12/29 09:27:38.0312 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2010/12/29 09:27:38.0390 s24trans (3c34cc2d5a8c4d6dc8afc6516ce14e99) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/12/29 09:27:38.0546 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/12/29 09:27:38.0718 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/12/29 09:27:38.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/12/29 09:27:39.0093 SMCIRDA (a8eb0aa07632a4c936ff6f8eda5bdead) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2010/12/29 09:27:39.0281 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/12/29 09:27:39.0390 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/12/29 09:27:39.0609 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/12/29 09:27:39.0734 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/12/29 09:27:39.0812 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/12/29 09:27:40.0046 SynTP (dd43def41a17e8167362d6493d11ae80) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/12/29 09:27:40.0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/12/29 09:27:40.0328 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/12/29 09:27:40.0562 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/12/29 09:27:40.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/12/29 09:27:40.0796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/12/29 09:27:40.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/12/29 09:27:41.0234 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/12/29 09:27:41.0375 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/12/29 09:27:41.0484 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/12/29 09:27:41.0687 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/12/29 09:27:41.0812 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/12/29 09:27:41.0890 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/12/29 09:27:42.0062 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys

2010/12/29 09:27:42.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/12/29 09:27:42.0500 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/12/29 09:27:42.0968 w29n51 (960ce9b896750cc02fe5f1103cc23460) C:\WINDOWS\system32\DRIVERS\w29n51.sys

2010/12/29 09:27:43.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/12/29 09:27:43.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/12/29 09:27:43.0625 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/12/29 09:27:43.0750 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/12/29 09:27:43.0843 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/12/29 09:27:44.0031 {6080A529-897E-4629-A488-ABA0C29B635E} (61002db7b6efb5711685b9d79b8e8ce6) C:\WINDOWS\system32\drivers\ialmsbw.sys

2010/12/29 09:27:44.0125 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (35ce2baa708ea038ab72359de87bab87) C:\WINDOWS\system32\drivers\ialmkchw.sys

2010/12/29 09:27:44.0203 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} (36e942c48ff453926dfc3956f5804e69) C:\WINDOWS\system32\drivers\wA301a.sys

2010/12/29 09:27:44.0250 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/12/29 09:27:44.0390 ================================================================================

2010/12/29 09:27:44.0390 Scan finished

2010/12/29 09:27:44.0390 ================================================================================

2010/12/29 09:27:44.0406 Detected object count: 1

2010/12/29 09:28:04.0593 \HardDisk0 - will be cured after reboot

2010/12/29 09:28:04.0593 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/12/29 09:28:13.0765 Deinitialize success

It isn't gone yet, it's still blocking programs from opening and popping up with warnings.

Link to post
Share on other sites

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.