Jump to content

your system is infected, AntiVirus 2010


Recommended Posts

Hey, apologies for starting another topic on the same issue but I need a hand. I've tried running a quick scan and full scan in MBAM to no avail, once I click on scan, MBAM closes after a couple of seconds.

Then MBAM won't open and I get the message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item".

I followed the advice here: http://www.bleepingcomputer.com/virus-remo...-antivirus-2010 and then I can open MBAM again but the cycle just continues.

I'm running XP PRO Service Pack 2, if that helps.

Thanks.

Link to post
Share on other sites

  • Replies 94
  • Created
  • Last Reply

Top Posters In This Topic

post-32477-1261866970.gif

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

thanks for the reply, I'm also getting google redirects now aswell.

Ok here is dds.txt report:

DDS (Ver_10-10-21.02) - NTFSx86

Run by Alex at 10:38:07.81 on Mon 25/10/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13

Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.3061.2466 [GMT 11:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe"

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\CA\CA Internet Security Suite\casc.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Julian\Desktop\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [cctray] c:\program files\ca\ca internet security suite\casc.exe

mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"

mRun: [CAPPActiveProtection] "c:\program files\ca\ca internet security suite\ca anti-spyware\CAPPActiveProtection.exe"

mRun: [Alcmtr] ALCMTR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

LSP: c:\windows\system32\VetRedir.dll

LSP: mswsock.dll

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: PFW - UmxWnp.Dll

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath -

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-10-21 107000]

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-31 64160]

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-1-11 207792]

R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-8-6 72184]

R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-7-30 26352]

R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-7-30 21104]

R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-7-30 746216]

R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-7-30 21488]

R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-7-30 161008]

R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-7-30 144696]

R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2009-7-30 128240]

R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2008-9-10 1141240]

R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2008-10-21 801272]

R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-9-2 289272]

R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-10-21 203768]

R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-7-30 222544]

R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-7-30 130280]

S2 gupdate1ca11fcae66002;Google Update Service (gupdate1ca11fcae66002);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]

S2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-7-30 288080]

S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

S3 cpuz132;cpuz132;\??\c:\docume~1\alex\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\alex\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-7-30 68136]

S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-10 1029456]

S3 Normandy;Normandy SR2; [x]

S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-1-11 359624]

S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-1-11 1141712]

=============== Created Last 30 ================

2010-10-24 02:51:16 -------- d-----w- c:\docume~1\julian\applic~1\Malwarebytes

2010-10-23 14:22:16 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{14ed50c9-84dd-40f7-938a-87497f842586}\mpengine.dll

2010-10-17 04:58:01 -------- d-----w- c:\docume~1\julian\locals~1\applic~1\Temp

==================== Find3M ====================

2010-10-24 03:19:37 3694 ----a-w- c:\windows\system32\tmp.reg

2010-10-19 00:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-08-15 09:06:15 66 ----a-w- c:\windows\system32\SSDRVRM.SYS

2004-08-04 12:00:00 73728 --sha-w- c:\windows\registeredpackages\{dd90d410-1823-43eb-9a16-a2331bf08799}$backup$\system\wmplayer.exe

============= FINISH: 10:38:45.17 ===============

Attach.txt

Link to post
Share on other sites

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Please read carefully and follow these steps.

  • Please download
TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
  • Only if Malicious objects are found then ensure Cure is selected
  • Then click Continue > Reboot now

[*]Copy and paste the log in your next reply

[*]A copy of the log will be saved automatically to the root directory, root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Link to post
Share on other sites

tdss killer log:

2010/10/25 11:36:24.0437 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 11:36:24.0437 ================================================================================

2010/10/25 11:36:24.0437 SystemInfo:

2010/10/25 11:36:24.0437

2010/10/25 11:36:24.0437 OS Version: 5.1.2600 ServicePack: 2.0

2010/10/25 11:36:24.0437 Product type: Workstation

2010/10/25 11:36:24.0437 ComputerName: ALEXS

2010/10/25 11:36:24.0437 UserName: Alex

2010/10/25 11:36:24.0437 Windows directory: C:\WINDOWS

2010/10/25 11:36:24.0437 System windows directory: C:\WINDOWS

2010/10/25 11:36:24.0437 Processor architecture: Intel x86

2010/10/25 11:36:24.0437 Number of processors: 2

2010/10/25 11:36:24.0437 Page size: 0x1000

2010/10/25 11:36:24.0437 Boot type: Normal boot

2010/10/25 11:36:24.0437 ================================================================================

2010/10/25 11:36:24.0625 Initialize success

2010/10/25 11:36:26.0093 ================================================================================

2010/10/25 11:36:26.0093 Scan started

2010/10/25 11:36:26.0093 Mode: Manual;

2010/10/25 11:36:26.0093 ================================================================================

2010/10/25 11:36:27.0093 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 11:36:27.0140 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 11:36:27.0187 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2010/10/25 11:36:27.0218 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/10/25 11:36:27.0312 AnyDVD (526259a6986d7a7794b3219a58710e9b) C:\WINDOWS\system32\Drivers\AnyDVD.sys

2010/10/25 11:36:27.0359 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 11:36:27.0375 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 11:36:27.0406 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 11:36:27.0453 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 11:36:27.0484 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 11:36:27.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 11:36:27.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 11:36:27.0578 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 11:36:27.0609 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 11:36:27.0765 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 11:36:27.0812 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 11:36:27.0843 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 11:36:27.0875 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 11:36:27.0906 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 11:36:27.0921 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 11:36:27.0968 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2010/10/25 11:36:27.0984 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 11:36:28.0015 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 11:36:28.0031 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 11:36:28.0046 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 11:36:28.0078 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/25 11:36:28.0109 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 11:36:28.0109 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 11:36:28.0140 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys

2010/10/25 11:36:28.0187 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 11:36:28.0203 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 11:36:28.0234 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 11:36:28.0265 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 11:36:28.0328 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 11:36:28.0359 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2010/10/25 11:36:28.0406 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 11:36:28.0531 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/25 11:36:28.0671 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 11:36:28.0796 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 11:36:29.0000 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/25 11:36:29.0031 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/25 11:36:29.0078 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 11:36:29.0093 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 11:36:29.0156 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 11:36:29.0234 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 11:36:29.0250 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 11:36:29.0281 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 11:36:29.0343 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 11:36:29.0390 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 11:36:29.0421 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 11:36:29.0515 KmxAgent (56d92667798228ae7f6ac8216f06b407) C:\WINDOWS\system32\DRIVERS\kmxagent.sys

2010/10/25 11:36:29.0562 KmxCfg (cc0ab87a37ae8010de254714ed682f60) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys

2010/10/25 11:36:29.0593 KmxStart (b4a077882c743c73b88ec9b20b0a0967) C:\WINDOWS\system32\DRIVERS\kmxstart.sys

2010/10/25 11:36:29.0640 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 11:36:29.0687 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/25 11:36:29.0734 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 11:36:29.0765 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 11:36:29.0781 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 11:36:29.0812 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 11:36:29.0843 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 11:36:29.0890 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 11:36:29.0937 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 11:36:29.0953 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 11:36:30.0015 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 11:36:30.0031 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 11:36:30.0062 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 11:36:30.0125 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 11:36:30.0156 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 11:36:30.0187 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 11:36:30.0250 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 11:36:30.0328 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 11:36:30.0328 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 11:36:30.0359 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 11:36:30.0375 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 11:36:30.0421 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 11:36:30.0468 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 11:36:30.0515 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 11:36:30.0562 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/25 11:36:30.0562 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/25 11:36:30.0609 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 11:36:30.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 11:36:30.0656 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 11:36:30.0687 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 11:36:30.0734 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 11:36:30.0765 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 11:36:30.0781 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 11:36:30.0828 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 11:36:30.0921 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 11:36:31.0015 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys

2010/10/25 11:36:31.0062 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys

2010/10/25 11:36:31.0093 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 11:36:31.0125 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys

2010/10/25 11:36:31.0140 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 11:36:31.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 11:36:31.0265 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 11:36:31.0312 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 11:36:31.0328 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 11:36:31.0343 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 11:36:31.0390 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 11:36:31.0421 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 11:36:31.0453 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 11:36:31.0515 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 11:36:31.0546 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 11:36:31.0609 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 11:36:31.0687 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 11:36:31.0703 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 11:36:31.0734 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 11:36:31.0781 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 11:36:31.0843 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/10/25 11:36:32.0031 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 11:36:32.0062 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 11:36:32.0125 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 11:36:32.0171 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 11:36:32.0218 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 11:36:32.0296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 11:36:32.0343 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 11:36:32.0375 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 11:36:32.0390 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 11:36:32.0421 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 11:36:32.0468 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 11:36:32.0562 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 11:36:32.0593 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/25 11:36:32.0609 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 11:36:32.0656 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 11:36:32.0687 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 11:36:32.0734 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/25 11:36:32.0765 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/25 11:36:32.0796 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 11:36:32.0843 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/25 11:36:32.0843 Suspicious service (NoAccess): vbma072b

2010/10/25 11:36:32.0906 vbma072b (6e8327c9b5f76e22d712b62c982c444c) C:\WINDOWS\system32\drivers\vbma072b.sys

2010/10/25 11:36:32.0906 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma072b.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 11:36:32.0906 vbma072b - detected Locked service (1)

2010/10/25 11:36:32.0921 VET-FILT (745c8fa117c58c9adba78dfde11d17af) C:\WINDOWS\system32\drivers\VET-FILT.sys

2010/10/25 11:36:32.0937 VET-REC (4b9881af8a3d9de74082f1cfecc5db58) C:\WINDOWS\system32\drivers\VET-REC.sys

2010/10/25 11:36:32.0953 VETEBOOT (0b41ba87f4a75f2485d0155c6fdea2d4) C:\WINDOWS\system32\drivers\VETEBOOT.sys

2010/10/25 11:36:32.0968 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VETEBOOT.sys. Real md5: 0b41ba87f4a75f2485d0155c6fdea2d4, Fake md5: c079f80582c31728029f3efcdfeaf221

2010/10/25 11:36:32.0968 VETEBOOT - detected Forged file (1)

2010/10/25 11:36:32.0984 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys

2010/10/25 11:36:33.0015 VETFDDNT (24ce79eafbd9edfd00aacae75345eb69) C:\WINDOWS\system32\drivers\VETFDDNT.sys

2010/10/25 11:36:33.0031 VETMONNT (5e166c4f3b97798e9e3c47ff74278598) C:\WINDOWS\system32\drivers\VETMONNT.sys

2010/10/25 11:36:33.0078 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/10/25 11:36:33.0125 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 11:36:33.0140 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 11:36:33.0203 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/25 11:36:33.0265 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 11:36:33.0312 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/25 11:36:33.0515 ================================================================================

2010/10/25 11:36:33.0515 Scan finished

2010/10/25 11:36:33.0515 ================================================================================

2010/10/25 11:36:33.0531 Detected object count: 2

2010/10/25 11:36:42.0562 Locked service(vbma072b) - User select action: Skip

2010/10/25 11:36:42.0562 Forged file(VETEBOOT) - User select action: Skip

2010/10/25 11:37:58.0796 Deinitialize success

Link to post
Share on other sites

2010/10/25 11:36:33.0531 Detected object count: 2

2010/10/25 11:36:42.0562 Locked service(vbma072b) - User select action: Skip

2010/10/25 11:36:42.0562 Forged file(VETEBOOT) - User select action: Skip

Why did you Skip those?

Run it again

You need to select Fix / Remove / Delete / quarantine

If you lose your internet connection after fixing those, do this:

Launch Notepad (Start>All Programs>Accessories), and copy/paste all the Quoted REGEDIT below to it. Don't forget to include REGEDIT4.

Save in: Desktop

File Name: fixme.reg

Save as Type: All files

Click: Save

REGEDIT4

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock]

[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Winsock2]

On the desktop, doubleclick fix.reg and allow it to run. Let it merge

After the reboot, we will reinstall TCP/IP

  • Go to Start the Settings and choose Network Connections
  • Right click on your normal connection icon, and choose Properties
  • Click the Install button
  • Choose Protocol then click Add
  • Click Have disk
  • In the drop down box, type in: C:\WINDOWS\INF and click OK
  • In the next dialog, click Internet Protocol (TCP/IP) then click OK
  • Click Close to leave the properties box

After that, Reboot your computer and see if you have regained your connection.

Link to post
Share on other sites

Sorry about that. I ran tdss killer again, here is the log:

2010/10/25 11:45:53.0046 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 11:45:53.0046 ================================================================================

2010/10/25 11:45:53.0046 SystemInfo:

2010/10/25 11:45:53.0046

2010/10/25 11:45:53.0046 OS Version: 5.1.2600 ServicePack: 2.0

2010/10/25 11:45:53.0046 Product type: Workstation

2010/10/25 11:45:53.0046 ComputerName: ALEXS

2010/10/25 11:45:53.0046 UserName: Alex

2010/10/25 11:45:53.0046 Windows directory: C:\WINDOWS

2010/10/25 11:45:53.0046 System windows directory: C:\WINDOWS

2010/10/25 11:45:53.0046 Processor architecture: Intel x86

2010/10/25 11:45:53.0046 Number of processors: 2

2010/10/25 11:45:53.0046 Page size: 0x1000

2010/10/25 11:45:53.0046 Boot type: Normal boot

2010/10/25 11:45:53.0046 ================================================================================

2010/10/25 11:45:53.0203 Initialize success

2010/10/25 11:45:55.0390 ================================================================================

2010/10/25 11:45:55.0390 Scan started

2010/10/25 11:45:55.0390 Mode: Manual;

2010/10/25 11:45:55.0390 ================================================================================

2010/10/25 11:45:56.0218 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 11:45:56.0250 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 11:45:56.0312 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2010/10/25 11:45:56.0343 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/10/25 11:45:56.0421 AnyDVD (526259a6986d7a7794b3219a58710e9b) C:\WINDOWS\system32\Drivers\AnyDVD.sys

2010/10/25 11:45:56.0484 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 11:45:56.0484 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 11:45:56.0531 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 11:45:56.0562 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 11:45:56.0593 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 11:45:56.0640 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 11:45:56.0671 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 11:45:56.0671 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 11:45:56.0718 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 11:45:56.0875 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 11:45:56.0906 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 11:45:56.0937 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 11:45:56.0968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 11:45:57.0000 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 11:45:57.0031 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 11:45:57.0062 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2010/10/25 11:45:57.0078 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 11:45:57.0109 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 11:45:57.0140 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 11:45:57.0156 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 11:45:57.0171 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/25 11:45:57.0187 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 11:45:57.0187 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 11:45:57.0234 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys

2010/10/25 11:45:57.0265 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 11:45:57.0281 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 11:45:57.0328 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 11:45:57.0343 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 11:45:57.0406 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 11:45:57.0437 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2010/10/25 11:45:57.0484 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 11:45:57.0609 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/25 11:45:57.0656 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 11:45:57.0781 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 11:45:57.0828 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/25 11:45:57.0859 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/25 11:45:57.0890 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 11:45:57.0906 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 11:45:57.0937 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 11:45:57.0953 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 11:45:57.0968 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 11:45:58.0000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 11:45:58.0000 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 11:45:58.0015 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 11:45:58.0046 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 11:45:58.0062 KmxAgent (56d92667798228ae7f6ac8216f06b407) C:\WINDOWS\system32\DRIVERS\kmxagent.sys

2010/10/25 11:45:58.0187 KmxCfg (cc0ab87a37ae8010de254714ed682f60) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys

2010/10/25 11:45:58.0281 KmxStart (b4a077882c743c73b88ec9b20b0a0967) C:\WINDOWS\system32\DRIVERS\kmxstart.sys

2010/10/25 11:45:58.0312 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 11:45:58.0343 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/25 11:45:58.0375 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 11:45:58.0406 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 11:45:58.0437 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 11:45:58.0437 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 11:45:58.0453 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 11:45:58.0484 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 11:45:58.0500 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 11:45:58.0515 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 11:45:58.0562 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 11:45:58.0562 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 11:45:58.0578 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 11:45:58.0609 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 11:45:58.0625 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 11:45:58.0640 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 11:45:58.0671 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 11:45:58.0703 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 11:45:58.0734 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 11:45:58.0750 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 11:45:58.0750 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 11:45:58.0781 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 11:45:58.0812 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 11:45:58.0843 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 11:45:58.0890 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/25 11:45:58.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/25 11:45:58.0921 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 11:45:58.0937 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 11:45:58.0968 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 11:45:58.0968 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 11:45:59.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 11:45:59.0015 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 11:45:59.0031 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 11:45:59.0078 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 11:45:59.0093 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 11:45:59.0171 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys

2010/10/25 11:45:59.0203 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys

2010/10/25 11:45:59.0234 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 11:45:59.0250 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys

2010/10/25 11:45:59.0265 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 11:45:59.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 11:45:59.0328 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 11:45:59.0343 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 11:45:59.0343 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 11:45:59.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 11:45:59.0390 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 11:45:59.0406 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 11:45:59.0421 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 11:45:59.0468 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 11:45:59.0500 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 11:45:59.0515 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 11:45:59.0562 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 11:45:59.0578 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 11:45:59.0625 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 11:45:59.0656 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 11:45:59.0703 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/10/25 11:45:59.0750 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 11:45:59.0781 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 11:45:59.0828 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 11:45:59.0843 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 11:45:59.0875 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 11:45:59.0921 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 11:45:59.0937 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 11:45:59.0984 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 11:46:00.0000 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 11:46:00.0015 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 11:46:00.0062 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 11:46:00.0093 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 11:46:00.0140 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/25 11:46:00.0156 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 11:46:00.0171 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 11:46:00.0187 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 11:46:00.0234 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/25 11:46:00.0281 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/25 11:46:00.0312 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 11:46:00.0328 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/25 11:46:00.0343 Suspicious service (NoAccess): vbma072b

2010/10/25 11:46:00.0375 vbma072b (6e8327c9b5f76e22d712b62c982c444c) C:\WINDOWS\system32\drivers\vbma072b.sys

2010/10/25 11:46:00.0375 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma072b.sys. md5: 6e8327c9b5f76e22d712b62c982c444c

2010/10/25 11:46:00.0375 vbma072b - detected Locked service (1)

2010/10/25 11:46:00.0390 VET-FILT (745c8fa117c58c9adba78dfde11d17af) C:\WINDOWS\system32\drivers\VET-FILT.sys

2010/10/25 11:46:00.0406 VET-REC (4b9881af8a3d9de74082f1cfecc5db58) C:\WINDOWS\system32\drivers\VET-REC.sys

2010/10/25 11:46:00.0421 VETEBOOT (0b41ba87f4a75f2485d0155c6fdea2d4) C:\WINDOWS\system32\drivers\VETEBOOT.sys

2010/10/25 11:46:00.0437 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VETEBOOT.sys. Real md5: 0b41ba87f4a75f2485d0155c6fdea2d4, Fake md5: c079f80582c31728029f3efcdfeaf221

2010/10/25 11:46:00.0437 VETEBOOT - detected Forged file (1)

2010/10/25 11:46:00.0453 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys

2010/10/25 11:46:00.0484 VETFDDNT (24ce79eafbd9edfd00aacae75345eb69) C:\WINDOWS\system32\drivers\VETFDDNT.sys

2010/10/25 11:46:00.0500 VETMONNT (5e166c4f3b97798e9e3c47ff74278598) C:\WINDOWS\system32\drivers\VETMONNT.sys

2010/10/25 11:46:00.0515 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/10/25 11:46:00.0546 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 11:46:00.0593 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 11:46:00.0609 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/25 11:46:00.0671 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 11:46:00.0718 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/25 11:46:00.0906 ================================================================================

2010/10/25 11:46:00.0906 Scan finished

2010/10/25 11:46:00.0906 ================================================================================

2010/10/25 11:46:00.0906 Detected object count: 2

2010/10/25 11:46:25.0328 HKLM\SYSTEM\ControlSet001\services\vbma072b - will be deleted after reboot

2010/10/25 11:46:25.0328 HKLM\SYSTEM\ControlSet002\services\vbma072b - will be deleted after reboot

2010/10/25 11:46:25.0343 C:\WINDOWS\system32\drivers\vbma072b.sys - will be deleted after reboot

2010/10/25 11:46:25.0343 Locked service(vbma072b) - User select action: Delete

2010/10/25 11:46:25.0343 HKLM\SYSTEM\ControlSet001\services\VETEBOOT - will be deleted after reboot

2010/10/25 11:46:25.0343 HKLM\SYSTEM\ControlSet002\services\VETEBOOT - will be deleted after reboot

2010/10/25 11:46:25.0343 C:\WINDOWS\system32\drivers\VETEBOOT.sys - will be deleted after reboot

2010/10/25 11:46:25.0343 Forged file(VETEBOOT) - User select action: Delete

2010/10/25 11:46:37.0421 Deinitialize success

Link to post
Share on other sites

If you haven't rebooted do so before running the next fix.

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Lets rename combofix before you download it.

First we need to remove what you have.

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Now do this:

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer if need be.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the ABCD.exe ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Note:

If combofix (ABCD) won't run from the desktop, try running it from the USB device.

Link to post
Share on other sites

before I post the tdds killer log I just wanted to add that when I turn on the pc and load my account, I get this message about Windows Defender: "Application failed to initialize: 0x800106ba. A problem caused this program's service to stop. To start the service, restart your computer or search Help and Support for how to start a service manually."

here's the tddskiller log:

2010/10/25 23:01:02.0296 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/25 23:01:02.0296 ================================================================================

2010/10/25 23:01:02.0296 SystemInfo:

2010/10/25 23:01:02.0296

2010/10/25 23:01:02.0296 OS Version: 5.1.2600 ServicePack: 2.0

2010/10/25 23:01:02.0296 Product type: Workstation

2010/10/25 23:01:02.0296 ComputerName: ALEXS

2010/10/25 23:01:02.0296 UserName: Alex

2010/10/25 23:01:02.0296 Windows directory: C:\WINDOWS

2010/10/25 23:01:02.0296 System windows directory: C:\WINDOWS

2010/10/25 23:01:02.0296 Processor architecture: Intel x86

2010/10/25 23:01:02.0296 Number of processors: 2

2010/10/25 23:01:02.0296 Page size: 0x1000

2010/10/25 23:01:02.0296 Boot type: Normal boot

2010/10/25 23:01:02.0296 ================================================================================

2010/10/25 23:01:02.0500 Initialize success

2010/10/25 23:01:03.0687 ================================================================================

2010/10/25 23:01:03.0687 Scan started

2010/10/25 23:01:03.0687 Mode: Manual;

2010/10/25 23:01:03.0687 ================================================================================

2010/10/25 23:01:04.0734 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/25 23:01:04.0765 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/25 23:01:04.0812 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2010/10/25 23:01:04.0843 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2010/10/25 23:01:04.0921 AnyDVD (526259a6986d7a7794b3219a58710e9b) C:\WINDOWS\system32\Drivers\AnyDVD.sys

2010/10/25 23:01:04.0968 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/25 23:01:05.0000 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/25 23:01:05.0031 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/25 23:01:05.0062 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/25 23:01:05.0093 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/25 23:01:05.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/25 23:01:05.0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/25 23:01:05.0156 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/25 23:01:05.0187 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/25 23:01:05.0328 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/25 23:01:05.0359 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/25 23:01:05.0390 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/25 23:01:05.0421 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/25 23:01:05.0468 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/25 23:01:05.0500 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/25 23:01:05.0515 ElbyCDIO (945ef111161bae49075107e5bc11a23f) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys

2010/10/25 23:01:05.0531 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/25 23:01:05.0546 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/25 23:01:05.0562 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/25 23:01:05.0578 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/25 23:01:05.0593 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/25 23:01:05.0609 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/25 23:01:05.0609 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/25 23:01:05.0625 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys

2010/10/25 23:01:06.0015 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/10/25 23:01:06.0031 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/25 23:01:06.0062 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/25 23:01:06.0109 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/25 23:01:06.0125 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/25 23:01:06.0156 hwdatacard (20330198554b7ddb44403af21d6ae179) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2010/10/25 23:01:06.0203 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/25 23:01:06.0312 ialm (9acb03875cfe068d5cc0e98fb2cf7017) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/25 23:01:06.0406 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/25 23:01:06.0515 IntcAzAudAddService (db589671e0c403d65884cf0b50600fcd) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/25 23:01:06.0562 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/25 23:01:06.0578 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/25 23:01:06.0609 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/25 23:01:06.0625 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/25 23:01:06.0640 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/25 23:01:06.0656 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/25 23:01:06.0671 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/25 23:01:06.0703 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/25 23:01:06.0703 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/25 23:01:06.0718 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/25 23:01:06.0734 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/25 23:01:06.0765 KmxAgent (56d92667798228ae7f6ac8216f06b407) C:\WINDOWS\system32\DRIVERS\kmxagent.sys

2010/10/25 23:01:06.0765 KmxCfg (cc0ab87a37ae8010de254714ed682f60) C:\WINDOWS\system32\DRIVERS\kmxcfg.sys

2010/10/25 23:01:06.0781 KmxStart (b4a077882c743c73b88ec9b20b0a0967) C:\WINDOWS\system32\DRIVERS\kmxstart.sys

2010/10/25 23:01:06.0781 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/25 23:01:06.0812 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\WINDOWS\system32\DRIVERS\Lbd.sys

2010/10/25 23:01:06.0843 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/25 23:01:06.0859 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/25 23:01:06.0890 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/25 23:01:06.0890 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/25 23:01:06.0906 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/25 23:01:06.0937 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/25 23:01:06.0953 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/25 23:01:06.0953 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/25 23:01:06.0984 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/25 23:01:07.0000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/25 23:01:07.0015 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/25 23:01:07.0015 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/25 23:01:07.0031 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/25 23:01:07.0031 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/25 23:01:07.0078 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/25 23:01:07.0093 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/25 23:01:07.0125 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/25 23:01:07.0125 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/25 23:01:07.0140 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/25 23:01:07.0156 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/25 23:01:07.0187 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/25 23:01:07.0218 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/25 23:01:07.0250 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys

2010/10/25 23:01:07.0250 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/25 23:01:07.0281 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/25 23:01:07.0296 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/25 23:01:07.0328 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/25 23:01:07.0343 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/25 23:01:07.0375 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/25 23:01:07.0390 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/25 23:01:07.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/25 23:01:07.0437 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/25 23:01:07.0453 PCTCore (ad629e621cb1242ba8707cd9c2c5b6ec) C:\WINDOWS\system32\drivers\PCTCore.sys

2010/10/25 23:01:07.0640 pfc (5903fa75200807ad739286bbf40c4904) C:\WINDOWS\system32\drivers\pfc.sys

2010/10/25 23:01:07.0734 Point32 (e5582e43e167cf367757d81e9727da2a) C:\WINDOWS\system32\DRIVERS\point32.sys

2010/10/25 23:01:07.0750 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/25 23:01:07.0765 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys

2010/10/25 23:01:07.0781 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/25 23:01:07.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/25 23:01:07.0828 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/25 23:01:07.0843 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/25 23:01:07.0843 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/25 23:01:07.0859 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/25 23:01:07.0859 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/25 23:01:07.0875 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/25 23:01:07.0890 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/25 23:01:07.0921 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/25 23:01:07.0937 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/25 23:01:07.0984 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys

2010/10/25 23:01:08.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/25 23:01:08.0015 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/25 23:01:08.0031 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/25 23:01:08.0046 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/25 23:01:08.0093 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS

2010/10/25 23:01:08.0140 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/25 23:01:08.0156 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/25 23:01:08.0203 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/25 23:01:08.0218 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/25 23:01:08.0250 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/25 23:01:08.0296 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/25 23:01:08.0328 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/25 23:01:08.0359 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/25 23:01:08.0375 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/25 23:01:08.0375 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/25 23:01:08.0406 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/25 23:01:08.0437 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/25 23:01:08.0468 USBAAPL (026f7f224f088ee11e383bca448fff81) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/10/25 23:01:08.0484 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/25 23:01:08.0515 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/25 23:01:08.0546 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/25 23:01:08.0578 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/25 23:01:08.0609 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/10/25 23:01:08.0640 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/25 23:01:08.0671 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/25 23:01:08.0671 Suspicious service (NoAccess): vbma072b

2010/10/25 23:01:08.0703 vbma072b (6e8327c9b5f76e22d712b62c982c444c) C:\WINDOWS\system32\drivers\vbma072b.sys

2010/10/25 23:01:08.0718 vbma072b - detected Locked service (1)

2010/10/25 23:01:08.0750 VET-FILT (745c8fa117c58c9adba78dfde11d17af) C:\WINDOWS\system32\drivers\VET-FILT.sys

2010/10/25 23:01:08.0750 VET-REC (4b9881af8a3d9de74082f1cfecc5db58) C:\WINDOWS\system32\drivers\VET-REC.sys

2010/10/25 23:01:08.0765 VETEBOOT (0b41ba87f4a75f2485d0155c6fdea2d4) C:\WINDOWS\system32\drivers\VETEBOOT.sys

2010/10/25 23:01:08.0765 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VETEBOOT.sys. Real md5: 0b41ba87f4a75f2485d0155c6fdea2d4, Fake md5: c079f80582c31728029f3efcdfeaf221

2010/10/25 23:01:08.0765 VETEBOOT - detected Forged file (1)

2010/10/25 23:01:08.0796 VETEFILE (31bab965e7af8295c22f641401d622b3) C:\WINDOWS\system32\drivers\VETEFILE.sys

2010/10/25 23:01:08.0812 VETFDDNT (24ce79eafbd9edfd00aacae75345eb69) C:\WINDOWS\system32\drivers\VETFDDNT.sys

2010/10/25 23:01:08.0828 VETMONNT (5e166c4f3b97798e9e3c47ff74278598) C:\WINDOWS\system32\drivers\VETMONNT.sys

2010/10/25 23:01:08.0843 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2010/10/25 23:01:08.0875 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/25 23:01:08.0906 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/25 23:01:08.0921 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2010/10/25 23:01:08.0968 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/25 23:01:09.0015 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/25 23:01:09.0203 ================================================================================

2010/10/25 23:01:09.0203 Scan finished

2010/10/25 23:01:09.0203 ================================================================================

2010/10/25 23:01:09.0218 Detected object count: 2

2010/10/25 23:01:26.0187 HKLM\SYSTEM\ControlSet001\services\vbma072b - will be deleted after reboot

2010/10/25 23:01:26.0187 HKLM\SYSTEM\ControlSet002\services\vbma072b - will be deleted after reboot

2010/10/25 23:01:26.0203 C:\WINDOWS\system32\drivers\vbma072b.sys - will be deleted after reboot

2010/10/25 23:01:26.0203 Locked service(vbma072b) - User select action: Delete

2010/10/25 23:01:26.0203 HKLM\SYSTEM\ControlSet001\services\VETEBOOT - will be deleted after reboot

2010/10/25 23:01:26.0203 HKLM\SYSTEM\ControlSet002\services\VETEBOOT - will be deleted after reboot

2010/10/25 23:01:26.0203 C:\WINDOWS\system32\drivers\VETEBOOT.sys - will be deleted after reboot

2010/10/25 23:01:26.0203 Forged file(VETEBOOT) - User select action: Delete

2010/10/25 23:01:32.0125 Deinitialize success

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Lets rename combofix before you download it.

First we need to remove what you have.

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Now do this:

Download Combofix from any of the links below but rename it to ABCD.exe before saving it to your desktop.

Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer if need be.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Link 1

Link 2<--Right Click and use Save As if using this link.

Double click on the ABCD.exe ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Note:

If combofix (ABCD) won't run from the desktop, try running it from the USB device.

Link to post
Share on other sites

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

  1. rkill.exe
  2. rkill.com
  3. rkill.scr
  4. WiNlOgOn.exe
  5. uSeRiNiT.exe

Do not reboot your computer after running rkill as the malware programs will start again.

Next:

Try MBAM or combofix (abcd.exe)

Link to post
Share on other sites

ok, well rkill terminated one process but MBAM scan stopped after 2 seconds and combofix (abcd.exe) did the same thing as before.

here's the rkill log:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Ran as Alex on 26/10/2010 at 1:42:42.

Services Stopped:

Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe

C:\Documents and Settings\Alex\Desktop\rkill.exe

Rkill completed on 26/10/2010 at 1:42:45.

Link to post
Share on other sites

Try renaming MBAM.exe to mybam.exe

Before trying to run it do this:

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Now try mybam.exe

Link to post
Share on other sites

I did the online scan and then renamed mbam.exe to mybam.exe but the full scan still shut after 2 seconds.

here's the ESET online scanner log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ed5a6b7cc5764147b97cfc6d0e29f0be

# end=stopped

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-25 10:27:37

# local_time=2010-10-26 09:27:37 (+1000, AUS Eastern Daylight Time)

# country="Australia"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=2560 16777191 100 0 0 0 0 0

# compatibility_mode=4866 16775125 100 90 257818 61679755 0 0

# compatibility_mode=5892 16776574 100 100 0 129626475 0 0

# compatibility_mode=8192 67108863 100 0 551 551 0 0

# scanned=21064

# found=0

# cleaned=0

# scan_time=327

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=7.00.6000.17055 (vista_gdr.100414-0533)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=ed5a6b7cc5764147b97cfc6d0e29f0be

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-10-26 06:21:25

# local_time=2010-10-26 05:21:25 (+1000, AUS Eastern Daylight Time)

# country="Australia"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=2560 16777191 100 0 0 0 0 0

# compatibility_mode=4866 16775125 100 90 283151 61705088 0 0

# compatibility_mode=5892 16776574 100 100 0 129651808 0 0

# compatibility_mode=8192 67108863 100 0 25884 25884 0 0

# scanned=174432

# found=10

# cleaned=9

# scan_time=3420

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2F69QF43\uninstall[1] Win32/Adware.Antivirus2010 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8T69MFMZ\script_card[1] Win32/Adware.Antivirus2010 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\system32\drivers\veteboot.sys a variant of Win32/Rootkit.Agent.NSF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll probably a variant of Win32/Kryptik.YQ trojan (unable to clean) 00000000000000000000000000000000 I

D:\Natalie\Downloads\avi2video_install.exe Win32/Adware.MarketScore.A application (deleted - quarantined) 00000000000000000000000000000000 C

D:\Old HDD\Documents and Settings\Alex\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.14420 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Old HDD\Documents and Settings\Alex\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.39751 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Old HDD\Documents and Settings\Alex\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.79712 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Old HDD\Documents and Settings\Alex\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.96730 Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

D:\Old HDD\WINDOWS\system32\kxiwnkud.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.