Results 1 to 2 of 2

Thread: Malware Doctor and ppw.exe infection - need help

  1. #1
    Junior Member
    Join Date
    Jun 2011
    Posts
    2

    Default Malware Doctor and ppw.exe infection - need help

    Hi,

    I tried to clean my system, but no luck on my own.
    My system keeps crashing and showing blue screen, then restarts. I installed a couple programs trying to remove what i've found so far.
    In the task manager i found a process called ppw.exe, which apperently is a known malware and malwarebytes keeps blocking a svchost.exe from connecting to a malicous website.

    I can only work in safe mode so that the system doesn't crash.

    Thank you for looking into it. I appreciate it very much.

    ---------------------------------------------------------------------

    .
    DDS (Ver_2011-06-12.02) - NTFSx86 NETWORK
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Run by Yardie at 15:31:28 on 2011-06-14
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.41.1033.18.2047.1374 [GMT 2:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\microsoft office\office14\GROOVEEX.DLL
    BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\microsoft office\office14\URLREDIR.DLL
    BHO: {C08780C6-E564-1B5E-39D0-42076AF8FE04} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [cdloader] "c:\users\yardie\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [<NO NAME>]
    mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
    dRun: [KB35852.exe] "c:\windows\system32\config\systemprofile\appdata\roaming\KB35852.exe"
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_ActiveX.exe -update activex
    StartupFolder: c:\users\yardie\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunt autobackup.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\yardie\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicdisc.lnk - c:\program files\magicdisc\MagicDisc.exe
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    IE: An vorhandene PDF-Datei anfügen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~2\microsoft office\office14\EXCEL.EXE/3000
    IE: In Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Linkziel in Adobe PDF konvertieren - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Se&nd to OneNote - c:\progra~2\microsoft office\office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{6FA6B0D0-3A42-4F7A-ABE7-98BCF34595BC} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs: acaptuser32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\microsoft office\office14\GROOVEEX.DLL
    SecurityProviders: credssp.dll, mppkkxhu.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\yardie\appdata\roaming\mozilla\firefox\profiles\jdddq7jj.default\
    FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
    FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
    FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
    FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
    FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
    FF - plugin: c:\progra~2\microsoft office\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~2\microsoft office\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\users\yardie\appdata\roaming\mozilla\firefox\profiles\jdddq7jj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-10 218688]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-14 311296]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
    S2 AMService;AMService;c:\windows\temp\bijc\setup.exe run --> c:\windows\temp\bijc\setup.exe run [?]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-6-13 136360]
    S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-6-13 269480]
    S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-6-13 61960]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-14 366640]
    S2 MSSQL$GREENSQL2005;SQL Server (GREENSQL2005);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-15 2218600]
    S2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\spybot - search & destroy 2\SDFWSvc.exe [2011-6-14 3585696]
    S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\spybot - search & destroy 2\SDMonSvc.exe [2011-6-14 3834456]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2011-6-14 3515656]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2011-6-14 3769048]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2011-6-14 167040]
    S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-4-7 378472]
    S2 xircfphf;CD-ROM Monitor;c:\windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2010-3-6 36608]
    S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-19 136176]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
    S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-14 22712]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-14 39984]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 USR_Find_Handle;USR_Find_Handle;c:\program files\lockhunter\USRFindHandle32.sys [2011-2-5 12824]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-23 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-06-14 11:24:13 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-06-14 11:23:09 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2011-06-14 11:22:55 770384 ----a-w- c:\windows\system32\msvcr100.dll
    2011-06-14 11:22:55 421200 ----a-w- c:\windows\system32\msvcp100.dll
    2011-06-14 11:22:54 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2011-06-14 10:23:15 -------- d-----w- c:\users\yardie\appdata\roaming\Malwarebytes
    2011-06-14 10:23:00 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-14 10:23:00 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-14 10:22:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-14 10:22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-13 23:31:27 279 ----a-w- c:\programdata\bdinstall.bin
    2011-06-13 23:28:18 -------- d-----w- c:\users\yardie\appdata\roaming\QuickScan
    2011-06-13 21:06:34 -------- d-----w- c:\users\yardie\appdata\roaming\Avira
    2011-06-13 21:04:25 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-13 21:04:24 -------- d-----w- c:\programdata\Avira
    2011-06-13 21:04:24 -------- d-----w- c:\program files\Avira
    2011-06-13 19:53:09 -------- d-----w- c:\programdata\Norton
    2011-06-13 19:53:02 -------- d-----w- c:\programdata\NortonInstaller
    2011-06-13 19:11:16 -------- d-----w- c:\users\yardie\appdata\roaming\Tific
    2011-06-13 19:11:15 -------- d-----w- c:\users\yardie\appdata\local\Symantec
    2011-06-13 18:17:02 -------- d-----w- c:\program files\uTorrent
    2011-06-13 18:16:37 -------- d-----w- c:\users\yardie\appdata\roaming\uTorrent
    2011-06-13 18:08:14 -------- d-----w- c:\program files\MSECache
    2011-06-13 18:01:30 -------- d-----w- c:\windows\AutoKMS
    2011-06-13 17:54:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2011-06-13 17:53:28 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-06-13 12:38:59 123904 ----a-w- c:\windows\system32\poqexec.exe
    2011-06-12 11:52:02 -------- d-----w- c:\users\yardie\appdata\roaming\Auslogics
    2011-06-12 11:51:58 -------- d-----w- c:\program files\Auslogics
    2011-06-11 19:59:10 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2011-06-11 19:58:37 112056 ----a-w- c:\windows\system32\acaptuser32.dll
    2011-06-11 19:43:34 -------- d-----w- c:\programdata\PMS
    2011-06-01 16:18:26 -------- d-----w- c:\programdata\NokiaAccount
    2011-06-01 16:15:54 -------- d-----w- c:\program files\PC Connectivity Solution
    2011-05-27 17:42:51 -------- d-----w- c:\program files\iTunes
    2011-05-27 17:42:51 -------- d-----w- c:\program files\iPod
    2011-05-27 17:39:50 -------- d-----w- c:\program files\Bonjour
    2011-05-20 19:47:21 0 ----a-w- c:\windows\system32\tmp.tmp
    .
    ==================== Find3M ====================
    .
    2011-05-15 11:31:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-10 11:57:37 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-05-10 11:52:07 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-04-26 10:06:55 2667520 ----a-w- c:\windows\explorer.exe
    2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-04-07 20:45:08 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
    2011-04-07 20:45:06 612456 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-04-07 20:45:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
    2011-04-07 20:44:58 3701352 ----a-w- c:\windows\system32\nvcpl.dll
    2011-04-07 20:44:48 2565224 ----a-w- c:\windows\system32\nvsvc.dll
    2011-04-06 14:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2011-04-06 14:20:16 75040 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-04-06 14:20:16 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2011-04-06 14:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2011-03-27 12:25:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2003-11-03 15:07:06 499712 ----a-w- c:\program files\msvcp71.dll
    2003-11-03 15:07:06 348160 ----a-w- c:\program files\msvcr71.dll
    2003-05-30 07:22:06 344064 ----a-r- c:\program files\msvcr70.dll
    2002-01-05 01:40:18 487424 ----a-w- c:\program files\msvcp70.dll
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: WDC_WD5000AAKS-00TMA0 rev.12.01C01 -> Harddisk0\DR0 -> \Device\Ide\IdePort3 P3T0L0-6
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x850A5439]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x850ab7d0]; MOV EAX, [0x850ab84c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 ntkrnlpa!IofCallDriver[0x82279428] -> \Device\Harddisk0\DR0[0x8507E690]
    3 CLASSPNP[0x88B8559E] -> ntkrnlpa!IofCallDriver[0x82279428] -> [0x84F9D8A0]
    5 ACPI[0x883993B2] -> ntkrnlpa!IofCallDriver[0x82279428] -> \IdeDeviceP3T0L0-6[0x84F79908]
    \Driver\atapi[0x85091F38] -> IRP_MJ_CREATE -> 0x850A5439
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x147; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP3T0L0-6 -> \??\IDE#DiskWDC_WD5000AAKS-00TMA0___________________12.01C01#5&5c4ddef&0&1.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 976773166 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 15:32:13.63 ===============

  2. #2
    Junior Member
    Join Date
    Jun 2011
    Posts
    2

    Default I think I solved it

    Hi again,

    I think i solved the problem.

    Actually the last line in the log gave me an idea. It said there was something wrong with the rootkit, so i googled and found kaspersky tdsskiller which then worked like a charm and removed the file hiding in a rootkit. Since then the system works stable again. I am now just running full scans with my antivirus and malwarebytes and superantispyware to finish up.

    Thank you anyways, because if i hadn't posted the log i wouldn't have found that info.

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •