duwan

Whitesmoke virus

12 posts in this topic

It looks like my laptop is infected by WhiteSmoke virus/spyware as well. On the desktop, there is a shortcut called WhiteSmoke (continue installation), another call RebateInformer.

MalwareBytes doesn't seems to able able to cleanly remove it. After we tried that, it keeps coming back.

Even worse, the laptop currently crashes at windows startup with a blue screen, saying IRQL_NOT_LESS_OR_EQUAL. I speculate that some driver file was corrupted when killing the virus? I am not sure.

Another symptom is I can't turn on McAfee real-time scanning. Attempts to turn it on always end up with it disabled again.

Help is appreciated!

Thanks!

Share this post


Link to post
Share on other sites

Hello duwan! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.
  • Keep me informed about any changes.
  • Post all of your log files, don't attach them.

Download DDS and save it to your desktop from here, here or here

Double click dds to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Share this post


Link to post
Share on other sites

Thank you Maniac. The two files are attached.

Duwan

Share this post


Link to post
Share on other sites
Post all of your log files, don't attach them.
Post them back to your topic.

Share this post


Link to post
Share on other sites

There you go...

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

.

==== Hosts File Hijack ======================

.

Hosts: 74.125.45.100 4-open-davinci.com

Hosts: 74.125.45.100 securitysoftwarepayments.com

Hosts: 74.125.45.100 privatesecuredpayments.com

Hosts: 74.125.45.100 secure.privatesecuredpayments.com

Hosts: 74.125.45.100 getantivirusplusnow.com

Hosts: 74.125.45.100 secure-plus-payments.com

Hosts: 74.125.45.100 www.getantivirusplusnow.com

Hosts: 74.125.45.100 www.secure-plus-payments.com

Hosts: 74.125.45.100 www.getavplusnow.com

Hosts: 74.125.45.100 safebrowsing-cache.google.com

Hosts: 74.125.45.100 urs.microsoft.com

Hosts: 74.125.45.100 www.securesoftwarebill.com

Hosts: 74.125.45.100 secure.paysecuresystem.com

Hosts: 74.125.45.100 paysoftbillsolution.com

Hosts: 74.125.45.100 protected.maxisoftwaremart.com

Hosts: 74.55.47.101 www.google.com

Hosts: 74.55.47.101 google.com

Hosts: 74.55.47.101 google.com.au

Hosts: 74.55.47.101 www.google.com.au

Hosts: 74.55.47.101 google.be

Hosts: 74.55.47.101 www.google.be

Hosts: 74.55.47.101 google.com.br

Hosts: 74.55.47.101 www.google.com.br

Hosts: 74.55.47.101 google.ca

Hosts: 74.55.47.101 www.google.ca

Hosts: 74.55.47.101 google.ch

Hosts: 74.55.47.101 www.google.ch

Hosts: 74.55.47.101 google.de

Hosts: 74.55.47.101 www.google.de

Hosts: 74.55.47.101 google.dk

Hosts: 74.55.47.101 www.google.dk

Hosts: 74.55.47.101 google.fr

Hosts: 74.55.47.101 www.google.fr

Hosts: 74.55.47.101 google.ie

Hosts: 74.55.47.101 www.google.ie

Hosts: 74.55.47.101 google.it

Hosts: 74.55.47.101 www.google.it

Hosts: 74.55.47.101 google.co.jp

Hosts: 74.55.47.101 www.google.co.jp

Hosts: 74.55.47.101 google.nl

Hosts: 74.55.47.101 www.google.nl

Hosts: 74.55.47.101 google.no

Hosts: 74.55.47.101 www.google.no

Hosts: 74.55.47.101 google.co.nz

Hosts: 74.55.47.101 www.google.co.nz

Hosts: 74.55.47.101 google.pl

Hosts: 74.55.47.101 www.google.pl

Hosts: 74.55.47.101 google.se

Hosts: 74.55.47.101 www.google.se

Hosts: 74.55.47.101 google.co.uk

Hosts: 74.55.47.101 www.google.co.uk

Hosts: 74.55.47.101 google.co.za

Hosts: 74.55.47.101 www.google.co.za

Hosts: 74.55.47.101 www.google-analytics.com

Hosts: 74.55.47.101 www.bing.com

Hosts: 74.55.47.101 search.yahoo.com

Hosts: 74.55.47.101 www.search.yahoo.com

Hosts: 74.55.47.101 uk.search.yahoo.com

Hosts: 74.55.47.101 ca.search.yahoo.com

Hosts: 74.55.47.101 de.search.yahoo.com

Hosts: 74.55.47.101 fr.search.yahoo.com

Hosts: 74.55.47.101 au.search.yahoo.com

.

==== Installed Programs ======================

.

Share this post


Link to post
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, choose it.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply.

Note:It will also create a log in the C:\ directory.

In your next reply, please post the following logs:

  1. TDSSKiller log
  2. a new fresh DDS log only

Share this post


Link to post
Share on other sites

Hi Maniac, Below is TDSSKiller log txt. The virus seems killed.

2011/03/23 10:52:57.0281 1732 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/23 10:52:57.0562 1732 ================================================================================

2011/03/23 10:52:57.0562 1732 SystemInfo:

2011/03/23 10:52:57.0562 1732

2011/03/23 10:52:57.0562 1732 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/23 10:52:57.0562 1732 Product type: Workstation

2011/03/23 10:52:57.0562 1732 ComputerName: VENUS

2011/03/23 10:52:57.0562 1732 UserName: Owner

2011/03/23 10:52:57.0562 1732 Windows directory: C:\WINDOWS

2011/03/23 10:52:57.0562 1732 System windows directory: C:\WINDOWS

2011/03/23 10:52:57.0562 1732 Processor architecture: Intel x86

2011/03/23 10:52:57.0562 1732 Number of processors: 1

2011/03/23 10:52:57.0562 1732 Page size: 0x1000

2011/03/23 10:52:57.0562 1732 Boot type: Normal boot

2011/03/23 10:52:57.0562 1732 ================================================================================

2011/03/23 10:52:58.0703 1732 Initialize success

2011/03/23 10:53:04.0453 2148 ================================================================================

2011/03/23 10:53:04.0453 2148 Scan started

2011/03/23 10:53:04.0453 2148 Mode: Manual;

2011/03/23 10:53:04.0453 2148 ================================================================================

2011/03/23 10:53:06.0640 2148 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys

2011/03/23 10:53:08.0500 2148 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/23 10:53:09.0468 2148 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/23 10:53:10.0531 2148 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys

2011/03/23 10:53:12.0046 2148 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/23 10:53:12.0750 2148 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/23 10:53:13.0421 2148 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys

2011/03/23 10:53:16.0515 2148 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/03/23 10:53:18.0515 2148 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/23 10:53:19.0234 2148 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/23 10:53:20.0546 2148 atksgt (3c4b9850a2631c2263507400d029057b) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2011/03/23 10:53:21.0203 2148 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/23 10:53:21.0750 2148 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/23 10:53:22.0265 2148 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys

2011/03/23 10:53:23.0390 2148 BFdoLwr (97ae1bde3727b90b62082aa6583948c4) C:\WINDOWS\system32\DRIVERS\BFdoLwr.sys

2011/03/23 10:53:23.0968 2148 BFdoUpr (177593073d172e18e9c2b8e3579a5808) C:\WINDOWS\system32\DRIVERS\BFdoUpr.sys

2011/03/23 10:53:24.0546 2148 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/03/23 10:53:24.0750 2148 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/03/23 10:53:25.0250 2148 busenum (af2160b87647edf596e22579520c9447) C:\WINDOWS\system32\DRIVERS\busenum.sys

2011/03/23 10:53:25.0796 2148 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/23 10:53:26.0343 2148 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/03/23 10:53:27.0390 2148 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/23 10:53:28.0343 2148 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/23 10:53:29.0187 2148 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/23 10:53:34.0609 2148 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/23 10:53:36.0125 2148 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/23 10:53:37.0531 2148 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2011/03/23 10:53:38.0500 2148 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/23 10:53:39.0406 2148 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/23 10:53:40.0218 2148 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/23 10:53:41.0031 2148 DNE (01954d020887671fec9929172847f35d) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/03/23 10:53:42.0468 2148 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/23 10:53:43.0265 2148 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/23 10:53:44.0125 2148 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/23 10:53:44.0890 2148 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/23 10:53:45.0625 2148 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/23 10:53:46.0406 2148 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/23 10:53:47.0265 2148 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/23 10:53:48.0093 2148 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/23 10:53:49.0343 2148 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/23 10:53:50.0250 2148 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS

2011/03/23 10:53:51.0140 2148 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/23 10:53:53.0203 2148 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/23 10:53:55.0359 2148 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/23 10:53:56.0218 2148 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/23 10:53:58.0375 2148 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/03/23 10:53:59.0093 2148 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/23 10:53:59.0843 2148 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/23 10:54:00.0687 2148 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/23 10:54:01.0718 2148 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/23 10:54:03.0093 2148 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/23 10:54:03.0843 2148 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/23 10:54:04.0578 2148 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/23 10:54:05.0453 2148 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/23 10:54:06.0468 2148 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/03/23 10:54:07.0234 2148 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/23 10:54:08.0015 2148 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/23 10:54:09.0406 2148 lirsgt (4127e8b6ddb4090e815c1f8852c277d3) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2011/03/23 10:54:10.0453 2148 LucentSoftModem (d96ff9c7997a4311f6a5db9afcdea936) C:\WINDOWS\system32\DRIVERS\LTSM.sys

2011/03/23 10:54:12.0218 2148 MBAMSwissArmy (d68e165c3123aba3b1282eddb4213bd8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/03/23 10:54:12.0937 2148 MDC8021X (bee76ac58bb524523a84000ba8efe55a) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys

2011/03/23 10:54:13.0687 2148 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/23 10:54:14.0562 2148 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/23 10:54:15.0484 2148 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/23 10:54:16.0187 2148 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/23 10:54:16.0937 2148 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/23 10:54:18.0234 2148 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/23 10:54:19.0312 2148 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/23 10:54:20.0031 2148 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys

2011/03/23 10:54:20.0640 2148 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/23 10:54:21.0296 2148 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/23 10:54:22.0093 2148 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/23 10:54:23.0125 2148 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/23 10:54:23.0671 2148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/23 10:54:24.0171 2148 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/03/23 10:54:24.0718 2148 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/23 10:54:26.0109 2148 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/03/23 10:54:26.0796 2148 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/23 10:54:27.0343 2148 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/03/23 10:54:27.0937 2148 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/23 10:54:28.0531 2148 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/23 10:54:29.0109 2148 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/23 10:54:29.0812 2148 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/23 10:54:30.0359 2148 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/23 10:54:30.0953 2148 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/23 10:54:31.0718 2148 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/03/23 10:54:32.0281 2148 NPF (f498c5c3399a60933196fc215ef074f9) C:\WINDOWS\system32\drivers\npf.sys

2011/03/23 10:54:32.0890 2148 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/23 10:54:33.0687 2148 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/23 10:54:34.0687 2148 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/23 10:54:37.0140 2148 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/03/23 10:54:38.0875 2148 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/23 10:54:39.0703 2148 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/23 10:54:40.0421 2148 ofxrqq (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\wciw.sys

2011/03/23 10:54:41.0296 2148 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/03/23 10:54:42.0140 2148 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/23 10:54:42.0921 2148 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/23 10:54:43.0625 2148 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/23 10:54:44.0390 2148 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/23 10:54:45.0750 2148 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/23 10:54:46.0593 2148 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/23 10:54:51.0453 2148 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/23 10:54:52.0328 2148 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/03/23 10:54:53.0093 2148 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/23 10:54:53.0859 2148 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/23 10:54:54.0640 2148 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys

2011/03/23 10:54:55.0453 2148 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys

2011/03/23 10:54:59.0140 2148 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/23 10:54:59.0875 2148 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/23 10:55:00.0593 2148 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/23 10:55:01.0328 2148 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/23 10:55:02.0093 2148 rbew (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\wbcwmji.sys

2011/03/23 10:55:02.0921 2148 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/23 10:55:03.0765 2148 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/23 10:55:04.0828 2148 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/23 10:55:05.0593 2148 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/23 10:55:06.0265 2148 reqbjdpu (e6d35f3aa51a65eb35c1f2340154a25e) C:\WINDOWS\system32\drivers\enybk.sys

2011/03/23 10:55:07.0140 2148 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\system32\DRIVERS\R8139n51.SYS

2011/03/23 10:55:08.0125 2148 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/23 10:55:08.0937 2148 Sentinel (4f290b3618de548fa0caa658dd39f78e) C:\WINDOWS\System32\Drivers\SENTINEL.SYS

2011/03/23 10:55:09.0781 2148 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2011/03/23 10:55:10.0515 2148 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/23 10:55:12.0000 2148 SiS315 (5021c54419c48e852cd93e99ceb96c5a) C:\WINDOWS\system32\DRIVERS\sisgrp.sys

2011/03/23 10:55:12.0890 2148 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/03/23 10:55:13.0703 2148 SiSkp (0ba1bc20204db877236eb5f674879ed5) C:\WINDOWS\system32\drivers\srvkp.sys

2011/03/23 10:55:14.0468 2148 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/03/23 10:55:15.0453 2148 soma (fa197db78c086f8ebdf15c995375f091) C:\WINDOWS\system32\DRIVERS\soma.sys

2011/03/23 10:55:16.0515 2148 SONYWBMS (a8201c45292114606f6620d21275a5e1) C:\WINDOWS\system32\DRIVERS\SonyWBMS.SYS

2011/03/23 10:55:18.0000 2148 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/23 10:55:18.0796 2148 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/23 10:55:19.0765 2148 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/23 10:55:20.0687 2148 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/03/23 10:55:21.0437 2148 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/23 10:55:22.0156 2148 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/23 10:55:25.0312 2148 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/23 10:55:26.0078 2148 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/23 10:55:26.0828 2148 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/23 10:55:27.0468 2148 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/23 10:55:28.0093 2148 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/23 10:55:30.0218 2148 toaster (e26fa60eb06ccb84745ef411b4a26227) C:\WINDOWS\system32\DRIVERS\toaster.sys

2011/03/23 10:55:31.0312 2148 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/23 10:55:32.0531 2148 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/23 10:55:33.0750 2148 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/03/23 10:55:34.0250 2148 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/23 10:55:34.0843 2148 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/23 10:55:35.0437 2148 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/03/23 10:55:36.0031 2148 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/03/23 10:55:36.0593 2148 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/03/23 10:55:37.0156 2148 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/23 10:55:37.0718 2148 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys

2011/03/23 10:55:38.0312 2148 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/23 10:55:39.0328 2148 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/23 10:55:39.0953 2148 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/23 10:55:40.0484 2148 wanatw (ba1d9278448cb26152a18b6a06b61ea3) C:\WINDOWS\system32\DRIVERS\wanatw4.sys

2011/03/23 10:55:41.0562 2148 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/23 10:55:42.0171 2148 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\system32\drivers\yacxgc.sys

2011/03/23 10:55:43.0000 2148 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/03/23 10:55:43.0546 2148 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/03/23 10:55:43.0781 2148 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/03/23 10:55:43.0843 2148 ================================================================================

2011/03/23 10:55:43.0843 2148 Scan finished

2011/03/23 10:55:43.0843 2148 ================================================================================

2011/03/23 10:55:43.0890 1772 Detected object count: 1

2011/03/23 10:57:16.0375 1772 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/03/23 10:57:16.0375 1772 \HardDisk0 - ok

2011/03/23 10:57:16.0375 1772 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/03/23 10:57:41.0437 2132 Deinitialize success

Share this post


Link to post
Share on other sites
In your next reply, please post the following logs:

TDSSKiller log

a new fresh DDS log only

Share this post


Link to post
Share on other sites

I couldn't locate a new fresh DDS log in my computer. Do you know where it went? Thanks.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.