Jump to content

need help with malware infection


Recommended Posts

Hello and :welcome:

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explaination about the tool. No input is needed, the scan is running.

    [*]Notepad will open with the results.

    [*]Follow the instructions that pop up for posting the results.

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Link to post
Share on other sites

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

FW: avast! Internet Security *Enabled*

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

svchost.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\WINDOWS\system32\Hummingbird\Connectivity\8.00\Inetd\inetd32.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\WINDOWS\system32\rpcnet.exe

C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe

C:\WINDOWS\system32\CCM\CcmExec.exe

C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe

C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\Microsoft Office Communicator\Communicator.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Microsoft Office\Office\FINDFAST.EXE

C:\Program Files\Microsoft Office\Office\OSA.EXE

C:\Program Files\Ps2000\Prt9532.exe

Link to post
Share on other sites

Don't worry, that can be caused by the infection.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

It removed a threat and asked to reboot.

09:18:48.0343 3236 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24

09:18:50.0343 3236 ============================================================

09:18:50.0343 3236 Current date / time: 2011/10/09 09:18:50.0343

09:18:50.0343 3236 SystemInfo:

09:18:50.0343 3236

09:18:50.0343 3236 OS Version: 5.1.2600 ServicePack: 3.0

09:18:50.0343 3236 Product type: Workstation

09:18:50.0343 3236 ComputerName: MAIN

09:18:50.0343 3236 UserName: amicable

09:18:50.0343 3236 Windows directory: C:\WINDOWS

09:18:50.0343 3236 System windows directory: C:\WINDOWS

09:18:50.0343 3236 Processor architecture: Intel x86

09:18:50.0343 3236 Number of processors: 2

09:18:50.0343 3236 Page size: 0x1000

09:18:50.0343 3236 Boot type: Normal boot

09:18:50.0343 3236 ============================================================

09:18:52.0656 3236 Initialize success

09:18:54.0609 3040 ============================================================

09:18:54.0609 3040 Scan started

09:18:54.0609 3040 Mode: Manual;

09:18:54.0609 3040 ============================================================

09:18:55.0906 3040 7aa0cef3 (18f6f971f25df033cdf2f9d343324067) C:\WINDOWS\4090404986:2237608204.exe

09:18:55.0906 3040 Suspicious file (Hidden): C:\WINDOWS\4090404986:2237608204.exe. md5: 18f6f971f25df033cdf2f9d343324067

09:18:55.0906 3040 7aa0cef3 ( HiddenFile.Multi.Generic ) - warning

09:18:55.0906 3040 7aa0cef3 - detected HiddenFile.Multi.Generic (1)

09:18:56.0000 3040 Aavmker4 (95d1de2a6613494e853a9738d5d9acd4) C:\WINDOWS\system32\drivers\Aavmker4.sys

09:18:56.0000 3040 Aavmker4 - ok

09:18:56.0015 3040 Abiosdsk - ok

09:18:56.0015 3040 abp480n5 - ok

09:18:56.0062 3040 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\drivers\tsk15.tmp

09:18:56.0078 3040 ACPI - ok

09:18:56.0093 3040 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

09:18:56.0109 3040 ACPIEC - ok

09:18:56.0156 3040 ADIHdAudAddService (ca6d262e0e68da7ac1e2edb0a8324031) C:\WINDOWS\system32\drivers\ADIHdAud.sys

09:18:56.0171 3040 ADIHdAudAddService - ok

09:18:56.0171 3040 adpu160m - ok

09:18:56.0187 3040 AEAudio (b4afcc2f911939a1c16a26e7eba7f36b) C:\WINDOWS\system32\drivers\AEAudio.sys

09:18:56.0187 3040 AEAudio - ok

09:18:56.0203 3040 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

09:18:56.0218 3040 aec - ok

09:18:56.0250 3040 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

09:18:56.0265 3040 AFD - ok

09:18:56.0265 3040 Aha154x - ok

09:18:56.0281 3040 aic78u2 - ok

09:18:56.0281 3040 aic78xx - ok

09:18:56.0296 3040 AliIde - ok

09:18:56.0296 3040 amsint - ok

09:18:56.0312 3040 asc - ok

09:18:56.0328 3040 asc3350p - ok

09:18:56.0328 3040 asc3550 - ok

09:18:56.0359 3040 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\WINDOWS\system32\drivers\aswFsBlk.sys

09:18:56.0359 3040 aswFsBlk - ok

09:18:56.0375 3040 aswFW (8c5b61dbfdaccc0a316acdea76774b32) C:\WINDOWS\system32\drivers\aswFW.sys

09:18:56.0390 3040 aswFW - ok

09:18:56.0390 3040 aswMon2 (fff2dbb17a3c89f87f78d5fa72ca47fd) C:\WINDOWS\system32\drivers\aswMon2.sys

09:18:56.0390 3040 aswMon2 - ok

09:18:56.0437 3040 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys

09:18:56.0437 3040 aswNdis - ok

09:18:56.0468 3040 aswNdis2 (37ebf6f81b4cb0aebe2345eeae85f112) C:\WINDOWS\system32\drivers\aswNdis2.sys

09:18:56.0484 3040 aswNdis2 - ok

09:18:56.0500 3040 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\WINDOWS\system32\drivers\aswRdr.sys

09:18:56.0500 3040 aswRdr - ok

09:18:56.0515 3040 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\WINDOWS\system32\drivers\aswSnx.sys

09:18:56.0531 3040 aswSnx - ok

09:18:56.0562 3040 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\WINDOWS\system32\drivers\aswSP.sys

09:18:56.0562 3040 aswSP - ok

09:18:56.0578 3040 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\WINDOWS\system32\drivers\aswTdi.sys

09:18:56.0578 3040 aswTdi - ok

09:18:56.0625 3040 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

09:18:56.0625 3040 AsyncMac - ok

09:18:56.0671 3040 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

09:18:56.0671 3040 atapi - ok

09:18:56.0671 3040 Atdisk - ok

09:18:56.0703 3040 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

09:18:56.0718 3040 Atmarpc - ok

09:18:56.0750 3040 atmeltpm (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys

09:18:56.0765 3040 atmeltpm - ok

09:18:56.0796 3040 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

09:18:56.0812 3040 audstub - ok

09:18:56.0859 3040 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

09:18:56.0859 3040 Beep - ok

09:18:56.0921 3040 btaudio (d6407b9a012205e5754866e145165c29) C:\WINDOWS\system32\drivers\btaudio.sys

09:18:56.0953 3040 btaudio - ok

09:18:57.0000 3040 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys

09:18:57.0000 3040 BTDriver - ok

09:18:57.0078 3040 BTKRNL (9f704f40cd50ae05bbfc492c0342e765) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

09:18:57.0109 3040 BTKRNL - ok

09:18:57.0140 3040 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

09:18:57.0156 3040 BTWDNDIS - ok

09:18:57.0156 3040 BTWUSB (1166cb501e1c34750a91600579efeab3) C:\WINDOWS\system32\Drivers\btwusb.sys

09:18:57.0171 3040 BTWUSB - ok

09:18:57.0218 3040 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

09:18:57.0234 3040 cbidf2k - ok

09:18:57.0250 3040 cd20xrnt - ok

09:18:57.0296 3040 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

09:18:57.0296 3040 Cdaudio - ok

09:18:57.0359 3040 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

09:18:57.0375 3040 Cdfs - ok

09:18:57.0406 3040 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

09:18:57.0796 3040 Cdrom - ok

09:18:57.0921 3040 Changer - ok

09:18:57.0953 3040 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

09:18:57.0968 3040 CmBatt - ok

09:18:57.0968 3040 CmdIde - ok

09:18:57.0984 3040 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

09:18:57.0984 3040 Compbatt - ok

09:18:58.0000 3040 Cpqarray - ok

09:18:58.0015 3040 dac2w2k - ok

09:18:58.0015 3040 dac960nt - ok

09:18:58.0031 3040 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

09:18:58.0031 3040 Disk - ok

09:18:58.0093 3040 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

09:18:58.0125 3040 dmboot - ok

09:18:58.0156 3040 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

09:18:58.0156 3040 dmio - ok

09:18:58.0187 3040 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

09:18:58.0187 3040 dmload - ok

09:18:58.0234 3040 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

09:18:58.0234 3040 DMusic - ok

09:18:58.0250 3040 dpti2o - ok

09:18:58.0250 3040 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

09:18:58.0250 3040 drmkaud - ok

09:18:58.0312 3040 e1express (06d94f4543671b497a5f4a0aedd5e36a) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

09:18:58.0328 3040 e1express - ok

09:18:58.0406 3040 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

09:18:58.0406 3040 eeCtrl - ok

09:18:58.0421 3040 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

09:18:58.0437 3040 EraserUtilRebootDrv - ok

09:18:58.0468 3040 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

09:18:58.0578 3040 Fastfat - ok

09:18:58.0609 3040 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

09:18:58.0625 3040 Fdc - ok

09:18:58.0640 3040 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

09:18:58.0640 3040 Fips - ok

09:18:58.0671 3040 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

09:18:58.0671 3040 Flpydisk - ok

09:18:58.0703 3040 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

09:18:58.0718 3040 FltMgr - ok

09:18:58.0765 3040 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

09:18:58.0765 3040 Fs_Rec - ok

09:18:58.0796 3040 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

09:18:58.0796 3040 Ftdisk - ok

09:18:58.0828 3040 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

09:18:58.0843 3040 Gpc - ok

09:18:58.0859 3040 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

09:18:58.0859 3040 HDAudBus - ok

09:18:58.0906 3040 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

09:18:58.0906 3040 HidUsb - ok

09:18:58.0921 3040 hpn - ok

09:18:58.0968 3040 HSFHWAZL (0aaef566e6782957252fa79f566fbc0b) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

09:18:58.0984 3040 HSFHWAZL - ok

09:18:59.0015 3040 HSF_DPV (e472e0cb4e716cc34c0e045f2c196221) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

09:18:59.0046 3040 HSF_DPV - ok

09:18:59.0093 3040 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

09:18:59.0093 3040 HTTP - ok

09:18:59.0109 3040 i2omgmt - ok

09:18:59.0109 3040 i2omp - ok

09:18:59.0156 3040 i8042prt (7eb9317a28c4592dee01877286c11bc3) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

09:18:59.0171 3040 i8042prt - ok

09:18:59.0390 3040 ialm (0d2bce63a792b6fe1b2b6b98137d3e1f) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

09:18:59.0625 3040 ialm - ok

09:18:59.0671 3040 IBMPMDRV (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

09:18:59.0671 3040 IBMPMDRV - ok

09:18:59.0703 3040 idisw2km (e9cce03bce0585226da5b2ab2a3e342e) C:\WINDOWS\system32\DRIVERS\idisw2km.sys

09:18:59.0718 3040 idisw2km - ok

09:18:59.0781 3040 iexplorer (60ac082b41e60906171335dfbf8c19c0) C:\WINDOWS\system32\drivers\iexplorer.sys

09:18:59.0781 3040 iexplorer - ok

09:18:59.0812 3040 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

09:18:59.0812 3040 Imapi - ok

09:18:59.0828 3040 ini910u - ok

09:18:59.0843 3040 IntelIde - ok

09:18:59.0859 3040 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

09:18:59.0859 3040 intelppm - ok

09:18:59.0875 3040 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

09:18:59.0890 3040 Ip6Fw - ok

09:18:59.0906 3040 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

09:18:59.0921 3040 IpFilterDriver - ok

09:18:59.0937 3040 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

09:18:59.0937 3040 IpInIp - ok

09:18:59.0968 3040 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

09:18:59.0984 3040 IpNat - ok

09:19:00.0015 3040 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

09:19:00.0031 3040 IPSec - ok

09:19:00.0062 3040 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

09:19:00.0062 3040 irda - ok

09:19:00.0093 3040 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

09:19:00.0109 3040 IRENUM - ok

09:19:00.0140 3040 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

09:19:00.0140 3040 isapnp - ok

09:19:00.0187 3040 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

09:19:00.0203 3040 Kbdclass - ok

09:19:00.0234 3040 kbstuff (5cb887962a98b4e11d62858b75d87580) C:\WINDOWS\system32\DRIVERS\kbstuff5.sys

09:19:00.0234 3040 kbstuff - ok

09:19:00.0296 3040 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

09:19:00.0296 3040 kmixer - ok

09:19:00.0312 3040 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

09:19:00.0328 3040 KSecDD - ok

09:19:00.0343 3040 lbrtfdc - ok

09:19:00.0375 3040 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

09:19:00.0375 3040 mdmxsdk - ok

09:19:00.0437 3040 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

09:19:00.0437 3040 mnmdd - ok

09:19:00.0484 3040 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

09:19:00.0484 3040 Modem - ok

09:19:00.0515 3040 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

09:19:00.0515 3040 Mouclass - ok

09:19:00.0546 3040 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

09:19:00.0546 3040 mouhid - ok

09:19:00.0593 3040 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

09:19:00.0609 3040 MountMgr - ok

09:19:00.0609 3040 mraid35x - ok

09:19:00.0625 3040 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

09:19:00.0640 3040 MRxDAV - ok

09:19:00.0687 3040 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

09:19:00.0687 3040 MRxSmb - ok

09:19:00.0718 3040 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

09:19:00.0718 3040 Msfs - ok

09:19:00.0750 3040 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

09:19:00.0765 3040 MSKSSRV - ok

09:19:00.0781 3040 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

09:19:00.0796 3040 MSPCLOCK - ok

09:19:00.0796 3040 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

09:19:00.0812 3040 MSPQM - ok

09:19:00.0843 3040 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

09:19:00.0843 3040 mssmbios - ok

09:19:00.0843 3040 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

09:19:00.0859 3040 Mup - ok

09:19:00.0953 3040 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110921.002\naveng.sys

09:19:00.0953 3040 NAVENG - ok

09:19:01.0015 3040 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110921.002\navex15.sys

09:19:01.0046 3040 NAVEX15 - ok

09:19:01.0109 3040 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

09:19:01.0187 3040 NDIS - ok

09:19:01.0218 3040 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

09:19:01.0234 3040 NdisTapi - ok

09:19:01.0265 3040 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

09:19:01.0281 3040 Ndisuio - ok

09:19:01.0296 3040 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

09:19:01.0359 3040 NdisWan - ok

09:19:01.0390 3040 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

09:19:01.0406 3040 NDProxy - ok

09:19:01.0437 3040 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

09:19:01.0453 3040 NetBIOS - ok

09:19:01.0484 3040 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

09:19:01.0500 3040 NetBT - ok

09:19:01.0718 3040 NETw5x32 (580207a7c9bde8ba65401f51f9ba9741) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys

09:19:01.0906 3040 NETw5x32 - ok

09:19:01.0921 3040 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

09:19:01.0921 3040 Npfs - ok

09:19:01.0953 3040 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

09:19:01.0968 3040 NSCIRDA - ok

09:19:02.0015 3040 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

09:19:02.0046 3040 Ntfs - ok

09:19:02.0093 3040 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

09:19:02.0093 3040 Null - ok

09:19:02.0125 3040 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

09:19:02.0140 3040 NwlnkFlt - ok

09:19:02.0140 3040 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

09:19:02.0156 3040 NwlnkFwd - ok

09:19:02.0187 3040 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

09:19:02.0187 3040 Parport - ok

09:19:02.0234 3040 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

09:19:02.0250 3040 PartMgr - ok

09:19:02.0265 3040 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

09:19:02.0281 3040 ParVdm - ok

09:19:02.0296 3040 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

09:19:02.0296 3040 PCI - ok

09:19:02.0312 3040 PCIDump - ok

09:19:02.0312 3040 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

09:19:02.0328 3040 PCIIde - ok

09:19:02.0328 3040 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

09:19:02.0343 3040 Pcmcia - ok

09:19:02.0359 3040 PDCOMP - ok

09:19:02.0359 3040 PDFRAME - ok

09:19:02.0375 3040 PDRELI - ok

09:19:02.0375 3040 PDRFRAME - ok

09:19:02.0390 3040 perc2 - ok

09:19:02.0406 3040 perc2hib - ok

09:19:02.0453 3040 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

09:19:02.0531 3040 PptpMiniport - ok

09:19:02.0609 3040 prepdrvr (19505c4134f3181fc2203e087140c192) C:\WINDOWS\system32\CCM\prepdrv.sys

09:19:02.0609 3040 prepdrvr - ok

09:19:02.0609 3040 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

09:19:02.0625 3040 PSched - ok

09:19:02.0656 3040 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

09:19:02.0671 3040 Ptilink - ok

09:19:02.0671 3040 ql1080 - ok

09:19:02.0687 3040 Ql10wnt - ok

09:19:02.0687 3040 ql12160 - ok

09:19:02.0703 3040 ql1240 - ok

09:19:02.0703 3040 ql1280 - ok

09:19:02.0734 3040 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

09:19:02.0734 3040 RasAcd - ok

09:19:02.0765 3040 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

09:19:02.0781 3040 Rasirda - ok

09:19:02.0812 3040 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

09:19:02.0812 3040 Rasl2tp - ok

09:19:02.0828 3040 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

09:19:02.0843 3040 RasPppoe - ok

09:19:02.0859 3040 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

09:19:02.0875 3040 Raspti - ok

09:19:02.0937 3040 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

09:19:02.0937 3040 Rdbss - ok

09:19:02.0968 3040 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

09:19:02.0984 3040 RDPCDD - ok

09:19:02.0984 3040 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

09:19:03.0093 3040 rdpdr - ok

09:19:03.0250 3040 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

09:19:03.0281 3040 RDPWD - ok

09:19:03.0312 3040 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

09:19:03.0328 3040 redbook - ok

09:19:03.0343 3040 rootrepeal - ok

09:19:03.0375 3040 s24trans (e7958e8acda7ca20127ef5f2235f25cc) C:\WINDOWS\system32\DRIVERS\s24trans.sys

09:19:03.0390 3040 s24trans - ok

09:19:03.0468 3040 SABKUTIL - ok

09:19:03.0546 3040 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

09:19:03.0546 3040 SASDIFSV - ok

09:19:03.0578 3040 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

09:19:03.0578 3040 SASKUTIL - ok

09:19:03.0656 3040 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

09:19:03.0671 3040 SAVRT - ok

09:19:03.0671 3040 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

09:19:03.0687 3040 SAVRTPEL - ok

09:19:03.0718 3040 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

09:19:03.0718 3040 Secdrv - ok

09:19:03.0765 3040 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

09:19:03.0765 3040 Serial - ok

09:19:03.0796 3040 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

09:19:03.0796 3040 Sfloppy - ok

09:19:03.0843 3040 Shockprf (fc0127343bd1ce1986ba12f8937f1057) C:\WINDOWS\system32\DRIVERS\Apsx86.sys

09:19:03.0859 3040 Shockprf - ok

09:19:03.0859 3040 Simbad - ok

09:19:03.0875 3040 Sparrow - ok

09:19:03.0921 3040 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

09:19:03.0921 3040 SPBBCDrv - ok

09:19:03.0968 3040 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

09:19:03.0968 3040 splitter - ok

09:19:04.0000 3040 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

09:19:04.0015 3040 sr - ok

09:19:04.0031 3040 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

09:19:04.0046 3040 Srv - ok

09:19:04.0078 3040 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

09:19:04.0093 3040 swenum - ok

09:19:04.0125 3040 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

09:19:04.0125 3040 swmidi - ok

09:19:04.0140 3040 symc810 - ok

09:19:04.0140 3040 symc8xx - ok

09:19:04.0203 3040 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS

09:19:04.0218 3040 SymEvent - ok

09:19:04.0218 3040 sym_hi - ok

09:19:04.0234 3040 sym_u3 - ok

09:19:04.0281 3040 SynTP (7a9025d8f7852b06d6d08ed536135e7e) C:\WINDOWS\system32\DRIVERS\SynTP.sys

09:19:04.0296 3040 SynTP - ok

09:19:04.0343 3040 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

09:19:04.0343 3040 sysaudio - ok

09:19:04.0390 3040 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

09:19:04.0406 3040 Tcpip - ok

09:19:04.0437 3040 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

09:19:04.0453 3040 TDPIPE - ok

09:19:04.0468 3040 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

09:19:04.0468 3040 TDTCP - ok

09:19:04.0515 3040 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

09:19:04.0531 3040 TermDD - ok

09:19:04.0531 3040 TosIde - ok

09:19:04.0578 3040 TPDIGIMN (521866a3ce5a1a69b4b4a87bdb52be26) C:\WINDOWS\system32\DRIVERS\ApsHM86.sys

09:19:04.0593 3040 TPDIGIMN - ok

09:19:04.0609 3040 TPHKDRV (8aef2188630f5ecd79ad9abba630630b) C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys

09:19:04.0625 3040 TPHKDRV - ok

09:19:04.0640 3040 TPPWRIF (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys

09:19:04.0640 3040 TPPWRIF - ok

09:19:04.0671 3040 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

09:19:04.0687 3040 Udfs - ok

09:19:04.0703 3040 ultra - ok

09:19:04.0750 3040 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

09:19:04.0765 3040 Update - ok

09:19:04.0828 3040 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

09:19:04.0828 3040 usbehci - ok

09:19:04.0859 3040 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

09:19:04.0953 3040 usbhub - ok

09:19:05.0000 3040 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

09:19:05.0000 3040 usbuhci - ok

09:19:05.0046 3040 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

09:19:05.0046 3040 VgaSave - ok

09:19:05.0046 3040 ViaIde - ok

09:19:05.0093 3040 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

09:19:05.0093 3040 VolSnap - ok

09:19:05.0156 3040 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

09:19:05.0156 3040 Wanarp - ok

09:19:05.0218 3040 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys

09:19:05.0250 3040 Wdf01000 - ok

09:19:05.0250 3040 WDICA - ok

09:19:05.0296 3040 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

09:19:05.0296 3040 wdmaud - ok

09:19:05.0359 3040 winachsf (0e666ac2766f2fd860cc03f405a2ace1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

09:19:05.0390 3040 winachsf - ok

09:19:05.0437 3040 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

09:19:05.0437 3040 WmiAcpi - ok

09:19:05.0468 3040 MBR (0x1B8) (0fbc5cf282064b1ff0e16bfc4e8cb5f4) \Device\Harddisk0\DR0

09:19:05.0468 3040 \Device\Harddisk0\DR0 - ok

09:19:05.0468 3040 Boot (0x1200) (f20b47a2bf3e26c433007cd5d379d481) \Device\Harddisk0\DR0\Partition0

09:19:05.0468 3040 \Device\Harddisk0\DR0\Partition0 - ok

09:19:05.0468 3040 ============================================================

09:19:05.0468 3040 Scan finished

09:19:05.0468 3040 ============================================================

09:19:05.0484 3448 Detected object count: 1

09:19:05.0484 3448 Actual detected object count: 1

09:19:20.0265 3448 HKLM\SYSTEM\ControlSet001\services\7aa0cef3 - will be deleted on reboot

09:19:20.0265 3448 HKLM\SYSTEM\ControlSet002\services\7aa0cef3 - will be deleted on reboot

09:19:20.0265 3448 C:\WINDOWS\4090404986:2237608204.exe - will be deleted on reboot

09:19:20.0265 3448 7aa0cef3 ( HiddenFile.Multi.Generic ) - User select action: Delete

09:19:24.0593 3188 Deinitialize success

Link to post
Share on other sites

Hi again, unfortunately that looks like a nasty rootkit.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.