Jump to content

Infected by virus, but I can't run any programs to remove it!


Recommended Posts

Hello,

My laptop is infected with a virus (redirecting my search results), but when I tried to rum Malwarebytes an error message comes up- file cannot be found. I re-installed mabam, renamed it when downloading so I was able to get it to start the scan, but after a few minutes it just disapeared. The same thing happened when I ran GMER Rootkit Scanner, it scanned for a few minutes and then disapeared. DDS just stops running after 5 minutes. Symantec has popped up on the taskbar, sayong HTTP TIDSERVE REQUEST DETECTED. I can't run a Symantec scan either. I am running Windows XP. I do see a strange string of numbers in my Task manager procese, 131576770:1028 running as system, and I can't disable it. Looking at other posts, I did look in device manager- hidden devices-non plug and play but could not find anything like TDSSserv.sys Please help! Thanks so much.

Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Hello and thank you for your reply. I was able to run the removal tool, log is posted below. However, there was no option at the end of the scan to cure, only skip or copy to quarantine. I chose to quarantine it.

11:24:58.0234 3412 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24

11:25:00.0109 3412 ============================================================

11:25:00.0109 3412 Current date / time: 2011/10/09 11:25:00.0109

11:25:00.0109 3412 SystemInfo:

11:25:00.0109 3412

11:25:00.0109 3412 OS Version: 5.1.2600 ServicePack: 3.0

11:25:00.0109 3412 Product type: Workstation

11:25:00.0109 3412 ComputerName: BES-56406

11:25:00.0109 3412 UserName: public

11:25:00.0109 3412 Windows directory: C:\WINDOWS

11:25:00.0109 3412 System windows directory: C:\WINDOWS

11:25:00.0109 3412 Processor architecture: Intel x86

11:25:00.0109 3412 Number of processors: 1

11:25:00.0109 3412 Page size: 0x1000

11:25:00.0109 3412 Boot type: Normal boot

11:25:00.0109 3412 ============================================================

11:25:04.0984 3412 Initialize success

11:25:07.0890 1552 ============================================================

11:25:07.0890 1552 Scan started

11:25:07.0890 1552 Mode: Manual;

11:25:07.0890 1552 ============================================================

11:25:12.0812 1552 Abiosdsk - ok

11:25:13.0406 1552 abp480n5 - ok

11:25:14.0218 1552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

11:25:14.0406 1552 ACPI - ok

11:25:15.0093 1552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

11:25:15.0125 1552 ACPIEC - ok

11:25:15.0765 1552 adpu160m - ok

11:25:16.0609 1552 aeaudio (86ce50364ef3241401632fd4a805fcf9) C:\WINDOWS\system32\drivers\aeaudio.sys

11:25:16.0734 1552 aeaudio - ok

11:25:17.0609 1552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

11:25:17.0750 1552 aec - ok

11:25:18.0625 1552 AFD (e3049b90fe06f3f740b7cfda44995e2c) C:\WINDOWS\System32\drivers\afd.sys

11:25:19.0109 1552 AFD - ok

11:25:19.0718 1552 Aha154x - ok

11:25:20.0656 1552 aic78u2 - ok

11:25:21.0656 1552 aic78xx - ok

11:25:22.0640 1552 AliIde - ok

11:25:23.0593 1552 amsint - ok

11:25:25.0078 1552 AR5211 (286c8843137ef1fab45d6bfcd448e4b0) C:\WINDOWS\system32\DRIVERS\ar5211.sys

11:25:25.0531 1552 AR5211 - ok

11:25:26.0281 1552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

11:25:26.0343 1552 Arp1394 - ok

11:25:27.0015 1552 asc - ok

11:25:27.0609 1552 asc3350p - ok

11:25:28.0265 1552 asc3550 - ok

11:25:28.0921 1552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

11:25:28.0953 1552 AsyncMac - ok

11:25:29.0718 1552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

11:25:29.0718 1552 atapi - ok

11:25:30.0296 1552 Atdisk - ok

11:25:32.0218 1552 ati2mtag (c51eac1ba425d656aaa123c269e363d5) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

11:25:33.0406 1552 ati2mtag - ok

11:25:34.0187 1552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

11:25:34.0296 1552 Atmarpc - ok

11:25:35.0031 1552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

11:25:35.0062 1552 audstub - ok

11:25:35.0921 1552 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

11:25:36.0109 1552 b57w2k - ok

11:25:36.0812 1552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

11:25:36.0828 1552 Beep - ok

11:25:37.0031 1552 c2b3d707 (72e6856d605bdeaed1052eff9e986c21) C:\WINDOWS\131576770:1028401400.exe

11:25:38.0609 1552 Suspicious file (Hidden): C:\WINDOWS\131576770:1028401400.exe. md5: 72e6856d605bdeaed1052eff9e986c21

11:25:38.0609 1552 c2b3d707 ( HiddenFile.Multi.Generic ) - warning

11:25:38.0609 1552 c2b3d707 - detected HiddenFile.Multi.Generic (1)

11:25:39.0312 1552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

11:25:39.0343 1552 cbidf2k - ok

11:25:40.0046 1552 cd20xrnt - ok

11:25:40.0750 1552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

11:25:40.0765 1552 Cdaudio - ok

11:25:41.0468 1552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

11:25:41.0546 1552 Cdfs - ok

11:25:42.0250 1552 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

11:25:42.0343 1552 Cdrom - ok

11:25:43.0031 1552 Changer - ok

11:25:43.0781 1552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

11:25:43.0828 1552 CmBatt - ok

11:25:44.0437 1552 CmdIde - ok

11:25:45.0125 1552 COH_Mon (6186b6b953bdc884f0f379b84b3e3a98) C:\WINDOWS\system32\Drivers\COH_Mon.sys

11:25:45.0171 1552 COH_Mon - ok

11:25:45.0859 1552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

11:25:45.0875 1552 Compbatt - ok

11:25:46.0500 1552 Cpqarray - ok

11:25:47.0140 1552 dac2w2k - ok

11:25:47.0750 1552 dac960nt - ok

11:25:48.0453 1552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

11:25:48.0500 1552 Disk - ok

11:25:49.0921 1552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

11:25:50.0703 1552 dmboot - ok

11:25:51.0562 1552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

11:25:51.0750 1552 dmio - ok

11:25:52.0484 1552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

11:25:52.0500 1552 dmload - ok

11:25:53.0312 1552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

11:25:53.0375 1552 DMusic - ok

11:25:54.0015 1552 dpti2o - ok

11:25:54.0671 1552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

11:25:54.0687 1552 drmkaud - ok

11:25:55.0468 1552 drvmcdb (0196321f41476fc1fe6b0b7c37a6051e) C:\WINDOWS\system32\drivers\drvmcdb.sys

11:25:55.0640 1552 drvmcdb - ok

11:25:56.0375 1552 drvnddm (273061d90d4af7c1539e8102c7f458b5) C:\WINDOWS\system32\drivers\drvnddm.sys

11:25:56.0437 1552 drvnddm - ok

11:25:56.0968 1552 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

11:25:57.0328 1552 eeCtrl - ok

11:25:58.0000 1552 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

11:25:58.0062 1552 EGATHDRV - ok

11:25:58.0328 1552 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

11:25:58.0437 1552 EraserUtilRebootDrv - ok

11:25:59.0265 1552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

11:25:59.0453 1552 Fastfat - ok

11:26:00.0156 1552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

11:26:00.0218 1552 Fdc - ok

11:26:00.0937 1552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

11:26:00.0984 1552 Fips - ok

11:26:01.0718 1552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

11:26:01.0734 1552 Flpydisk - ok

11:26:02.0468 1552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

11:26:02.0671 1552 FltMgr - ok

11:26:03.0375 1552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

11:26:03.0390 1552 Fs_Rec - ok

11:26:04.0171 1552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

11:26:04.0484 1552 Ftdisk - ok

11:26:05.0421 1552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

11:26:05.0453 1552 GEARAspiWDM - ok

11:26:06.0265 1552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

11:26:06.0343 1552 Gpc - ok

11:26:07.0078 1552 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

11:26:07.0125 1552 HidUsb - ok

11:26:07.0812 1552 hpn - ok

11:26:08.0531 1552 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

11:26:08.0656 1552 HPZid412 - ok

11:26:09.0359 1552 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

11:26:09.0390 1552 HPZipr12 - ok

11:26:10.0062 1552 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

11:26:10.0156 1552 HPZius12 - ok

11:26:11.0078 1552 HSFHWATI (36b13bc557c0e28b1bfb65aebf4ce5ff) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

11:26:11.0359 1552 HSFHWATI - ok

11:26:13.0281 1552 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

11:26:14.0312 1552 HSF_DPV - ok

11:26:15.0578 1552 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

11:26:15.0828 1552 HTTP - ok

11:26:16.0484 1552 i2omgmt - ok

11:26:17.0140 1552 i2omp - ok

11:26:17.0859 1552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

11:26:17.0953 1552 i8042prt - ok

11:26:18.0656 1552 IBMPMDRV (067a88764593b1f46a6cfb00c69c11eb) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys

11:26:18.0687 1552 IBMPMDRV - ok

11:26:19.0437 1552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

11:26:19.0531 1552 Imapi - ok

11:26:20.0156 1552 ini910u - ok

11:26:20.0796 1552 IntelIde - ok

11:26:21.0562 1552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

11:26:21.0593 1552 intelppm - ok

11:26:22.0250 1552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

11:26:22.0312 1552 Ip6Fw - ok

11:26:23.0000 1552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

11:26:23.0421 1552 IpFilterDriver - ok

11:26:24.0125 1552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

11:26:24.0171 1552 IpInIp - ok

11:26:25.0031 1552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

11:26:25.0187 1552 IpNat - ok

11:26:26.0000 1552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

11:26:26.0078 1552 IPSec - ok

11:26:26.0796 1552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

11:26:26.0828 1552 IRENUM - ok

11:26:27.0515 1552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

11:26:27.0562 1552 isapnp - ok

11:26:28.0296 1552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

11:26:28.0375 1552 Kbdclass - ok

11:26:29.0593 1552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

11:26:29.0765 1552 kmixer - ok

11:26:30.0531 1552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

11:26:30.0656 1552 KSecDD - ok

11:26:31.0375 1552 lbrtfdc - ok

11:26:32.0125 1552 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

11:26:32.0234 1552 MBAMSwissArmy - ok

11:26:32.0953 1552 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

11:26:32.0968 1552 mdmxsdk - ok

11:26:33.0656 1552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

11:26:33.0671 1552 mnmdd - ok

11:26:34.0406 1552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

11:26:34.0421 1552 Modem - ok

11:26:35.0093 1552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

11:26:35.0140 1552 Mouclass - ok

11:26:35.0859 1552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

11:26:35.0906 1552 mouhid - ok

11:26:36.0703 1552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

11:26:36.0765 1552 MountMgr - ok

11:26:37.0437 1552 mraid35x - ok

11:26:37.0609 1552 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

11:26:37.0750 1552 MREMP50 - ok

11:26:37.0875 1552 MREMPR5 - ok

11:26:37.0921 1552 MRENDIS5 - ok

11:26:38.0046 1552 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

11:26:38.0093 1552 MRESP50 - ok

11:26:38.0968 1552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

11:26:39.0140 1552 MRxDAV - ok

11:26:40.0265 1552 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

11:26:40.0703 1552 MRxSmb - ok

11:26:41.0328 1552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

11:26:41.0359 1552 Msfs - ok

11:26:42.0109 1552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

11:26:42.0484 1552 MSKSSRV - ok

11:26:43.0171 1552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

11:26:43.0171 1552 MSPCLOCK - ok

11:26:43.0859 1552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

11:26:43.0875 1552 MSPQM - ok

11:26:44.0625 1552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

11:26:44.0671 1552 mssmbios - ok

11:26:45.0406 1552 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

11:26:45.0531 1552 Mup - ok

11:26:45.0828 1552 NAVENG (7eea0e2634fde3c645c9a6d424825261) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100311.036\NAVENG.SYS

11:26:45.0937 1552 NAVENG - ok

11:26:47.0390 1552 NAVEX15 (83c4db2927a4e871cbf2078b6eed1beb) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100311.036\NAVEX15.SYS

11:26:48.0750 1552 NAVEX15 - ok

11:26:49.0593 1552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

11:26:49.0859 1552 NDIS - ok

11:26:50.0562 1552 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

11:26:50.0578 1552 NdisTapi - ok

11:26:51.0218 1552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

11:26:51.0250 1552 Ndisuio - ok

11:26:52.0093 1552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

11:26:52.0234 1552 NdisWan - ok

11:26:52.0953 1552 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

11:26:53.0000 1552 NDProxy - ok

11:26:53.0687 1552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

11:26:53.0734 1552 NetBIOS - ok

11:26:54.0562 1552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

11:26:54.0734 1552 NetBT - ok

11:26:55.0453 1552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

11:26:55.0531 1552 NIC1394 - ok

11:26:56.0281 1552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

11:26:56.0312 1552 Npfs - ok

11:26:57.0515 1552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

11:26:58.0140 1552 Ntfs - ok

11:26:58.0812 1552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

11:26:58.0828 1552 Null - ok

11:26:59.0484 1552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

11:26:59.0500 1552 NwlnkFlt - ok

11:27:00.0171 1552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

11:27:00.0203 1552 NwlnkFwd - ok

11:27:00.0937 1552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

11:27:01.0031 1552 ohci1394 - ok

11:27:01.0781 1552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

11:27:01.0890 1552 Parport - ok

11:27:02.0687 1552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

11:27:02.0703 1552 PartMgr - ok

11:27:03.0390 1552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

11:27:03.0406 1552 ParVdm - ok

11:27:04.0156 1552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

11:27:04.0625 1552 PCI - ok

11:27:05.0250 1552 PCIDump - ok

11:27:05.0921 1552 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

11:27:05.0984 1552 PCIIde - ok

11:27:06.0843 1552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

11:27:07.0000 1552 Pcmcia - ok

11:27:07.0625 1552 PDCOMP - ok

11:27:08.0218 1552 PDFRAME - ok

11:27:08.0796 1552 PDRELI - ok

11:27:09.0390 1552 PDRFRAME - ok

11:27:10.0046 1552 perc2 - ok

11:27:10.0656 1552 perc2hib - ok

11:27:11.0390 1552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

11:27:11.0468 1552 PptpMiniport - ok

11:27:12.0218 1552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

11:27:12.0328 1552 PSched - ok

11:27:13.0125 1552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

11:27:13.0203 1552 Ptilink - ok

11:27:13.0906 1552 PxHelp20 (338a770f9ab04e5b2104d2d6e04cba2c) C:\WINDOWS\system32\Drivers\PxHelp20.sys

11:27:13.0937 1552 PxHelp20 - ok

11:27:14.0546 1552 ql1080 - ok

11:27:15.0218 1552 Ql10wnt - ok

11:27:15.0796 1552 ql12160 - ok

11:27:16.0406 1552 ql1240 - ok

11:27:17.0015 1552 ql1280 - ok

11:27:17.0750 1552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

11:27:17.0750 1552 RasAcd - ok

11:27:18.0562 1552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

11:27:18.0656 1552 Rasl2tp - ok

11:27:19.0359 1552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

11:27:19.0406 1552 RasPppoe - ok

11:27:20.0218 1552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

11:27:20.0234 1552 Raspti - ok

11:27:21.0109 1552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

11:27:21.0281 1552 Rdbss - ok

11:27:21.0968 1552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

11:27:21.0968 1552 RDPCDD - ok

11:27:22.0781 1552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

11:27:23.0000 1552 rdpdr - ok

11:27:23.0812 1552 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

11:27:23.0968 1552 RDPWD - ok

11:27:24.0687 1552 redbook (be1c31454204e0f004e1ee8e82d6bb9f) C:\WINDOWS\system32\DRIVERS\redbook.sys

11:27:24.0812 1552 redbook - ok

11:27:25.0609 1552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

11:27:25.0640 1552 Secdrv - ok

11:27:26.0375 1552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

11:27:26.0453 1552 Serial - ok

11:27:27.0531 1552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

11:27:27.0578 1552 Sfloppy - ok

11:27:28.0453 1552 Simbad - ok

11:27:29.0234 1552 Smapint (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys

11:27:29.0265 1552 Smapint - ok

11:27:30.0171 1552 smwdm (858934c454bdc6664c752bf0cd3eaeae) C:\WINDOWS\system32\drivers\smwdm.sys

11:27:30.0437 1552 smwdm - ok

11:27:31.0109 1552 Sparrow - ok

11:27:31.0734 1552 SPBBCDrv (38c030777dabfc771dac7873443cfcba) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

11:27:32.0140 1552 SPBBCDrv - ok

11:27:32.0875 1552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

11:27:32.0875 1552 splitter - ok

11:27:33.0671 1552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

11:27:33.0781 1552 sr - ok

11:27:34.0734 1552 SRTSP (11564fd80e0d2fc80b904a5bcbf8d761) C:\WINDOWS\system32\Drivers\SRTSP.SYS

11:27:35.0093 1552 SRTSP - ok

11:27:36.0078 1552 SRTSPL (c668edee729925635c254b04e70f9493) C:\WINDOWS\system32\Drivers\SRTSPL.SYS

11:27:36.0453 1552 SRTSPL - ok

11:27:37.0562 1552 SRTSPX (73d9add286baebdbf636eb53acf64e12) C:\WINDOWS\system32\Drivers\SRTSPX.SYS

11:27:37.0687 1552 SRTSPX - ok

11:27:38.0734 1552 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

11:27:39.0031 1552 Srv - ok

11:27:39.0765 1552 sscdbhk5 (1cbd1b58a32de97899f5290b05f856db) C:\WINDOWS\system32\drivers\sscdbhk5.sys

11:27:39.0781 1552 sscdbhk5 - ok

11:27:40.0437 1552 ssrtln (7fb07ac152d7a87e66204860002bd9a4) C:\WINDOWS\system32\drivers\ssrtln.sys

11:27:40.0453 1552 ssrtln - ok

11:27:41.0125 1552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

11:27:41.0125 1552 swenum - ok

11:27:41.0843 1552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

11:27:41.0890 1552 swmidi - ok

11:27:42.0546 1552 symc810 - ok

11:27:43.0171 1552 symc8xx - ok

11:27:43.0984 1552 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

11:27:44.0171 1552 SymEvent - ok

11:27:44.0921 1552 SYMREDRV (9181892e5af5df8d2ac3d9d2cea48afd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

11:27:44.0953 1552 SYMREDRV - ok

11:27:45.0750 1552 SYMTDI (d539f317e6caaa4e08911a84c2180938) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

11:27:45.0984 1552 SYMTDI - ok

11:27:46.0703 1552 sym_hi - ok

11:27:47.0359 1552 sym_u3 - ok

11:27:48.0125 1552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

11:27:48.0187 1552 sysaudio - ok

11:27:48.0984 1552 SysPlant (796bd122ccff742854e72fe8e45a7ac9) C:\WINDOWS\system32\Drivers\SysPlant.sys

11:27:49.0078 1552 SysPlant - ok

11:27:50.0109 1552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

11:27:50.0453 1552 Tcpip - ok

11:27:51.0171 1552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

11:27:51.0187 1552 TDPIPE - ok

11:27:51.0906 1552 TDSMAPI (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS

11:27:51.0921 1552 TDSMAPI - ok

11:27:52.0593 1552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

11:27:52.0625 1552 TDTCP - ok

11:27:53.0406 1552 Teefer2 (94fb26d72326851e914b9fd988e1aa47) C:\WINDOWS\system32\DRIVERS\teefer2.sys

11:27:53.0453 1552 Teefer2 - ok

11:27:54.0203 1552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

11:27:54.0250 1552 TermDD - ok

11:27:55.0031 1552 tfsnboio (9acc8b321ac40d09f8ede8c86e125da3) C:\WINDOWS\system32\dla\tfsnboio.sys

11:27:55.0078 1552 tfsnboio - ok

11:27:55.0781 1552 tfsncofs (de9189d99ebcbbab2b31b6b09c9c3009) C:\WINDOWS\system32\dla\tfsncofs.sys

11:27:55.0812 1552 tfsncofs - ok

11:27:56.0453 1552 tfsndrct (61ad01c2e8365608831f46a7bf85a4c8) C:\WINDOWS\system32\dla\tfsndrct.sys

11:27:56.0453 1552 tfsndrct - ok

11:27:57.0109 1552 tfsndres (0d3463ada11b5cd081e49f74a79d7458) C:\WINDOWS\system32\dla\tfsndres.sys

11:27:57.0109 1552 tfsndres - ok

11:27:57.0828 1552 tfsnifs (760d69f3bd16de68b235ba9cafab5dd1) C:\WINDOWS\system32\dla\tfsnifs.sys

11:27:57.0921 1552 tfsnifs - ok

11:27:58.0562 1552 tfsnopio (1e2ad02f3557e18d4b77ccc20d370318) C:\WINDOWS\system32\dla\tfsnopio.sys

11:27:58.0578 1552 tfsnopio - ok

11:27:59.0250 1552 tfsnpool (3e43969d4d7f9140483d150fa35d4c72) C:\WINDOWS\system32\dla\tfsnpool.sys

11:27:59.0250 1552 tfsnpool - ok

11:28:00.0000 1552 tfsnudf (07b9263a4f470c75bd4c54871e6072e7) C:\WINDOWS\system32\dla\tfsnudf.sys

11:28:00.0093 1552 tfsnudf - ok

11:28:00.0781 1552 tfsnudfa (f2c9d20d32d782b3f311a5b256d83803) C:\WINDOWS\system32\dla\tfsnudfa.sys

11:28:00.0875 1552 tfsnudfa - ok

11:28:01.0515 1552 TosIde - ok

11:28:02.0187 1552 TPPWR (8d6678aaab7ca42a71999e7b931cdf1d) C:\WINDOWS\system32\drivers\Tppwr.sys

11:28:02.0218 1552 TPPWR - ok

11:28:02.0921 1552 TwoTrack (17687545f77a648af7f9f1064eb61191) C:\WINDOWS\system32\DRIVERS\TwoTrack.sys

11:28:02.0968 1552 TwoTrack - ok

11:28:03.0687 1552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

11:28:03.0796 1552 Udfs - ok

11:28:04.0406 1552 ultra - ok

11:28:05.0421 1552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

11:28:05.0921 1552 Update - ok

11:28:06.0671 1552 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

11:28:06.0734 1552 USBAAPL - ok

11:28:07.0500 1552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

11:28:07.0531 1552 usbccgp - ok

11:28:08.0328 1552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

11:28:08.0375 1552 usbehci - ok

11:28:09.0125 1552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

11:28:09.0234 1552 usbhub - ok

11:28:09.0937 1552 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

11:28:09.0968 1552 usbohci - ok

11:28:10.0640 1552 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

11:28:10.0718 1552 usbprint - ok

11:28:11.0406 1552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

11:28:11.0437 1552 usbscan - ok

11:28:12.0125 1552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

11:28:12.0156 1552 USBSTOR - ok

11:28:12.0843 1552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

11:28:12.0859 1552 VgaSave - ok

11:28:13.0468 1552 ViaIde - ok

11:28:14.0234 1552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

11:28:14.0343 1552 VolSnap - ok

11:28:15.0140 1552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

11:28:15.0187 1552 Wanarp - ok

11:28:15.0781 1552 WDICA - ok

11:28:16.0562 1552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

11:28:16.0703 1552 wdmaud - ok

11:28:18.0093 1552 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

11:28:18.0843 1552 winachsf - ok

11:28:19.0718 1552 WPS (c58c48d7e190d3be57316a8e16d0bee9) C:\WINDOWS\system32\drivers\wpsdrvnt.sys

11:28:19.0765 1552 WPS - ok

11:28:20.0562 1552 WpsHelper (d253d6ebd33fffa6d229c8df8d76121a) C:\WINDOWS\system32\drivers\WpsHelper.sys

11:28:20.0718 1552 WpsHelper - ok

11:28:21.0453 1552 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

11:28:21.0546 1552 WudfPf - ok

11:28:22.0250 1552 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

11:28:22.0359 1552 WudfRd - ok

11:28:22.0453 1552 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

11:28:22.0859 1552 \Device\Harddisk0\DR0 - ok

11:28:22.0890 1552 Boot (0x1200) (23af53bbe10107010c0905102d9c8327) \Device\Harddisk0\DR0\Partition0

11:28:22.0890 1552 \Device\Harddisk0\DR0\Partition0 - ok

11:28:22.0890 1552 ============================================================

11:28:22.0890 1552 Scan finished

11:28:22.0890 1552 ============================================================

11:28:22.0906 0292 Detected object count: 1

11:28:22.0906 0292 Actual detected object count: 1

11:29:04.0328 0292 C:\WINDOWS\131576770:1028401400.exe - copied to quarantine

11:29:04.0359 0292 c2b3d707 ( HiddenFile.Multi.Generic ) - User select action: Quarantine

Link to post
Share on other sites

Hi, that looks like a nasty rootkit.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.