Jump to content

Recommended Posts

I can not cure this infection. I have used an AV program. Malwarebytes will only run in safe mode. I get occasional popups saying that Google installer must close. The computer is running slower.

I have run Malwarebytes in safe mode and generated a log.

I have run GMER in normal mode and generated a log.

DDS freezes up in both safe and normal modes.

I have attached the Malwarebytes and GMER log.

Any help is greatly welcome.

mbam-log-2011-03-21 (00-23-02).zip

Link to post
Share on other sites

:welcome:

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Here is a copy of the TDSSKiller log. At the moment, the computer is behaving normally.

2011/03/21 14:35:29.0593 1904 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/21 14:35:29.0875 1904 ================================================================================

2011/03/21 14:35:29.0875 1904 SystemInfo:

2011/03/21 14:35:29.0875 1904

2011/03/21 14:35:29.0875 1904 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/21 14:35:29.0875 1904 Product type: Workstation

2011/03/21 14:35:29.0875 1904 ComputerName: TOSHIBA-USER

2011/03/21 14:35:29.0875 1904 UserName: Just

2011/03/21 14:35:29.0875 1904 Windows directory: C:\WINDOWS

2011/03/21 14:35:29.0875 1904 System windows directory: C:\WINDOWS

2011/03/21 14:35:29.0875 1904 Processor architecture: Intel x86

2011/03/21 14:35:29.0875 1904 Number of processors: 2

2011/03/21 14:35:29.0875 1904 Page size: 0x1000

2011/03/21 14:35:29.0875 1904 Boot type: Normal boot

2011/03/21 14:35:29.0875 1904 ================================================================================

2011/03/21 14:35:30.0609 1904 Initialize success

2011/03/21 14:35:33.0796 2476 ================================================================================

2011/03/21 14:35:33.0796 2476 Scan started

2011/03/21 14:35:33.0796 2476 Mode: Manual;

2011/03/21 14:35:33.0796 2476 ================================================================================

2011/03/21 14:35:35.0109 2476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/21 14:35:35.0171 2476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2011/03/21 14:35:35.0265 2476 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys

2011/03/21 14:35:35.0468 2476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/21 14:35:35.0546 2476 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/21 14:35:35.0687 2476 AgereSoftModem (052343cd49c8da20c48958cfe73c7d44) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/03/21 14:35:35.0953 2476 ALCXSENS (fbbcb95f677cbaa924140b6ea2d9a97b) C:\WINDOWS\system32\drivers\ALCXSENS.SYS

2011/03/21 14:35:36.0281 2476 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/03/21 14:35:36.0578 2476 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2011/03/21 14:35:36.0671 2476 AR5211 (b38fbcd95b8e4c130cf78a1df7f04523) C:\WINDOWS\system32\DRIVERS\ar5211.sys

2011/03/21 14:35:36.0750 2476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/03/21 14:35:36.0968 2476 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/03/21 14:35:37.0015 2476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/21 14:35:37.0078 2476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/21 14:35:37.0218 2476 ati2mtag (4938ad74de9088f70922fabf86912eee) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/03/21 14:35:37.0546 2476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/21 14:35:37.0828 2476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/21 14:35:38.0015 2476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/21 14:35:38.0093 2476 caboagp (10d5fb74ee18ea49c30daaa203c0e0ec) C:\WINDOWS\system32\DRIVERS\atisgkaf.sys

2011/03/21 14:35:38.0250 2476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/21 14:35:38.0328 2476 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/21 14:35:38.0437 2476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/21 14:35:38.0484 2476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/21 14:35:38.0640 2476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/21 14:35:38.0750 2476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2011/03/21 14:35:38.0843 2476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/03/21 14:35:39.0015 2476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/21 14:35:39.0109 2476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/21 14:35:39.0218 2476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/21 14:35:39.0296 2476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/21 14:35:39.0390 2476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/21 14:35:39.0484 2476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/21 14:35:39.0546 2476 drvmcdb (19f07389ade563b46e99626fd675070d) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/03/21 14:35:39.0593 2476 drvnddm (0ffe2f06e9103a4fbd5e6418ca044d1c) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/03/21 14:35:39.0687 2476 ECioctl (5dd48ec0d82b708857eedd5a59be5bc5) C:\WINDOWS\system32\Drivers\ECioctl.sys

2011/03/21 14:35:39.0859 2476 EMSCR (a1ccdcb2e1eb8a6c3af879463ba2be89) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys

2011/03/21 14:35:39.0953 2476 EPOWER (0b07768ae046f9ed6a75e5bc75660828) C:\WINDOWS\system32\Drivers\hkdrv.sys

2011/03/21 14:35:40.0125 2476 ESDCR (ec2a61fabd6f311d2a8596c280efba6f) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys

2011/03/21 14:35:40.0187 2476 ESMCR (328c7b07f4be4826d33b826396305686) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys

2011/03/21 14:35:40.0328 2476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/21 14:35:40.0406 2476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/03/21 14:35:40.0437 2476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/21 14:35:40.0484 2476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/03/21 14:35:40.0562 2476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/21 14:35:40.0671 2476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/21 14:35:40.0734 2476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/21 14:35:40.0781 2476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/21 14:35:40.0843 2476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/21 14:35:40.0968 2476 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/03/21 14:35:41.0031 2476 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/03/21 14:35:41.0156 2476 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/03/21 14:35:41.0265 2476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/21 14:35:41.0406 2476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/21 14:35:41.0453 2476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/21 14:35:41.0593 2476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/21 14:35:41.0640 2476 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/21 14:35:41.0828 2476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/21 14:35:41.0890 2476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/21 14:35:41.0984 2476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/21 14:35:42.0031 2476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/21 14:35:42.0078 2476 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2011/03/21 14:35:42.0125 2476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/21 14:35:42.0218 2476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/21 14:35:42.0281 2476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/21 14:35:42.0343 2476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/21 14:35:42.0468 2476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/21 14:35:42.0593 2476 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

2011/03/21 14:35:42.0718 2476 meiudf (766a1d242f4390ddf1243084898a20c9) C:\WINDOWS\system32\Drivers\meiudf.sys

2011/03/21 14:35:42.0781 2476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/21 14:35:42.0875 2476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/21 14:35:42.0921 2476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/21 14:35:42.0968 2476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/21 14:35:43.0000 2476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/21 14:35:43.0078 2476 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2011/03/21 14:35:43.0406 2476 MpKsl7e449913 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2079AB41-124B-4FB9-85F3-A8F9BD6B9951}\MpKsl7e449913.sys

2011/03/21 14:35:43.0500 2476 MpKsl98f67897 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2079AB41-124B-4FB9-85F3-A8F9BD6B9951}\MpKsl98f67897.sys

2011/03/21 14:35:43.0796 2476 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

2011/03/21 14:35:43.0875 2476 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

2011/03/21 14:35:43.0968 2476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/21 14:35:44.0046 2476 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/21 14:35:44.0125 2476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/21 14:35:44.0187 2476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/21 14:35:44.0250 2476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/21 14:35:44.0296 2476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/21 14:35:44.0359 2476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/21 14:35:44.0437 2476 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/21 14:35:44.0484 2476 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/21 14:35:44.0546 2476 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/21 14:35:44.0625 2476 NCHSSVAD (e78ce4b8e70ccc1a6e63008c3660867c) C:\WINDOWS\system32\drivers\nchssvad.sys

2011/03/21 14:35:44.0750 2476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/21 14:35:44.0812 2476 ndiscm (b797ee2ef919c95561dee78b72b33e5b) C:\WINDOWS\system32\DRIVERS\NetMotCM.sys

2011/03/21 14:35:44.0921 2476 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/21 14:35:44.0984 2476 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/21 14:35:45.0015 2476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/21 14:35:45.0078 2476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/21 14:35:45.0140 2476 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/21 14:35:45.0187 2476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/21 14:35:45.0234 2476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/21 14:35:45.0328 2476 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys

2011/03/21 14:35:45.0421 2476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/03/21 14:35:45.0578 2476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/21 14:35:45.0656 2476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/21 14:35:45.0750 2476 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2011/03/21 14:35:45.0796 2476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/21 14:35:45.0859 2476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/21 14:35:45.0921 2476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/21 14:35:46.0000 2476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/03/21 14:35:46.0062 2476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/21 14:35:46.0093 2476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/21 14:35:46.0171 2476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/21 14:35:46.0203 2476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/21 14:35:46.0296 2476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/21 14:35:46.0437 2476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2011/03/21 14:35:46.0843 2476 pfc (ed2e7f396b4098608c95bc3806bdf6fc) C:\WINDOWS\system32\drivers\pfc.sys

2011/03/21 14:35:46.0984 2476 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys

2011/03/21 14:35:47.0078 2476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/21 14:35:47.0109 2476 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/03/21 14:35:47.0156 2476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/21 14:35:47.0218 2476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/21 14:35:47.0421 2476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/21 14:35:47.0500 2476 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2011/03/21 14:35:47.0562 2476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/21 14:35:47.0593 2476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/21 14:35:47.0671 2476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/21 14:35:47.0781 2476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/21 14:35:47.0859 2476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/21 14:35:47.0937 2476 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/21 14:35:47.0968 2476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/21 14:35:48.0093 2476 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys

2011/03/21 14:35:48.0156 2476 RTL8023 (29f9879a1fd386f7251ae9fdadb2cbf1) C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys

2011/03/21 14:35:48.0234 2476 RTL8023xp (cf84b1f0e8b14d4120aaf9cf35cbb265) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/03/21 14:35:48.0312 2476 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/03/21 14:35:48.0562 2476 SASDIFSV (bfbc4be8d6ac6d33ad93f3f5f2e11499) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/03/21 14:35:48.0718 2476 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/03/21 14:35:48.0765 2476 SASKUTIL (4731a1b8a79b19cad8e2cfdc7b7d82d4) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2011/03/21 14:35:49.0000 2476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/21 14:35:49.0140 2476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/03/21 14:35:49.0234 2476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2011/03/21 14:35:49.0375 2476 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/21 14:35:49.0468 2476 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys

2011/03/21 14:35:49.0562 2476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/21 14:35:49.0640 2476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/21 14:35:49.0703 2476 SRS_SSCFilter (53ff9a8b3748399f143d7572b7888dd7) C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys

2011/03/21 14:35:49.0812 2476 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/21 14:35:49.0890 2476 SrvcEKIOMngr (2024a857cc3351662655ee32b60254a1) C:\WINDOWS\system32\Drivers\EKIoMngr.sys

2011/03/21 14:35:50.0015 2476 SrvcEPIOMngr (ddac6148d760d3854cae2409d4046d07) C:\WINDOWS\system32\Drivers\EPIoMngr.sys

2011/03/21 14:35:50.0078 2476 SrvcSSIOMngr (bb30a993e1cd2c74b9160b82f95aa3ea) C:\WINDOWS\system32\Drivers\SSIoMngr.sys

2011/03/21 14:35:50.0156 2476 SrvcTPIOMngr (0c2fe008042012cd24fcdcedc7ec8832) C:\WINDOWS\system32\Drivers\TPIoMngr.sys

2011/03/21 14:35:50.0234 2476 sscdbhk5 (7c0c9bdca2d351ff3b4f9b69f99aa995) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/03/21 14:35:50.0312 2476 SSKBFD (a2be8fbfa987e95d70cfed0e2dacda6d) C:\WINDOWS\system32\Drivers\sskbfd.sys

2011/03/21 14:35:50.0375 2476 ssrtln (31726706d54894d5059f7471111a87bb) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/03/21 14:35:50.0453 2476 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/21 14:35:50.0515 2476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/21 14:35:50.0562 2476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/21 14:35:50.0718 2476 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/03/21 14:35:50.0828 2476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/21 14:35:50.0921 2476 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\System32\drivers\TBiosDrv.sys

2011/03/21 14:35:51.0015 2476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/21 14:35:51.0140 2476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/21 14:35:51.0171 2476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/21 14:35:51.0203 2476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/21 14:35:51.0312 2476 tfsnboio (e269d9fedfc0f56a247cad1a63796520) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/03/21 14:35:51.0437 2476 tfsncofs (3c1e664efe8a77a39bd6c75d5a528f71) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/03/21 14:35:51.0484 2476 tfsndrct (d31218ff783e87796ff6fc08947b7b1a) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/03/21 14:35:51.0546 2476 tfsndres (2c6bb69577142532ca2d500eb9f13d33) C:\WINDOWS\system32\dla\tfsndres.sys

2011/03/21 14:35:51.0609 2476 tfsnifs (e426978f51af4a6a35570eced8d1e1f3) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/03/21 14:35:51.0671 2476 tfsnopio (38c8e56fa7e82c977507c1fdcbf3a294) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/03/21 14:35:51.0718 2476 tfsnpool (ae9e9bf9bde115d1b343a2e520450b4e) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/03/21 14:35:51.0765 2476 tfsnudf (1cd2d88dd844d77e7b3da0cef4108ea1) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/03/21 14:35:51.0843 2476 tfsnudfa (d992c38ec8e99729c02179932d16a700) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/03/21 14:35:52.0000 2476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/21 14:35:52.0109 2476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/21 14:35:52.0234 2476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/21 14:35:52.0281 2476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/21 14:35:52.0343 2476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/21 14:35:52.0375 2476 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/03/21 14:35:52.0406 2476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/21 14:35:52.0515 2476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/21 14:35:52.0578 2476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/21 14:35:52.0640 2476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/03/21 14:35:52.0703 2476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/21 14:35:52.0843 2476 viamraid (00046aa2e396edc2238556e740a8e5af) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2011/03/21 14:35:52.0906 2476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/21 14:35:52.0968 2476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/21 14:35:53.0109 2476 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/03/21 14:35:53.0250 2476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/21 14:35:53.0468 2476 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/21 14:35:53.0562 2476 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/21 14:35:53.0640 2476 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/21 14:35:53.0906 2476 ================================================================================

2011/03/21 14:35:53.0906 2476 Scan finished

2011/03/21 14:35:53.0906 2476 ================================================================================

2011/03/21 14:36:07.0000 2940 Deinitialize success

Link to post
Share on other sites

I was able to run Malwarebytes in normal mode without any problems this time. This is the log.

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6107

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

3/22/2011 3:44:06 AM

mbam-log-2011-03-22 (03-44-06).txt

Scan type: Full scan (C:\|)

Objects scanned: 305395

Time elapsed: 2 hour(s), 11 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

So far so good. Before I posted in this forum, I ran Malwarebytes twice in safe mode to remove some sort of malware. In between Malwarebytes scans, I ran my antivirus. Since the second Malwarebytes scan showed the same infection I felt I needed help to remove it.

As of now, The computer runs smoothly. I have noticed that Outlook has changed the way it looks when I open that program. I rarely use outlook.

Link to post
Share on other sites

You can delete TDSKiller.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*] WOT , Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

    Green to go

    Yellow for caution

    Red to stop

    WOT has an addon available for both Firefox and IE.

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.