jbsbdb Posted December 28, 2010 ID:366637 Share Posted December 28, 2010 Hello,Any help would sure be appreciated. My problems began with being redirected when clicking on Google search results.It progressed to Firefox not being able to connect to the internet or not opening at all. Shutdowns and startups are randomlyslow or not at all. Also no files appear in Control Panel at times. At times have seen this error " Generic Host Process for Win32has encountered a problem and needs to close..." Avira sometimes find a virus which is quarantined and deleted but comes back.Malwarebytes also at times has found problems but cannot get it to finish a scan at the moment (made 3 attempts), it encounters a problem and needs to close. When running Defogger, Finished message appeared, I clicked OK, but it did not ask to reboot. Also I've run Spybot S+D and Superantispyware. Spybot found something the first time and fixed it but finds nothing on subsequent scans.DDS.txtattach.zipark.zip Link to post Share on other sites More sharing options...
Maniac Posted December 28, 2010 ID:366749 Share Posted December 28, 2010 Hello jbsbdb! Welcome to Malwarebytes' Anti-Malware Forums!My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following: The process of cleaning your system may take some time, so please be patient.Follow my instructions step by step if there is a problem somewhere, stop and tell me.Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!If you don't know or can't understand something please ask. Do not install or uninstall any software or hardware, while work on.Keep me informed about any changes.Download TDSSKiller and save it to your Desktop.Extract its contents to your desktop.Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, change it to Cure and then click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.Click the Report button and copy/paste the contents of it into your next replyNote:It will also create a log in the C:\ directory. Link to post Share on other sites More sharing options...
jbsbdb Posted December 28, 2010 Author ID:366763 Share Posted December 28, 2010 Thank you for looking at my problem. Here is the report from the scan.2010/12/28 09:02:25.0109 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:462010/12/28 09:02:25.0109 ================================================================================2010/12/28 09:02:25.0109 SystemInfo:2010/12/28 09:02:25.0109 2010/12/28 09:02:25.0109 OS Version: 5.1.2600 ServicePack: 2.02010/12/28 09:02:25.0109 Product type: Workstation2010/12/28 09:02:25.0109 ComputerName: JOHN2010/12/28 09:02:25.0109 UserName: sjb2010/12/28 09:02:25.0109 Windows directory: C:\WINDOWS2010/12/28 09:02:25.0109 System windows directory: C:\WINDOWS2010/12/28 09:02:25.0109 Processor architecture: Intel x862010/12/28 09:02:25.0109 Number of processors: 42010/12/28 09:02:25.0109 Page size: 0x10002010/12/28 09:02:25.0109 Boot type: Normal boot2010/12/28 09:02:25.0109 ================================================================================2010/12/28 09:02:25.0296 Initialize success2010/12/28 09:02:29.0687 ================================================================================2010/12/28 09:02:29.0687 Scan started2010/12/28 09:02:29.0687 Mode: Manual; 2010/12/28 09:02:29.0687 ================================================================================2010/12/28 09:02:30.0671 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS2010/12/28 09:02:30.0796 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys2010/12/28 09:02:30.0812 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys2010/12/28 09:02:30.0828 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys2010/12/28 09:02:30.0875 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys2010/12/28 09:02:30.0921 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys2010/12/28 09:02:30.0953 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys2010/12/28 09:02:30.0968 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys2010/12/28 09:02:30.0984 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys2010/12/28 09:02:31.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys2010/12/28 09:02:31.0093 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys2010/12/28 09:02:31.0125 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys2010/12/28 09:02:31.0125 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys2010/12/28 09:02:31.0140 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys2010/12/28 09:02:31.0156 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys2010/12/28 09:02:31.0203 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys2010/12/28 09:02:31.0218 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys2010/12/28 09:02:31.0234 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys2010/12/28 09:02:31.0265 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys2010/12/28 09:02:31.0296 atapi (40caace7f2e7668148a1d45cf91e1131) C:\WINDOWS\system32\DRIVERS\atapi.sys2010/12/28 09:02:31.0453 ati2mtag (b63516824da0d8b9ad136e6e044a795f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys2010/12/28 09:02:31.0515 AtiHdmiService (eaece4a0d90d6e1fbe068cce9efd73a0) C:\WINDOWS\system32\drivers\AtiHdmi.sys2010/12/28 09:02:31.0546 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys2010/12/28 09:02:31.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys2010/12/28 09:02:31.0703 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys2010/12/28 09:02:31.0765 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys2010/12/28 09:02:31.0828 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys2010/12/28 09:02:31.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys2010/12/28 09:02:31.0937 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys2010/12/28 09:02:31.0953 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys2010/12/28 09:02:31.0968 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys2010/12/28 09:02:32.0000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys2010/12/28 09:02:32.0000 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys2010/12/28 09:02:32.0031 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys2010/12/28 09:02:32.0109 cmdGuard (bbe9f023dfd2c4d2755da3fa47e4da08) C:\WINDOWS\system32\DRIVERS\cmdguard.sys2010/12/28 09:02:32.0156 cmdHlp (111e6755acb5f236e2465e24508f6367) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys2010/12/28 09:02:32.0187 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys2010/12/28 09:02:32.0250 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys2010/12/28 09:02:32.0296 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys2010/12/28 09:02:32.0312 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys2010/12/28 09:02:32.0328 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys2010/12/28 09:02:32.0375 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys2010/12/28 09:02:32.0406 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys2010/12/28 09:02:32.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys2010/12/28 09:02:32.0500 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys2010/12/28 09:02:32.0531 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys2010/12/28 09:02:32.0562 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys2010/12/28 09:02:32.0578 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys2010/12/28 09:02:32.0656 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys2010/12/28 09:02:32.0703 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys2010/12/28 09:02:32.0734 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys2010/12/28 09:02:32.0781 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys2010/12/28 09:02:32.0796 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys2010/12/28 09:02:32.0843 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys2010/12/28 09:02:32.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys2010/12/28 09:02:32.0937 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys2010/12/28 09:02:32.0968 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys2010/12/28 09:02:33.0000 HDAudBus (e31363d186b3e1d7c4e9117884a6aee5) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys2010/12/28 09:02:33.0046 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys2010/12/28 09:02:33.0093 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys2010/12/28 09:02:33.0125 HSFHWBS2 (ac04fc91b57b27086ccf02086fd3f4cb) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys2010/12/28 09:02:33.0187 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys2010/12/28 09:02:33.0250 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys2010/12/28 09:02:33.0328 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys2010/12/28 09:02:33.0359 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys2010/12/28 09:02:33.0390 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys2010/12/28 09:02:33.0515 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys2010/12/28 09:02:33.0703 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys2010/12/28 09:02:33.0750 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys2010/12/28 09:02:33.0781 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys2010/12/28 09:02:33.0812 Inspect (343ac4733c1e8b7ab6454178e4fcd4ad) C:\WINDOWS\system32\DRIVERS\inspect.sys2010/12/28 09:02:33.0937 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys2010/12/28 09:02:34.0062 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys2010/12/28 09:02:34.0093 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys2010/12/28 09:02:34.0125 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys2010/12/28 09:02:34.0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys2010/12/28 09:02:34.0156 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys2010/12/28 09:02:34.0203 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys2010/12/28 09:02:34.0218 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys2010/12/28 09:02:34.0250 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys2010/12/28 09:02:34.0281 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys2010/12/28 09:02:34.0296 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys2010/12/28 09:02:34.0375 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys2010/12/28 09:02:34.0406 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys2010/12/28 09:02:34.0453 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys2010/12/28 09:02:34.0515 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys2010/12/28 09:02:34.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys2010/12/28 09:02:34.0562 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys2010/12/28 09:02:34.0578 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys2010/12/28 09:02:34.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys2010/12/28 09:02:34.0609 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys2010/12/28 09:02:34.0640 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys2010/12/28 09:02:34.0687 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys2010/12/28 09:02:34.0750 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys2010/12/28 09:02:34.0781 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys2010/12/28 09:02:34.0828 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys2010/12/28 09:02:34.0859 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys2010/12/28 09:02:34.0875 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys2010/12/28 09:02:34.0906 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys2010/12/28 09:02:34.0921 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys2010/12/28 09:02:34.0953 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys2010/12/28 09:02:34.0968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys2010/12/28 09:02:35.0031 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys2010/12/28 09:02:35.0062 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys2010/12/28 09:02:35.0078 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys2010/12/28 09:02:35.0109 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys2010/12/28 09:02:35.0140 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys2010/12/28 09:02:35.0187 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys2010/12/28 09:02:35.0250 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys2010/12/28 09:02:35.0281 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys2010/12/28 09:02:35.0343 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys2010/12/28 09:02:35.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys2010/12/28 09:02:35.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys2010/12/28 09:02:35.0500 PalmUSBD (803cf09c795290825607505d37819135) C:\WINDOWS\system32\drivers\PalmUSBD.sys2010/12/28 09:02:35.0546 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys2010/12/28 09:02:35.0578 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys2010/12/28 09:02:35.0593 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys2010/12/28 09:02:35.0609 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys2010/12/28 09:02:35.0640 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys2010/12/28 09:02:35.0671 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys2010/12/28 09:02:35.0734 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys2010/12/28 09:02:35.0765 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys2010/12/28 09:02:35.0859 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys2010/12/28 09:02:35.0890 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys2010/12/28 09:02:35.0906 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys2010/12/28 09:02:35.0921 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys2010/12/28 09:02:35.0953 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys2010/12/28 09:02:35.0968 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys2010/12/28 09:02:36.0000 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys2010/12/28 09:02:36.0015 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys2010/12/28 09:02:36.0046 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys2010/12/28 09:02:36.0078 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys2010/12/28 09:02:36.0093 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys2010/12/28 09:02:36.0109 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys2010/12/28 09:02:36.0125 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys2010/12/28 09:02:36.0171 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys2010/12/28 09:02:36.0187 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys2010/12/28 09:02:36.0203 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys2010/12/28 09:02:36.0265 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys2010/12/28 09:02:36.0343 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys2010/12/28 09:02:36.0468 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS2010/12/28 09:02:36.0500 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS2010/12/28 09:02:36.0515 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys2010/12/28 09:02:36.0593 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys2010/12/28 09:02:36.0687 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys2010/12/28 09:02:36.0703 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys2010/12/28 09:02:36.0750 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys2010/12/28 09:02:36.0796 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys2010/12/28 09:02:36.0828 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys2010/12/28 09:02:36.0859 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys2010/12/28 09:02:36.0906 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys2010/12/28 09:02:36.0953 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys2010/12/28 09:02:37.0000 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys2010/12/28 09:02:37.0031 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys2010/12/28 09:02:37.0109 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys2010/12/28 09:02:37.0156 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys2010/12/28 09:02:37.0265 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys2010/12/28 09:02:37.0359 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys2010/12/28 09:02:37.0375 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys2010/12/28 09:02:37.0421 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys2010/12/28 09:02:37.0484 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys2010/12/28 09:02:37.0531 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys2010/12/28 09:02:37.0593 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys2010/12/28 09:02:37.0625 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys2010/12/28 09:02:37.0656 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys2010/12/28 09:02:37.0703 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys2010/12/28 09:02:37.0718 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys2010/12/28 09:02:37.0750 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys2010/12/28 09:02:37.0812 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys2010/12/28 09:02:37.0843 usbehci (708579b01fed227aadb393cb0c3b4a2c) C:\WINDOWS\system32\DRIVERS\usbehci.sys2010/12/28 09:02:37.0859 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys2010/12/28 09:02:37.0906 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys2010/12/28 09:02:37.0937 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys2010/12/28 09:02:38.0015 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS2010/12/28 09:02:38.0031 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys2010/12/28 09:02:38.0046 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys2010/12/28 09:02:38.0078 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys2010/12/28 09:02:38.0109 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys2010/12/28 09:02:38.0140 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys2010/12/28 09:02:38.0187 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys2010/12/28 09:02:38.0250 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys2010/12/28 09:02:38.0296 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys2010/12/28 09:02:38.0484 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys2010/12/28 09:02:38.0531 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys2010/12/28 09:02:38.0562 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys2010/12/28 09:02:38.0578 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys2010/12/28 09:02:38.0640 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2010/12/28 09:02:38.0640 ================================================================================2010/12/28 09:02:38.0640 Scan finished2010/12/28 09:02:38.0640 ================================================================================2010/12/28 09:02:38.0671 Detected object count: 12010/12/28 09:03:47.0218 \HardDisk0 - will be cured after reboot2010/12/28 09:03:47.0218 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/12/28 09:04:18.0062 Deinitialize successand the report from after the reboot2010/12/28 09:06:20.0406 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:462010/12/28 09:06:20.0406 ================================================================================2010/12/28 09:06:20.0406 SystemInfo:2010/12/28 09:06:20.0406 2010/12/28 09:06:20.0406 OS Version: 5.1.2600 ServicePack: 2.02010/12/28 09:06:20.0406 Product type: Workstation2010/12/28 09:06:20.0406 ComputerName: JOHN2010/12/28 09:06:20.0406 UserName: sjb2010/12/28 09:06:20.0406 Windows directory: C:\WINDOWS2010/12/28 09:06:20.0406 System windows directory: C:\WINDOWS2010/12/28 09:06:20.0406 Processor architecture: Intel x862010/12/28 09:06:20.0406 Number of processors: 42010/12/28 09:06:20.0406 Page size: 0x10002010/12/28 09:06:20.0406 Boot type: Normal boot2010/12/28 09:06:20.0406 ================================================================================2010/12/28 09:06:20.0625 Initialize success Link to post Share on other sites More sharing options...
Maniac Posted December 28, 2010 ID:366865 Share Posted December 28, 2010 **Note: If you need more detailed information, please visit the web page of ComboFix in BleepingComputer. **Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper. Please download ComboFix from Here or Here to your Desktop. **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop** If you are using Firefox, make sure that your download settings are as follows: Open Tools -> Options -> Main tab Set to Always ask me where to Save the files. [*]During the download, rename Combofix to Combo-Fix as follows: [*]It is important you rename Combofix during the download, but not after. [*]Please do not rename Combofix to other names, but only to the one indicated. [*]Close any open browsers. [*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. ----------------------------------------------------------- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask. ----------------------------------------------------------- Close any open browsers. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished. If there is no internet connection after running Combofix, then restart your computer to restore back your connection. ----------------------------------------------------------- [*]Double click on combo-Fix.exe & follow the prompts. [*]When finished, it will produce a report for you. [*]Please post the C:\Combo-Fix.txt for further review. **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall** Link to post Share on other sites More sharing options...
jbsbdb Posted December 29, 2010 Author ID:367026 Share Posted December 29, 2010 Ok, here is the ComboFix log file. When told by ComboFix that my machine did not have Microsoft WindowsRecovery Console installed and asked if I wanted it installed I said No.ComboFix 10-12-26.01 - sjb 12/28/2010 20:33:53.1.4 - x86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3326.2880 [GMT -6:00]Running from: c:\documents and settings\sjb\Desktop\Combo-Fix.exeAV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\windows\system32\Oeminfo.inic:\windows\ucolodmp.dll.((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-29 ))))))))))))))))))))))))))))))).2010-12-28 14:43 . 2010-12-28 14:51 -------- d-----w- c:\documents and settings\sjb\Application Data\DVD Flick2010-12-28 04:39 . 2010-12-28 04:39 -------- d-----w- c:\documents and settings\sjb\Application Data\Malwarebytes2010-12-28 04:23 . 2010-12-28 04:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip2010-12-28 02:41 . 2010-12-28 02:41 -------- d-----w- c:\documents and settings\sjb\Application Data\Avira2010-12-28 01:08 . 2010-12-28 01:08 -------- d--h--w- c:\windows\PIF2010-12-28 01:08 . 2010-12-28 07:30 -------- d-----w- C:\Adobe2010-12-28 01:08 . 2010-12-28 01:08 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP2010-12-28 01:08 . 2010-12-28 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools2010-12-04 22:29 . 2010-12-04 22:29 -------- d-----w- c:\program files\JMF2.1.1e2010-12-04 22:28 . 2010-12-04 22:28 -------- d-----w- c:\program files\AT&T2010-12-04 03:32 . 2009-08-07 01:23 274288 ----a-w- c:\windows\system32\mucltui.dll2010-12-04 03:32 . 2009-08-07 01:23 215920 ----a-w- c:\windows\system32\muweb.dll2010-12-01 23:57 . 2010-12-01 23:57 -------- d-----w- c:\program files\Microsoft Silverlight.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2010-12-21 14:08 . 2009-05-02 18:45 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys2010-11-26 12:55 . 2009-05-02 18:45 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]c:\documents and settings\jbb\Start Menu\Programs\Startup\HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2002-8-9 299008]c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-11 50688]WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584][hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]2008-10-04 18:58 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]2008-12-11 13:38 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2004-10-13 16:24 1694208 --sh--w- c:\program files\Messenger\msmsgs.exe[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"=[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [9/10/2010 11:40 PM 25240]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/22/2008 11:06 AM 8944]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 11:05 AM 55024]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/2/2009 12:45 PM 135336]S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [12/11/2008 7:38 AM 30192]S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 11:06 AM 7408].Contents of the 'Scheduled Tasks' folder2010-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]..------- Supplementary Scan -------.uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081211mStart Page = hxxp://www.dell.commSearch Bar = hxxp://www.google.com/ieuInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081211uSearchAssistant = hxxp://www.google.com/ieuSearchURL,(Default) = hxxp://www.google.com/search/?q=%sFF - ProfilePath - c:\documents and settings\sjb\Application Data\Mozilla\Firefox\Profiles\ry773xb5.default\FF - prefs.js: browser.startup.homepage - hxxp://www.google.comFF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ffFF - Ext: IE Tab Plus: ietab@ip.cn - %profile%\extensions\ietab@ip.cn.- - - - ORPHANS REMOVED - - - -HKCU-Run-QuickTime Task - c:\program files\QuickTime\QTTask.exeHKU-Default-Run-Mxususikunoses - c:\windows\ucolodmp.dllMSConfigStartUp-Reminder - c:\program files\Microsoft Money\System\reminder.exeMSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeMSConfigStartUp-{0228e555-4f9c-4e35-a3ec-b109a192b4c2} - c:\program files\Google\Gmail Notifier\gnotify.exe**************************************************************************catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2010-12-28 20:39Windows 5.1.2600 Service Pack 2 NTFSdetected NTDLL code modification:ZwClose, ZwOpenFilescanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfullyhidden files: 0**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------- - - - - - - > 'winlogon.exe'(780)c:\program files\SUPERAntiSpyware\SASWINLO.dllc:\windows\system32\Ati2evxx.dll- - - - - - - > 'lsass.exe'(836)c:\windows\system32\guard32.dll- - - - - - - > 'explorer.exe'(756)c:\windows\system32\guard32.dllc:\windows\system32\WPDShServiceObj.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\COMODO\COMODO Internet Security\cmdagent.exec:\windows\system32\Ati2evxx.exec:\program files\Avira\AntiVir Desktop\avguard.exec:\program files\Java\jre6\bin\jqs.exec:\program files\Dell Support Center\bin\sprtsvc.exec:\program files\Avira\AntiVir Desktop\avshadow.exec:\windows\RTHDCPL.EXEc:\program files\ATI Technologies\ATI.ACE\CLI.EXEc:\program files\ATI Technologies\ATI.ACE\cli.exec:\windows\system32\wbem\wmiapsrv.exec:\windows\system32\wscntfy.exe.**************************************************************************.Completion time: 2010-12-28 20:41:09 - machine was rebootedComboFix-quarantined-files.txt 2010-12-29 02:41Pre-Run: 473,820,831,744 bytes freePost-Run: 474,089,447,424 bytes free- - End Of File - - CEAC38AA6F369E0042D48C535AE7500E Link to post Share on other sites More sharing options...
Maniac Posted December 29, 2010 ID:367128 Share Posted December 29, 2010 How are things now? Link to post Share on other sites More sharing options...
jbsbdb Posted December 29, 2010 Author ID:367143 Share Posted December 29, 2010 Things seem to be back to normal. When Combofix informed me Microsoft Windows Recovery Console was not installed should I havelet it install it? If so, can I run ComboFix again just to have it install the Recovery Console? Link to post Share on other sites More sharing options...
Maniac Posted December 29, 2010 ID:367150 Share Posted December 29, 2010 Recovery Console is used most often to help remove stubborn malware, but you have no such problem.Last steps:Step 1Go to Start => Run... and copy & paste next command in the field:ComboFix /uninstallThen hit Enter button.This procedure will do the following:Uninstall ComboFixDelete its related folders and filesReset your clock settingsHide file extensionsHide the system/hidden filesResets System Restore againP.S.: Make sure there's a space between ComboFix and /uninstallStep 2Please manually delete TDSSKiller, GMER and DDS.Step 3Keep your software up-to-date:http://www.bleepingcomputer.com/tutorials/tutorial174.htmlSome malware preventions:http://forums.malwarebytes.org/index.php?showtopic=9365Safe surfing! Link to post Share on other sites More sharing options...
LDTate Posted January 3, 2011 ID:369354 Share Posted January 3, 2011 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts