Jump to content


Photo
- - - - -

Whitesmoke virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 duwan

duwan

    New Member

  • Members
  • Pip
  • 6 posts

Posted 16 March 2011 - 09:06 PM

It looks like my laptop is infected by WhiteSmoke virus/spyware as well. On the desktop, there is a shortcut called WhiteSmoke (continue installation), another call RebateInformer.
MalwareBytes doesn't seems to able able to cleanly remove it. After we tried that, it keeps coming back.
Even worse, the laptop currently crashes at windows startup with a blue screen, saying IRQL_NOT_LESS_OR_EQUAL. I speculate that some driver file was corrupted when killing the virus? I am not sure.
Another symptom is I can't turn on McAfee real-time scanning. Attempts to turn it on always end up with it disabled again.

Help is appreciated!

Thanks!

#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 17 March 2011 - 09:26 AM

Hello duwan! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here
Double click dds to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 duwan

duwan

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 March 2011 - 09:56 AM

Thank you Maniac. The two files are attached.

Duwan

#4 duwan

duwan

    New Member

  • Members
  • Pip
  • 6 posts

Posted 19 March 2011 - 09:59 AM

Thank you Maniac. The two files are attached.

Duwan

Attached Files



#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 21 March 2011 - 10:45 AM

Post all of your log files, don't attach them.


Post them back to your topic.


My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 duwan

duwan

    New Member

  • Members
  • Pip
  • 6 posts

Posted 21 March 2011 - 07:54 PM

There you go...

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
.
==== Hosts File Hijack ======================
.
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.getantivirusplusnow.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 www.getavplusnow.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com
Hosts: 74.55.47.101 www.google.com
Hosts: 74.55.47.101 google.com
Hosts: 74.55.47.101 google.com.au
Hosts: 74.55.47.101 www.google.com.au
Hosts: 74.55.47.101 google.be
Hosts: 74.55.47.101 www.google.be
Hosts: 74.55.47.101 google.com.br
Hosts: 74.55.47.101 www.google.com.br
Hosts: 74.55.47.101 google.ca
Hosts: 74.55.47.101 www.google.ca
Hosts: 74.55.47.101 google.ch
Hosts: 74.55.47.101 www.google.ch
Hosts: 74.55.47.101 google.de
Hosts: 74.55.47.101 www.google.de
Hosts: 74.55.47.101 google.dk
Hosts: 74.55.47.101 www.google.dk
Hosts: 74.55.47.101 google.fr
Hosts: 74.55.47.101 www.google.fr
Hosts: 74.55.47.101 google.ie
Hosts: 74.55.47.101 www.google.ie
Hosts: 74.55.47.101 google.it
Hosts: 74.55.47.101 www.google.it
Hosts: 74.55.47.101 google.co.jp
Hosts: 74.55.47.101 www.google.co.jp
Hosts: 74.55.47.101 google.nl
Hosts: 74.55.47.101 www.google.nl
Hosts: 74.55.47.101 google.no
Hosts: 74.55.47.101 www.google.no
Hosts: 74.55.47.101 google.co.nz
Hosts: 74.55.47.101 www.google.co.nz
Hosts: 74.55.47.101 google.pl
Hosts: 74.55.47.101 www.google.pl
Hosts: 74.55.47.101 google.se
Hosts: 74.55.47.101 www.google.se
Hosts: 74.55.47.101 google.co.uk
Hosts: 74.55.47.101 www.google.co.uk
Hosts: 74.55.47.101 google.co.za
Hosts: 74.55.47.101 www.google.co.za
Hosts: 74.55.47.101 www.google-analytics.com
Hosts: 74.55.47.101 www.bing.com
Hosts: 74.55.47.101 search.yahoo.com
Hosts: 74.55.47.101 www.search.yahoo.com
Hosts: 74.55.47.101 uk.search.yahoo.com
Hosts: 74.55.47.101 ca.search.yahoo.com
Hosts: 74.55.47.101 de.search.yahoo.com
Hosts: 74.55.47.101 fr.search.yahoo.com
Hosts: 74.55.47.101 au.search.yahoo.com
.
==== Installed Programs ======================
.
װ
ABBYY FineReader 6.0 Sprint
Adobe Acrobat 4.0
Adobe Acrobat 5.0
Adobe After Effects 4.1
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Download Manager (Remove Only)
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe InDesign
Adobe InDesign CS
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 6.0
Adobe Photoshop Elements 2.0
Adobe Premiere 6 LE
Adobe Reader 7.0.3 - ????? by xunchi.com
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Manager 4.1
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AFPL Ghostscript 8.11
AFPL Ghostscript Fonts
AGEIA PhysX v7.07.24
America Online
Caillou's Preschool
CameraDrivers
Click to DVD 1.0
Clifford Reading
Common Setup Files (3790.0)
Connect
Core SDK (Windows Server 2003) (3790.0)
Debugging Tools for Windows
Debugging Tools for Windows (3790.0)
Dell Toolbar
Dell V310-V510 Series
DesignPro 5.4 Limited Edition
Director 8.5 Shockwave Studio
Dr. Seuss Kindergarten
DVgate
Edmark - FrippleTown (Remove only)
Edmark Mighty Math Zoo Zillions
Ethereal 0.9.11
Experience Vaio
FileZilla Client 3.2.7.1
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Color Inkjet CP1700 Uninstaller
HP Photosmart Cameras 3.5
HP Software Update
ImageStation Demo
ImageStation Tour
InterActual Player
Internet Development SDK (Version 6.0) (3790.0)
Internet Information Server (IIS) SDK (Version 5.1) (3790.0)
kuler
Linksys Wireless-G USB Network Adapter
Lucent Technologies Soft Modem AMR
Macromedia Dreamweaver 4
Macromedia Extension Manager
Macromedia Fireworks 4
Macromedia Flash MX
Macromedia FreeHand 10
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components (MDAC) SDK (Ver 2.7) (3790.0)
Microsoft Office 2000 Premium
Microsoft Office PowerPoint Viewer 2003
Microsoft SDK Update February 2003 (5.2.3790.0)
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Web Publishing Wizard 1.53
MiKTeX
Motion JPEG Software Decoder
MovieShaker 3.3
Mozilla Firefox (3.5.17)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Visualizer Library 1.4.00
Net Transport
Network Smart Capture
Nikon View 5
NJStar Communicator
Nullsoft Install System
Octoshape add-in for Adobe Flash Player
OpenAL
OpenMG Secure Module 3.1
PCFriendly
PDF Settings CS4
Personal Color Viewer 2.0
Photoshop Camera Raw
PicoPlayer
PicoPlayer Demo
PicoPlayerSplashScreen
Picture Package Music Transfer
Pixel Bender Toolkit
PowerDVD
Python 2.3.1
QuarkXPress Passport 4.0
RealProducer Basic 8.5
Screenblast ACID 2.0a
Screenblast Sound Forge 1.0b
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Shockwave
SiS Compatible VGA V2.09a
Skype Toolbars
Skype 4.2
SonicStage 1.5.00
Sony Certificate PCH
Sony DV Shared Library
Sony on Yahoo! Essentials
Sony Picture Utility
SpywareRemover2009 1.0.200.0
Suite Shared Configuration CS4
Support Actions WinXP
Switch Sound File Converter
Tablet PC SDK (3790.0)
TypingMaster Pro
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Action Setup
VAIO Brezza Wallpaper
VAIO Edit Components LE
VAIO Grid Wallpaper
VAIO Help & Support
VAIO Media 2.0
VAIO Media Installer 2.0
VAIO Media Music Server 2.0
VAIO Media Photo Server 2.0
VAIO Media Platform 2.0
VAIO Registration
VAIO Serenus Wallpaper
VAIO Support
VERITAS RecordNow DX
VERITAS RecordNow DX Update Manager
Viewpoint Media Player (Remove Only)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer SDK (Version 2.0) (3790.0)
Windows Internet Explorer 8
Windows Management Instrumentation (WMI) SDK (3790.0)
Windows Media Services SDK (3790.0)
Windows SR 2.0
Windows XP Service Pack 3
WinZip
Yahoo! Address AutoComplete
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Search Protection
Yahoo! Toolbar
.
==== End Of File ===========================




.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 11:43:46.34 on Fri 03/18/2011
Internet Explorer: 8.0.6001.18702
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dleaserv.exe
C:\WINDOWS\system32\dleacoms.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Dell V310-V510 Series\dleamon.exe
C:\Program Files\Dell V310-V510 Series\ezprint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView5\NkvMon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Windows Media Player\setup_wm.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: Dell Toolbar: {09b71986-2ac5-482d-b6cb-42ea34f4f85b} - c:\program files\dell toolbar\toolband.dll
TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - c:\program files\whitesmoketoolbar\whitesmoketoolbarX.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{745164FA-D15C-B336-3F8A-BD1086758E1C}] "c:\documents and settings\owner\application data\baily\muqo.exe"
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [dleamon.exe] "c:\program files\dell v310-v510 series\dleamon.exe"
mRun: [EzPrint] "c:\program files\dell v310-v510 series\ezprint.exe"
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: Chinese &Dictionary - c:\windows\menudict.htm
IE: Download all by Net Transport - c:\progra~1\xi\nettra~1\NTAddList.html
IE: Download by Net Transport - c:\progra~1\xi\nettra~1\NTAddLink.html
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/EN/mdldetect/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: cru629.dat rajijofa.dll
LSA: Notification Packages = scecli mufosevi.dll
IFEO: image file execution options - svchost.exe
Hosts: 74.125.45.100 4-open-davinci.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 getantivirusplusnow.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\yzu0trwi.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Yontoo Layers: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R? BFdoLwr;Toaster Bus FDO Lower Filter
R? BFdoUpr;Toaster Bus FDO Upper Filter
R? Ias;Network Security
R? MapMemP;MapMemP
R? MBAMSwissArmy;MBAMSwissArmy
R? mwoyshc;mwoyshc
R? NPF;NetGroup Packet Filter Driver
R? ofxrqq;ofxrqq
R? rbew;rbew
R? reqbjdpu;reqbjdpu
R? TfFsMon;TfFsMon
R? TfNetMon;TfNetMon
R? TfSysMon;TfSysMon
R? toaster;Microsoft Toaster Device Driver
R? WUSB54GSSVC;WUSB54GSSVC
S? busenum;Toaster Bus Enumerator
S? dlea_device;dlea_device
S? dleaCATSCustConnectService;dleaCATSCustConnectService
S? LucentSoftModem;Lucent Technologies Soft Modem
.
=============== Created Last 30 ================
.
2011-03-16 18:25:09 -------- d-----w- c:\docume~1\owner\applic~1\whitesmoketoolbar
2011-03-16 18:24:37 -------- d-----w- c:\program files\whitesmoketoolbar
2011-03-16 18:22:58 -------- d-----w- c:\program files\Drop Down Deals
2011-03-16 18:22:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Tarma Installer
2011-03-16 18:21:11 -------- d-----w- c:\docume~1\owner\applic~1\Ebehy
2011-03-16 18:21:11 -------- d-----w- c:\docume~1\owner\applic~1\Baily
2011-02-18 15:40:10 -------- d-----w- c:\program files\Yontoo Layers Client
2011-02-18 15:37:21 172032 --sha-r- c:\windows\system32\rasmxsu.dll
.
==================== Find3M ====================
.
2009-08-11 01:27:36 17119 ----a-w- c:\program files\common files\vacyryr.bat
2009-08-11 01:27:36 14688 ----a-w- c:\program files\common files\onucuni.vbs
2009-08-10 19:18:05 19092 ----a-w- c:\program files\common files\ukoqamo.reg
2009-08-10 19:18:05 18191 ----a-w- c:\program files\common files\efupyry.vbs
2009-08-10 19:13:28 19905 ----a-w- c:\program files\common files\kygotes.scr
2009-08-10 19:13:28 17908 ----a-w- c:\program files\common files\uvujemog.vbs
2009-08-10 19:13:28 17206 ----a-w- c:\program files\common files\guqeky.vbs
2003-01-29 19:49:13 7684744 ----a-w- c:\program files\common files\njcom230.exe
2009-04-25 01:23:35 60416 --sha-w- c:\windows\system32\dekoleha.exe
2009-04-26 22:20:08 59904 --sha-w- c:\windows\system32\wepakezu.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST380020A rev.5.38 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x857537AF]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x857599b0]; MOV EAX, [0x85759a2c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x857AA5E0]
3 CLASSPNP[0xF74E7FD7] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000066[0x857FDF18]
5 ACPI[0xF743E620] -> nt!IofCallDriver[0x804E37D5] -> [0x857AB030]
\Driver\atapi[0x8579F220] -> IRP_MJ_CREATE -> 0x857537AF
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST380020A_______________________________5.38____#4735304338584a38202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x857535F5
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 12:04:30.09 ===============

#7 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 22 March 2011 - 01:24 PM

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.


In your next reply, please post the following logs:

  • TDSSKiller log
  • a new fresh DDS log only

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#8 duwan

duwan

    New Member

  • Members
  • Pip
  • 6 posts

Posted 23 March 2011 - 10:15 AM

Hi Maniac, Below is TDSSKiller log txt. The virus seems killed.


2011/03/23 10:52:57.0281 1732 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/23 10:52:57.0562 1732 ================================================================================
2011/03/23 10:52:57.0562 1732 SystemInfo:
2011/03/23 10:52:57.0562 1732
2011/03/23 10:52:57.0562 1732 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/23 10:52:57.0562 1732 Product type: Workstation
2011/03/23 10:52:57.0562 1732 ComputerName: VENUS
2011/03/23 10:52:57.0562 1732 UserName: Owner
2011/03/23 10:52:57.0562 1732 Windows directory: C:\WINDOWS
2011/03/23 10:52:57.0562 1732 System windows directory: C:\WINDOWS
2011/03/23 10:52:57.0562 1732 Processor architecture: Intel x86
2011/03/23 10:52:57.0562 1732 Number of processors: 1
2011/03/23 10:52:57.0562 1732 Page size: 0x1000
2011/03/23 10:52:57.0562 1732 Boot type: Normal boot
2011/03/23 10:52:57.0562 1732 ================================================================================
2011/03/23 10:52:58.0703 1732 Initialize success
2011/03/23 10:53:04.0453 2148 ================================================================================
2011/03/23 10:53:04.0453 2148 Scan started
2011/03/23 10:53:04.0453 2148 Mode: Manual;
2011/03/23 10:53:04.0453 2148 ================================================================================
2011/03/23 10:53:06.0640 2148 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/03/23 10:53:08.0500 2148 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/23 10:53:09.0468 2148 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/23 10:53:10.0531 2148 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/03/23 10:53:12.0046 2148 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/23 10:53:12.0750 2148 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/23 10:53:13.0421 2148 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/03/23 10:53:16.0515 2148 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/23 10:53:18.0515 2148 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/23 10:53:19.0234 2148 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/23 10:53:20.0546 2148 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/03/23 10:53:21.0203 2148 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/23 10:53:21.0750 2148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/23 10:53:22.0265 2148 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/03/23 10:53:23.0390 2148 BFdoLwr (97ae1bde3727b90b62082aa6583948c4) C:\WINDOWS\system32\DRIVERS\BFdoLwr.sys
2011/03/23 10:53:23.0968 2148 BFdoUpr (177593073d172e18e9c2b8e3579a5808) C:\WINDOWS\system32\DRIVERS\BFdoUpr.sys
2011/03/23 10:53:24.0546 2148 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/23 10:53:24.0750 2148 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/03/23 10:53:25.0250 2148 busenum (af2160b87647edf596e22579520c9447) C:\WINDOWS\system32\DRIVERS\busenum.sys
2011/03/23 10:53:25.0796 2148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/23 10:53:26.0343 2148 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/23 10:53:27.0390 2148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/23 10:53:28.0343 2148 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/23 10:53:29.0187 2148 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/23 10:53:34.0609 2148 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/23 10:53:36.0125 2148 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/23 10:53:37.0531 2148 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
2011/03/23 10:53:38.0500 2148 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/23 10:53:39.0406 2148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/23 10:53:40.0218 2148 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/23 10:53:41.0031 2148 DNE (01954d020887671fec9929172847f35d) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/03/23 10:53:42.0468 2148 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/23 10:53:43.0265 2148 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/23 10:53:44.0125 2148 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/23 10:53:44.0890 2148 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/23 10:53:45.0625 2148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/23 10:53:46.0406 2148 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/23 10:53:47.0265 2148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/23 10:53:48.0093 2148 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/23 10:53:49.0343 2148 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/23 10:53:50.0250 2148 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
2011/03/23 10:53:51.0140 2148 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/23 10:53:53.0203 2148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/23 10:53:55.0359 2148 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/23 10:53:56.0218 2148 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/23 10:53:58.0375 2148 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/23 10:53:59.0093 2148 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/23 10:53:59.0843 2148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/23 10:54:00.0687 2148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/23 10:54:01.0718 2148 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/23 10:54:03.0093 2148 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/23 10:54:03.0843 2148 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/23 10:54:04.0578 2148 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/23 10:54:05.0453 2148 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/23 10:54:06.0468 2148 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/23 10:54:07.0234 2148 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/23 10:54:08.0015 2148 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/23 10:54:09.0406 2148 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/03/23 10:54:10.0453 2148 LucentSoftModem (d96ff9c7997a4311f6a5db9afcdea936) C:\WINDOWS\system32\DRIVERS\LTSM.sys
2011/03/23 10:54:12.0218 2148 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/03/23 10:54:12.0937 2148 MDC8021X (bee76ac58bb524523a84000ba8efe55a) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/03/23 10:54:13.0687 2148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/23 10:54:14.0562 2148 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/23 10:54:15.0484 2148 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/23 10:54:16.0187 2148 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/23 10:54:16.0937 2148 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/23 10:54:18.0234 2148 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/23 10:54:19.0312 2148 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/23 10:54:20.0031 2148 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/03/23 10:54:20.0640 2148 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/23 10:54:21.0296 2148 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/23 10:54:22.0093 2148 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/23 10:54:23.0125 2148 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/23 10:54:23.0671 2148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/23 10:54:24.0171 2148 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/23 10:54:24.0718 2148 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/23 10:54:26.0109 2148 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/23 10:54:26.0796 2148 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/23 10:54:27.0343 2148 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/23 10:54:27.0937 2148 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/23 10:54:28.0531 2148 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/23 10:54:29.0109 2148 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/23 10:54:29.0812 2148 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/23 10:54:30.0359 2148 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/23 10:54:30.0953 2148 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/23 10:54:31.0718 2148 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/23 10:54:32.0281 2148 NPF (f498c5c3399a60933196fc215ef074f9) C:\WINDOWS\system32\drivers\npf.sys
2011/03/23 10:54:32.0890 2148 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/23 10:54:33.0687 2148 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/23 10:54:34.0687 2148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/23 10:54:37.0140 2148 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/03/23 10:54:38.0875 2148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/23 10:54:39.0703 2148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/23 10:54:40.0421 2148 ofxrqq (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\wciw.sys
2011/03/23 10:54:41.0296 2148 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/23 10:54:42.0140 2148 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/23 10:54:42.0921 2148 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/23 10:54:43.0625 2148 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/23 10:54:44.0390 2148 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/23 10:54:45.0750 2148 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/23 10:54:46.0593 2148 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/23 10:54:51.0453 2148 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/23 10:54:52.0328 2148 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/03/23 10:54:53.0093 2148 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/23 10:54:53.0859 2148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/23 10:54:54.0640 2148 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/03/23 10:54:55.0453 2148 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/03/23 10:54:59.0140 2148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/23 10:54:59.0875 2148 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/23 10:55:00.0593 2148 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/23 10:55:01.0328 2148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/23 10:55:02.0093 2148 rbew (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\wbcwmji.sys
2011/03/23 10:55:02.0921 2148 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/23 10:55:03.0765 2148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/23 10:55:04.0828 2148 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/23 10:55:05.0593 2148 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/23 10:55:06.0265 2148 reqbjdpu (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\enybk.sys
2011/03/23 10:55:07.0140 2148 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
2011/03/23 10:55:08.0125 2148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/23 10:55:08.0937 2148 Sentinel (4f290b3618de548fa0caa658dd39f78e) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2011/03/23 10:55:09.0781 2148 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/23 10:55:10.0515 2148 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/23 10:55:12.0000 2148 SiS315 (5021c54419c48e852cd93e99ceb96c5a) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/03/23 10:55:12.0890 2148 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/23 10:55:13.0703 2148 SiSkp (0ba1bc20204db877236eb5f674879ed5) C:\WINDOWS\system32\drivers\srvkp.sys
2011/03/23 10:55:14.0468 2148 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/23 10:55:15.0453 2148 soma (fa197db78c086f8ebdf15c995375f091) C:\WINDOWS\system32\DRIVERS\soma.sys
2011/03/23 10:55:16.0515 2148 SONYWBMS (a8201c45292114606f6620d21275a5e1) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS
2011/03/23 10:55:18.0000 2148 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/23 10:55:18.0796 2148 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/23 10:55:19.0765 2148 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/23 10:55:20.0687 2148 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/23 10:55:21.0437 2148 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/23 10:55:22.0156 2148 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/23 10:55:25.0312 2148 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/23 10:55:26.0078 2148 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/23 10:55:26.0828 2148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/23 10:55:27.0468 2148 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/23 10:55:28.0093 2148 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/23 10:55:30.0218 2148 toaster (e26fa60eb06ccb84745ef411b4a26227) C:\WINDOWS\system32\DRIVERS\toaster.sys
2011/03/23 10:55:31.0312 2148 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/23 10:55:32.0531 2148 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/23 10:55:33.0750 2148 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/23 10:55:34.0250 2148 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/23 10:55:34.0843 2148 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/23 10:55:35.0437 2148 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/23 10:55:36.0031 2148 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/23 10:55:36.0593 2148 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/23 10:55:37.0156 2148 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/23 10:55:37.0718 2148 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/03/23 10:55:38.0312 2148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/23 10:55:39.0328 2148 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/23 10:55:39.0953 2148 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/23 10:55:40.0484 2148 wanatw (ba1d9278448cb26152a18b6a06b61ea3) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/03/23 10:55:41.0562 2148 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/23 10:55:42.0171 2148 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\system32\drivers\yacxgc.sys
2011/03/23 10:55:43.0000 2148 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/23 10:55:43.0546 2148 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/23 10:55:43.0781 2148 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/23 10:55:43.0843 2148 ================================================================================
2011/03/23 10:55:43.0843 2148 Scan finished
2011/03/23 10:55:43.0843 2148 ================================================================================
2011/03/23 10:55:43.0890 1772 Detected object count: 1
2011/03/23 10:57:16.0375 1772 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/03/23 10:57:16.0375 1772 \HardDisk0 - ok
2011/03/23 10:57:16.0375 1772 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/23 10:57:41.0437 2132 Deinitialize success

#9 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 March 2011 - 01:07 PM

In your next reply, please post the following logs:

TDSSKiller log
a new fresh DDS log only


My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#10 duwan

duwan

    New Member

  • Members
  • Pip
  • 6 posts

Posted 24 March 2011 - 01:52 PM

I couldn't locate a new fresh DDS log in my computer. Do you know where it went? Thanks.

#11 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,410 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 March 2011 - 03:33 PM

In this same location like DDS.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#12 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 01 April 2011 - 06:52 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users