can't get rid of win32.fraudload.edt

**mavson** · 2010-09-24, 16:42

did that then restarted explorer and ran a few searches, still got another window pop up with an ad site, and even had another window pop up for spybot search and destroy download site. Sorry I don't know what seems to be the problem. Thankyou again for the help.

**ken545** · 2010-09-24, 18:37

Let me ask you, are you using a router ?

Step 1 | Download MBRCheck.exe to your desktop.

Be sure to disable your security programs
Double click on the file to run it
A window will open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Please post the contents of that file.

**mavson** · 2010-09-24, 19:13

Yes I do use a router. Here is the contents of the log file after running MBRCheck.exe. I also seem to have random windows pop up if I walk away and come back from the computer after a little bit. There will be a couple opened up.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 114):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0x8AE27000 \WINDOWS\system32\KDCOM.DLL
0xF789B000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7987000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7989000 intelide.sys
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7468000 sr.sys
0xF7647000 PxHelp20.sys
0xF7451000 KSecDD.sys
0xF743E000 WudfPf.sys
0xF7B52000 Ntfs.sys
0xF7411000 NDIS.sys
0xF787D000 Mup.sys
0xF7657000 agp440.sys
0xB8451000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB843D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7747000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8419000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF774F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB83EE000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xBA6FC000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7757000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF775F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB83DA000 \SystemRoot\system32\DRIVERS\parport.sys
0xF7667000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA7C8000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7767000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF776F000 \SystemRoot\system32\drivers\Afc.sys
0xF7677000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7687000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB83B7000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8329000 \SystemRoot\system32\drivers\smwdm.sys
0xB8305000 \SystemRoot\system32\drivers\portcls.sys
0xF7697000 \SystemRoot\system32\drivers\drmk.sys
0xB82ED000 \SystemRoot\system32\drivers\aeaudio.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7AB3000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA7C0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB82D6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7777000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB82C5000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8BA1000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB8B99000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7D8B000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB9F85000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CB000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7D2D000 \SystemRoot\system32\DRIVERS\update.sys
0xF7923000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA77C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA76C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79FF000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF77EF000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7995000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB43BB000 \SystemRoot\System32\Drivers\Null.SYS
0xF7997000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7817000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF781F000 \SystemRoot\System32\drivers\vga.sys
0xF7999000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF799B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF773F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB55F0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA7D4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB2A38000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB29DF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB29B7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB298B000 \SystemRoot\System32\drivers\afd.sys
0xB4379000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB2960000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB28F0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB4359000 \SystemRoot\System32\Drivers\Fips.SYS
0xB28CA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB4349000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB4691000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB403C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB3815000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB30C0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA8D32000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA8D1A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB47E5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA97C8000 \SystemRoot\System32\drivers\Dxapi.sys
0xAA1A9000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xAF3F9000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xAEC4E000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA8446000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB020D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xA8377000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9090000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8132000 \SystemRoot\system32\drivers\wdmaud.sys
0xB9F65000 \SystemRoot\system32\drivers\sysaudio.sys
0xA7EE3000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 40):
0 System Idle Process
4 System
392 C:\WINDOWS\system32\smss.exe
440 csrss.exe
464 C:\WINDOWS\system32\winlogon.exe
512 C:\WINDOWS\system32\services.exe
524 C:\WINDOWS\system32\lsass.exe
684 C:\WINDOWS\system32\svchost.exe
748 svchost.exe
896 C:\WINDOWS\system32\svchost.exe
1004 svchost.exe
1100 svchost.exe
1188 C:\WINDOWS\system32\spoolsv.exe
1280 svchost.exe
1444 C:\Program Files\Java\jre6\bin\jqs.exe
1496 C:\WINDOWS\system32\nvsvc32.exe
1692 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
2016 alg.exe
1548 C:\WINDOWS\system32\wscntfy.exe
1544 C:\WINDOWS\explorer.exe
536 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
1492 C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
2000 C:\Program Files\Java\jre6\bin\jusched.exe
2056 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
2064 C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe
2072 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
2080 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2088 C:\WINDOWS\system32\rundll32.exe
2120 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2128 C:\WINDOWS\system32\ctfmon.exe
2156 C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
2164 C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
2420 C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
2508 C:\Program Files\OpenOffice.org 2.2\program\soffice.bin
2668 C:\WINDOWS\system32\svchost.exe
3596 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
3692 C:\Program Files\Java\jre6\bin\jucheck.exe
3868 C:\Program Files\Internet Explorer\iexplore.exe
2328 C:\WINDOWS\system32\svchost.exe
2728 C:\Documents and Settings\Me\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000006`4e87de00 (FAT32)

PhysicalDrive0 Model Number: WDCWD400BB-22HEA1, Rev: 14.03G14
PhysicalDrive1 Model Number: QUANTUMFIREBALLlct1530, Rev: A01.0F00

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
27 GB \\.\PhysicalDrive1 Unknown MBR code
SHA1: 0DCD918E9B55B1CB6BBF593A8E9A819601ADD524

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

**ken545** · 2010-09-24, 20:06

Its possible that your Master Boot Record is infected.. I need you to do two things.

1.
I need a copy of your MBR to send out for analysis

Re-run MBRCheck again.
When prompted, enter Y
Then enter 1 to dump the MBR to physical disk
Name the dumped file as Dump.dat

Enter -1 to exit

A log file named "dump.dat" will be located in the same folder as MBRCheck was saved, please zip it up and attach in your next reply.

2.
I need you to run Combofix again, but drag the copy you have to the trash and download a fresh new copy

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

So I need to see the dump.dat log from MBRCheck and the new Combofix log

**mavson** · 2010-09-24, 21:08

ok I ran the MBRCheck again and got the dump.dat file which is attached. I also dl a knew copy of combofix and ran it and have attached the log below.
Thankyou for your continued efforts.

ComboFix 10-09-23.01 - Me 09/24/2010 14:31:02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3581.3274 [GMT -4:00]
Running from: c:\documents and settings\Me\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Me\Application Data\Liat
c:\documents and settings\Me\Application Data\Liat\kyxa.exe
c:\documents and settings\Me\Application Data\Yldeto
c:\documents and settings\Me\Application Data\Yldeto\feodt.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-24 11:35 . 2010-09-24 11:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-09-24 11:09 . 2010-09-24 11:09 -------- d-----w- C:\_OTS
2010-09-23 12:28 . 2010-09-23 12:28 -------- d-----w- c:\program files\ESET
2010-09-23 11:43 . 2010-09-23 11:43 -------- d-----w- c:\documents and settings\Me\Application Data\Malwarebytes
2010-09-23 11:43 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:43 . 2010-09-23 11:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:43 . 2010-09-23 11:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-23 11:43 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-21 05:27 . 2010-09-21 05:27 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-21 05:24 . 2010-09-21 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-21 05:24 . 2010-09-21 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS(2)
2010-09-21 04:41 . 2010-09-21 04:41 -------- d-----w- c:\documents and settings\program files for Edrive\uTorrent
2010-09-20 07:32 . 2010-09-21 04:41 -------- d-----w- c:\documents and settings\LocalService\Application Data\Adobe(3)
2010-09-20 04:45 . 2010-09-21 04:41 -------- d-----w- c:\program files\ERUNT
2010-09-20 04:25 . 2010-09-21 04:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(5)
2010-09-19 05:55 . 2010-09-21 05:06 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(4)
2010-09-18 23:41 . 2010-09-18 23:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-09-18 12:47 . 2010-09-21 05:18 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(3)
2010-09-17 20:07 . 2010-09-21 05:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Adobe(2)
2010-09-17 19:55 . 2010-09-21 05:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Adobe(2)
2010-09-17 19:41 . 2010-09-17 19:41 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-09-15 15:24 . 2010-09-15 15:24 -------- d-----w- c:\program files\InterActual

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 15:12 . 2007-10-10 05:15 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:58 . 2010-05-22 06:55 -------- d-----w- c:\documents and settings\Me\Application Data\Veihxy
2010-09-24 12:27 . 2008-10-12 13:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-24 12:07 . 2007-08-04 16:10 -------- d-----w- c:\documents and settings\Me\Application Data\OpenOffice.org2
2010-09-24 00:35 . 2009-04-04 09:20 -------- d-----w- c:\documents and settings\Me\Application Data\Enme
2010-09-21 05:12 . 2007-08-04 08:36 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-20 04:06 . 2010-07-03 14:42 -------- d-----w- c:\program files\Viva Media
2010-08-17 13:17 . 2004-08-04 05:56 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-08-04 05:56 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-17 11:31 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-10 19:12 . 2010-01-09 13:59 251705 ----a-w- c:\documents and settings\Me\Application Data\Sony Online Entertainment\npsoeact.dll
2010-06-30 12:31 . 2004-08-04 05:56 149504 ----a-w- c:\windows\system32\schannel.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"nwiz"="nwiz.exe" [2007-12-05 1626112]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-02 149280]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-06-06 64256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
ytvey.exe [2010-9-24 122880]

c:\documents and settings\Me\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2008-1-6 63696]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-1-26 54776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\_aunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/23/2009 9:55 AM 135664]
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-12 19:17]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 13:55]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 13:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-{6C220F91-2C00-A847-7085-732D128E0947} - c:\documents and settings\Me\Application Data\Yldeto\feodt.exe
HKCU-Run-{B617D663-422E-B04E-9E1F-BBE0E33F4DE0} - c:\documents and settings\Me\Application Data\Liat\kyxa.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Me\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 14:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AE6CC76]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8
\Driver\atapi -> atapi.sys @ 0xf74a0852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805e710a
ParseProcedure -> ntoskrnl.exe @ 0x80578f7a
NDIS: Broadcom NetXtreme Gigabit Ethernet for hp -> SendCompleteHandler -> NDIS.sys @ 0xf7426bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7433a21
SendHandler -> NDIS.sys @ 0xf741187b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1202660629-220523388-1801674531-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(460)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-24 14:44:41
ComboFix-quarantined-files.txt 2010-09-24 18:44
ComboFix2.txt 2010-09-23 01:07

Pre-Run: 11,421,814,784 bytes free
Post-Run: 11,493,990,400 bytes free

- - End Of File - - 3E705678F4EF3C530DA6CAD7F5D57266

**ken545** · 2010-09-24, 22:19

Thanks, it may take me a bit to get the results of that dump. They will need the make and model of your computer because some vendors create there own MBR and MBR Check may be thinking its bad, so post it in your next reply

Download TDSSKiller and save it to your Desktop.
http://support.kaspersky.com/downloa...tdsskiller.zip

Extract the file and run it.
Once completed it will create a log in your C:\ drive
Please post the contents of that log

**mavson** · 2010-09-24, 22:36

ok the make and model # of my computer is :

hp compaq d530 cmt
d530c/ p2 6c/ 40c/512f/4 us

I don't know if that is what you needed or not, not sure if that is the make and model # that you were looking for. Posted below is the log:

2010/09/24 16:26:14.0734 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44
2010/09/24 16:26:14.0734 ================================================================================
2010/09/24 16:26:14.0734 SystemInfo:
2010/09/24 16:26:14.0734
2010/09/24 16:26:14.0734 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/24 16:26:14.0734 Product type: Workstation
2010/09/24 16:26:14.0734 ComputerName: HP1
2010/09/24 16:26:14.0734 UserName: Me
2010/09/24 16:26:14.0734 Windows directory: C:\WINDOWS
2010/09/24 16:26:14.0734 System windows directory: C:\WINDOWS
2010/09/24 16:26:14.0734 Processor architecture: Intel x86
2010/09/24 16:26:14.0734 Number of processors: 1
2010/09/24 16:26:14.0734 Page size: 0x1000
2010/09/24 16:26:14.0734 Boot type: Normal boot
2010/09/24 16:26:14.0734 ================================================================================
2010/09/24 16:26:14.0921 Initialize success
2010/09/24 16:26:19.0671 ================================================================================
2010/09/24 16:26:19.0671 Scan started
2010/09/24 16:26:19.0671 Mode: Manual;
2010/09/24 16:26:19.0671 ================================================================================
2010/09/24 16:26:21.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/24 16:26:21.0968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/24 16:26:22.0093 aeaudio (e696e749bedcda8b23757b8b5ea93780) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/09/24 16:26:22.0187 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/24 16:26:22.0265 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2010/09/24 16:26:22.0343 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/24 16:26:22.0437 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/09/24 16:26:22.0890 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/24 16:26:22.0968 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/24 16:26:23.0109 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/24 16:26:23.0234 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/24 16:26:23.0328 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/09/24 16:26:23.0406 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/24 16:26:23.0500 Blfp (690308631d4f78679272dff58734f968) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
2010/09/24 16:26:23.0562 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2010/09/24 16:26:23.0796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/24 16:26:23.0921 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/24 16:26:24.0015 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/24 16:26:24.0093 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/24 16:26:24.0375 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/24 16:26:24.0500 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/24 16:26:24.0640 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/24 16:26:24.0750 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/24 16:26:24.0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/24 16:26:24.0937 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/24 16:26:25.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/24 16:26:25.0109 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/24 16:26:25.0218 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/24 16:26:25.0281 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/24 16:26:25.0421 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/24 16:26:25.0515 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/24 16:26:25.0656 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/24 16:26:25.0750 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/24 16:26:25.0828 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/09/24 16:26:25.0984 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/24 16:26:26.0203 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/24 16:26:26.0312 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/24 16:26:26.0437 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/09/24 16:26:26.0703 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/24 16:26:26.0984 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/24 16:26:27.0062 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/24 16:26:27.0156 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/24 16:26:27.0203 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/24 16:26:27.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/24 16:26:27.0421 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/24 16:26:27.0515 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/24 16:26:27.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/24 16:26:27.0671 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/09/24 16:26:27.0781 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/24 16:26:27.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/24 16:26:28.0078 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/24 16:26:28.0171 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/24 16:26:28.0250 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/24 16:26:28.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/09/24 16:26:28.0421 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/24 16:26:28.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/24 16:26:28.0703 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/24 16:26:28.0828 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/24 16:26:28.0906 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/24 16:26:29.0000 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/24 16:26:29.0093 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/24 16:26:29.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/24 16:26:29.0281 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/24 16:26:29.0406 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/24 16:26:29.0515 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/24 16:26:29.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/24 16:26:29.0656 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/24 16:26:29.0765 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/24 16:26:29.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/24 16:26:29.0968 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/24 16:26:30.0109 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/24 16:26:30.0234 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/24 16:26:30.0312 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/24 16:26:30.0593 nv (8c0456001b6900114bbb1c548bd8aaf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/24 16:26:30.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/24 16:26:30.0953 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/24 16:26:31.0031 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/24 16:26:31.0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/24 16:26:31.0250 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/24 16:26:31.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/24 16:26:31.0453 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/24 16:26:31.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/24 16:26:31.0968 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/24 16:26:32.0046 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/24 16:26:32.0156 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/24 16:26:32.0250 PxHelp20 (81088114178112618b1c414a65e50f7c) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/09/24 16:26:32.0562 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/24 16:26:32.0656 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/24 16:26:32.0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/24 16:26:32.0890 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/24 16:26:32.0984 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/24 16:26:33.0078 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/24 16:26:33.0171 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/24 16:26:33.0250 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/24 16:26:33.0359 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/24 16:26:33.0515 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/24 16:26:33.0593 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/24 16:26:33.0703 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/24 16:26:33.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/24 16:26:34.0031 smwdm (fa3368a7039f5abaa4b933703ac34763) C:\WINDOWS\system32\drivers\smwdm.sys
2010/09/24 16:26:34.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/24 16:26:34.0296 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/24 16:26:34.0390 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/24 16:26:34.0500 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/24 16:26:34.0546 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/24 16:26:34.0765 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/24 16:26:34.0953 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/24 16:26:35.0062 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/24 16:26:35.0125 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/24 16:26:35.0218 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/24 16:26:35.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/24 16:26:35.0546 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/24 16:26:35.0671 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/09/24 16:26:35.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/24 16:26:35.0812 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/24 16:26:35.0890 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/24 16:26:35.0953 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/24 16:26:36.0046 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/24 16:26:36.0125 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/24 16:26:36.0187 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/24 16:26:36.0343 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/24 16:26:36.0453 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/24 16:26:36.0562 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/09/24 16:26:36.0703 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/24 16:26:36.0890 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/09/24 16:26:37.0000 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/09/24 16:26:37.0093 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/09/24 16:26:37.0203 \HardDisk1\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/09/24 16:26:37.0203 ================================================================================
2010/09/24 16:26:37.0203 Scan finished
2010/09/24 16:26:37.0203 ================================================================================
2010/09/24 16:26:37.0218 Detected object count: 1
2010/09/24 16:26:59.0203 \HardDisk1\MBR - will be cured after reboot
2010/09/24 16:26:59.0203 Rootkit.Win32.TDSS.tdl4(\HardDisk1\MBR) - User select action: Cure
2010/09/24 16:27:06.0531 Deinitialize success

**ken545** · 2010-09-25, 13:07

Good Morning,

Sorry for the late reply, was away last night and didn't get back until late.

Looks like your MBR was infected and TDSSkiller fixed it. Make sure you have rebooted your computer since TDSSkiller was run and let me know how things are now

**mavson** · 2010-09-25, 13:24

No problem I thank you for your time. I have rebooted my computer and everything seems to run ok, but I do still get some pop up ads that open every now and then in another window still. I don't know if I should download the anti spy programs listed in the forums if that would help. Computer has locked up during reboot a few times don't know if that means anything. Anyway thanks again.

**ken545** · 2010-09-25, 14:06

Lets try this program and see what it finds

Please download SuperAntiSpyware Free
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

Thread: can't get rid of win32.fraudload.edt

Thread Tools

Display

Posting Permissions