Results 1 to 5 of 5

Thread: Help!!! virus/rootkit infection pn XP

  1. #1
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default Help!!! virus/rootkit infection pn XP

    Sorry if this is concise, I just spent an hour & a half writing a detailed description of my problem in detail, tried to submit, loaded attachments, and then POOF!!! Nothing. I lost all of it to cyberworld. I'm at my wits end, help ... please! I'm running windows xp sp 3 fully updated, 2 gb ram dual core, enclosed are attachments. Any and all help is appreciated, thank you.


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
    Run by Valued Customer at 3:05:09 on 2012-01-24
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1976.1485 [GMT -5:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\System32\svchost.exe -k Cognizance
    c:\Program Files\Fingerprint Sensor\AtService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
    svchost.exe
    C:\Program Files\Sandboxie\SbieSvc.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\igfxpers.exe
    svchost.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    c:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\LSI SoftModem\agrsmsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\Pogo Games\PGMTrusted.exe
    C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    F:\Installed Apps\Portable Apps In Use\Everything-1.2.1.371\Everything-1.2.1.371.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\documents and settings\valued customer\application data\flashgetbho\FlashGetBHO.dll
    BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\flashget3.exe" -minimize
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Download all links by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgetallurl.htm
    IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
    IE: Download by FlashGet3 - c:\program files\flashget network\flashget 3\bho\fdgeturl.htm
    IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
    IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
    IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\windows\system32\XDogcat.dll
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/The%20Secret%20of%20Margrave%20Manor/Images/stg_drm.ocx
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Amanda%20Rose%20-%20The%20Game%20of%20Time/Images/armhelper.ocx
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 64.71.255.198
    TCP: Interfaces\{3827C1F9-EE04-4867-B31F-6C5A08B8B8CC} : DhcpNameServer = 64.71.255.198
    AppInit_DLLs: APSHook.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Notification Packages = scecli ASWLNPkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\valued customer\application data\mozilla\firefox\profiles\qcnbj9n0.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2012-1-24 28552]
    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-10-1 109216]
    R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-10-1 51408]
    R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-10-1 12960]
    R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-3-28 24064]
    R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2011-12-24 752128]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-10-1 12528]
    R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-11-27 185896]
    R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2011-12-24 3246040]
    R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-4-14 14336]
    R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-4-14 14336]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-10-3 1185016]
    R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-10-1 256544]
    R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2011-12-19 519888]
    R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-22 29992]
    R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2011-12-24 167968]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2011-6-18 482176]
    R3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\drivers\vrtaucbl.sys [2011-9-26 50728]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
    R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2011-3-24 126696]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-6-18 193840]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-9-24 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-9-24 8456]
    S3 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-10-7 45056]
    S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
    S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2009-8-22 42280]
    S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2011-4-18 26368]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-01-24 06:16:28 98992 ----a-w- c:\windows\system32\drivers\34970773.sys
    2012-01-24 06:15:45 98992 ----a-w- c:\windows\system32\drivers\60218847.sys
    2012-01-24 05:20:41 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2012-01-24 05:20:17 -------- d-----w- c:\program files\Panda Security
    2012-01-23 13:08:14 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2012-01-23 13:08:11 -------- d-----w- c:\program files\Prevx
    2012-01-23 13:08:02 -------- d-----w- c:\documents and settings\all users\application data\PrevxCSI
    2012-01-22 19:35:58 -------- d-----w- c:\program files\Game Mill Entertainment
    2012-01-22 05:15:04 -------- d-----w- c:\windows\system32\NtmsData
    2012-01-21 20:42:25 -------- d-----w- c:\program files\Unlocker
    2012-01-21 17:47:27 77312 ----a-w- c:\windows\system32\VISCDUNA.DLL
    2012-01-21 17:47:26 78848 ----a-w- c:\windows\system32\VISCDRTL.DLL
    2012-01-21 17:47:26 517120 ----a-w- c:\windows\system32\VISCDUN7.DLL
    2012-01-21 17:47:26 4608 ----a-w- c:\windows\system32\W95INF32.DLL
    2012-01-21 17:47:26 2272 ----a-w- c:\windows\system32\W95INF16.DLL
    2012-01-21 17:47:26 152064 ----a-w- c:\windows\system32\VISCDUNR.DLL
    2012-01-21 17:47:26 -------- d-----w- c:\program files\Visual CD
    2012-01-19 04:51:10 -------- d-----w- c:\documents and settings\valued customer\application data\Wise Registry Cleaner
    2012-01-18 06:51:12 279040 ----a-w- c:\windows\system32\XDogcat.dll
    2012-01-18 06:42:11 -------- d-----w- c:\documents and settings\valued customer\local settings\application data\spek
    2012-01-18 04:13:53 -------- d-----w- C:\Downloads
    2012-01-17 10:49:43 -------- d-----w- c:\program files\CCleaner
    2012-01-17 07:47:59 -------- d-----w- c:\program files\Daum
    2012-01-17 07:21:07 -------- d-----w- c:\documents and settings\valued customer\application data\Free Download Manager
    2012-01-17 07:21:00 -------- d-----w- c:\program files\Free Download Manager
    2012-01-17 06:52:51 -------- d-----w- c:\program files\GRETECH
    2012-01-17 04:21:14 -------- d-----w- c:\documents and settings\valued customer\application data\Malwarebytes
    2012-01-17 04:21:02 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-17 04:21:01 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-17 04:21:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-16 02:09:22 -------- d-----w- c:\program files\Research In Motion Limited
    2012-01-16 00:48:39 256 ----a-w- c:\windows\system32\pool.bin
    2012-01-16 00:48:33 -------- d-----w- c:\documents and settings\valued customer\application data\Research In Motion
    2012-01-16 00:39:24 -------- d-----w- c:\program files\common files\Sonic Shared
    2012-01-16 00:39:23 -------- d-----w- c:\program files\Roxio
    2012-01-16 00:35:26 26496 ----a-r- c:\windows\system32\drivers\RimSerial.sys
    2012-01-16 00:34:17 -------- d-----w- c:\program files\common files\Research In Motion
    2012-01-16 00:34:10 -------- d-----w- c:\program files\Research In Motion
    2012-01-15 06:40:53 -------- d-----w- c:\documents and settings\valued customer\application data\FlashgetSetup
    2012-01-15 06:40:44 -------- d-----w- c:\documents and settings\valued customer\application data\FlashGetBHO
    2012-01-15 06:40:40 -------- d-----w- c:\program files\FlashGet Network
    2012-01-15 06:40:40 -------- d-----w- c:\documents and settings\valued customer\application data\FlashGet
    2012-01-14 22:56:01 -------- d-----w- c:\program files\eSupport.com
    2012-01-14 22:49:26 -------- d-----w- c:\program files\SoftLogica
    2012-01-08 01:33:54 -------- d-----w- c:\program files\Sandboxie
    2012-01-06 22:51:53 -------- d-----w- c:\program files\Windows Media Connect 2
    2012-01-06 22:50:17 -------- d-----w- c:\windows\system32\LogFiles
    2012-01-04 14:30:44 -------- d-----w- c:\program files\PowerDataRecovery
    2012-01-02 06:04:54 -------- d-----r- C:\Sandbox
    2011-12-29 02:31:07 -------- d--h--w- c:\documents and settings\all users\application data\PogoDGC
    2011-12-29 02:30:38 -------- d-----w- c:\program files\Pogo Games
    .
    ==================== Find3M ====================
    .
    2012-01-15 09:27:25 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-12-24 21:54:15 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
    2011-12-24 21:54:07 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
    2011-12-24 21:54:05 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
    2011-12-24 21:53:57 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
    2011-12-10 01:27:41 272 ----a-w- c:\windows\system32\msvcsv60.dll
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    2011-11-10 10:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-10 08:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
    2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2005-04-01 02:17:42 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 3:05:19.48 ===============
    Attached Files Attached Files
    Last edited by ken545; 2012-01-26 at 01:59. Reason: Added DDS log

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Stamford, CT
    Posts
    14,197

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

    Please just copy and paste the reports we ask for in lew of attaching them, its easier for us to analyse


    Just give me a brief description of what your experiencing


    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Jan 2012
    Posts
    2

    Default Thanks for responding ... here's the scan logs

    Hi, first a brief description of problem and stuff already done prior to posting my first question. I got a message after visiting a site that my HD & Ram memory were failing, I eaasily found the culprit and removed it (2 randomly named exe's located in apps/data folder). I then noticed I couldn't safely remove usb drives/sticks and msconfig said I needed admin rights to change services (only 1 user on this comp). Starting getting redirected to bad sites thru ie and firefox, and then couldn't run tools such as malwarebytes and prevx. Avast still worked, though in blocking mal sites it always seemed to reference Xdogcat.dll, this seemed an odd named file. I finally loaded rkill which allowed me to run Kasperskys TDSSKill which found an infected mbr, which I allowed it to fix. Things SEEM, ok now, but I'm sort of wary, moreso because I lost use of avast (I havent reinstalled yet because I had created my initial scan log, and tried to keep with the READ BEFORE info). BTW, I;m sorry about the attachments rather than pasting into post, I must have missed that part, sorry. Anyways, thats where I'm at now, so here's the scan you requested. Almost forgot, I'm running a dual boot 2 xp pro, if that matters (the second is used only to help fix problems such as this when the need arises). Thank you in advance for any and all help, it's very much appreciated.


    Scan log-

    aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-26 03:01:02
    -----------------------------
    03:01:02.890 OS Version: Windows 5.1.2600 Service Pack 3
    03:01:02.890 Number of processors: 2 586 0x170A
    03:01:02.890 ComputerName: FRED UserName:
    03:01:03.546 Initialize success
    03:12:32.921 AVAST engine defs: 12012600
    03:12:46.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    03:12:46.187 Disk 0 Vendor: TOSHIBA_MK8034GSX AH303B Size: 76319MB BusType: 3
    03:12:46.203 Disk 0 MBR read successfully
    03:12:46.203 Disk 0 MBR scan
    03:12:46.234 Disk 0 Windows XP default MBR code
    03:12:46.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20481 MB offset 63
    03:12:46.250 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 6149 MB offset 41945715
    03:12:46.265 Disk 0 Partition - 00 0F Extended LBA 49685 MB offset 54540682
    03:12:46.265 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14331 MB offset 54540745
    03:12:46.265 Disk 0 Partition - 00 05 Extended 35353 MB offset 83891430
    03:12:46.296 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 35353 MB offset 83891493
    03:12:46.296 Disk 0 scanning sectors +156296385
    03:12:46.343 Disk 0 scanning C:\WINDOWS\system32\drivers
    03:12:58.015 Service scanning
    03:12:59.250 Service SafeBoot C:\WINDOWS\System32\Drivers\SafeBoot.sys **LOCKED** 32
    03:12:59.296 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
    03:12:59.859 Modules scanning
    03:13:13.046 Disk 0 trace - called modules:
    03:13:13.046 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ACPI.sys atapi.sys sptd.sys pciide.sys PCIIDEX.SYS
    03:13:13.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6df030]
    03:13:13.062 3 CLASSPNP.SYS[ba118fd7] -> nt!IofCallDriver -> [0x8a6e0c58]
    03:13:13.062 5 hpdskflt.sys[ba3395ae] -> nt!IofCallDriver -> \Device\0000008a[0x8a7801f8]
    03:13:13.062 7 ACPI.sys[b9e57620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a6a9940]
    03:13:13.781 AVAST engine scan C:\WINDOWS
    03:13:17.921 AVAST engine scan C:\WINDOWS\system32
    03:15:42.703 AVAST engine scan C:\WINDOWS\system32\drivers
    03:15:56.031 AVAST engine scan C:\Documents and Settings\Valued Customer
    03:17:07.562 AVAST engine scan C:\Documents and Settings\All Users
    03:18:36.578 Scan finished successfully
    03:33:57.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\MBR.dat"
    03:33:57.593 The log file has been saved successfully to "C:\Documents and Settings\Valued Customer\Desktop\aswMBR.txt"

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Stamford, CT
    Posts
    14,197

    Default

    Good Morning,

    Can you post the log from TDSSKiller so I can see what it removed

    Download MBRCheck.exe to your desktop.
    • Be sure to disable your security programs
    • Double click on the file to run it
    • A window will open on your desktop
    • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
    • Please post the contents of that file.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Stamford, CT
    Posts
    14,197

    Default

    Due to inactivity, this thread will now be closed.

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •