20 something viruses on my computer! cant post dds log

**Edgecrusher** · 2011-07-05, 22:07

hi, i cant post a dds log as it has been infected. i have 20 something viruses on my computer, really severe bad viruses. i dont know what to do to get rid of these viruses. please help!

Edit
Previous topic,
http://forums.spybot.info/showthread.php?t=62716

hi, spybot has detected double click, my automatic update has been disabled, cant enable it and avira antivirus has detected the three following viruses,

is the TR/Winwebsec.AE Trojan
contains recognition pattern of the JAVA/Exdoer.DK.
is the TR/Dropper.Gen Trojan

here is my DDS Log

.DDS (Ver_11-03-05.01) - NTFSx86
Run by philip at 15:08:08.57 on Sun 07/10/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.158 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\philip.PHILIP-5D444590\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\documents and settings\all users\desktop\INETREPL.DLL
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\documents and settings\all users\desktop\INETREPL.DLL
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280921982390
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\documents and settings\all users\desktop\AATP.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\documents and settings\all users\desktop\CENETFLT.DLL
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\documents and settings\all users\desktop\CENETFLT.DLL
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\documents and settings\all users\desktop\CENETFLT.DLL
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\documents and settings\all users\desktop\CENETFLT.DLL
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\documents and settings\all users\desktop\CENETFLT.DLL
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\documents and settings\all users\desktop\CENETFLT.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\philip~1.phi\applic~1\mozilla\firefox\profiles\qtmy4q9x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://yeppo.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\documents and settings\philip.philip-5d444590\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Mega Manager Integration: {40a1f5d7-afc2-498f-b264-02668d616ff6} - %profile%\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter:

- c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {440EC676-89B1-4059-9BFD-CEA1AD987EE4} - c:\documents and settings\philip.philip-5d444590\local settings\application data\{440EC676-89B1-4059-9BFD-CEA1AD987EE4}
FF - Ext: IDM CC:

- c:\documents and settings\philip.philip-5d444590\application data\idm\idmmzcc3
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-31 11608]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\all users.windows\application data\trusteer\rapport\store\exts\rapportcerberus\26762\RapportCerberus_26762.sys [2011-6-13 57144]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-31 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-31 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-26 66616]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-26 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2010-6-10 88176]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
.
=============== Created Last 30 ================
.
2011-07-05 17:36:33 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Ydsid
2011-07-05 17:36:33 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Ahut
2011-07-05 17:25:03 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Ogbev
2011-07-05 17:25:03 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Myewke
2011-07-05 17:24:57 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Seiput
2011-07-05 17:24:57 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Riizq
2011-07-05 14:07:47 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Ulapy
2011-07-05 14:07:47 -------- d-----w- c:\docume~1\philip~1.phi\applic~1\Icyxso
2011-07-05 12:02:52 0 ----a-w- c:\windows\Nwayecoxewugon.bin
2011-07-05 12:02:28 -------- d-----w- c:\docume~1\philip~1.phi\locals~1\applic~1\{440EC676-89B1-4059-9BFD-CEA1AD987EE4}
2011-06-25 09:29:20 -------- d-sh--w- C:\found.000
2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2011-05-19 06:34:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_SP0802N rev.TK100-24 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x853514D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x853577d0]; MOV EAX, [0x8535784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x85381AB8]
3 CLASSPNP[0xF75D0FD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\0000005b[0x853E3258]
5 ACPI[0xF7447620] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x853EAD98]
\Driver\atapi[0x852DB838] -> IRP_MJ_CREATE -> 0x853514D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8535131B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:09:42.96 ===============

**shelf life** · 2011-07-12, 22:48

hi Edgecrusher

Based on the log you have a rootkit present:

You have a rootkit on your machine. They hide malicious files and components from traditional antivirus/antimalware software. Rootkits bury themselves deep in the operating system. Special software is needed to detect and remove them. Even if symptoms are gone and logs are clean its still not a 100% guarantee that your machine is clean once a rootkit has been detected and removed. You should consider a complete reformat/reinstall of Windows as an option.

The best source for information on how to do this would be the computer manufacturers website.

Your post is several days old. If you still need help, simply reply back.

**Edgecrusher** · 2011-07-12, 23:48

hi, i still need help.

**shelf life** · 2011-07-13, 02:51

See if you can download and run TDSSKiller;

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. Vista and Windows 7 right click and "run as admin.." After it initializes click the start scan button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

A report can also be found in your Root drive Local Disk (C) as TDSSKiller.2.4.12.0_02.01.2011_17.32.21_log.txt (name, version, date, time, log.txt)
Please post the log report

If for some reason you cant run it normally you can boot into safe mode to run it. To reach safe mode you would tape the f8 key during a computer restart, chose the first option from the list: safe mode. Once at the safe mode desk top run tdsskiller.

**Edgecrusher** · 2011-07-13, 16:15

when it asked me to reboot, i clicked on the reboot button and it was restarting, the computer screen just showed the windows background, so i waited for a few minutes for it to reboot and it just froze, but i was still able to move my mouse cursor around, so i had to restart by pressing the power button.

here's the TDSSKiller Log

2011/07/13 14:58:31.0890 3528 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/13 14:58:31.0937 3528 ================================================================================
2011/07/13 14:58:31.0937 3528 SystemInfo:
2011/07/13 14:58:31.0937 3528
2011/07/13 14:58:31.0937 3528 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/13 14:58:31.0937 3528 Product type: Workstation
2011/07/13 14:58:31.0937 3528 ComputerName: PHILIP
2011/07/13 14:58:31.0953 3528 UserName: philip
2011/07/13 14:58:31.0953 3528 Windows directory: C:\WINDOWS
2011/07/13 14:58:31.0953 3528 System windows directory: C:\WINDOWS
2011/07/13 14:58:31.0953 3528 Processor architecture: Intel x86
2011/07/13 14:58:31.0953 3528 Number of processors: 1
2011/07/13 14:58:31.0953 3528 Page size: 0x1000
2011/07/13 14:58:31.0953 3528 Boot type: Normal boot
2011/07/13 14:58:31.0953 3528 ================================================================================
2011/07/13 14:58:34.0531 3528 Initialize success
2011/07/13 14:59:54.0593 3928 ================================================================================
2011/07/13 14:59:54.0593 3928 Scan started
2011/07/13 14:59:54.0593 3928 Mode: Manual;
2011/07/13 14:59:54.0593 3928 ================================================================================
2011/07/13 14:59:57.0625 3928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/13 14:59:57.0812 3928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/13 14:59:58.0218 3928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/13 14:59:58.0515 3928 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/07/13 15:00:00.0515 3928 ALCXWDM (6d3077c3346de5b13835fb859c69a2ea) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/07/13 15:00:01.0890 3928 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/07/13 15:00:02.0437 3928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/13 15:00:02.0718 3928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/13 15:00:03.0234 3928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/13 15:00:03.0531 3928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/13 15:00:03.0812 3928 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/07/13 15:00:04.0406 3928 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/07/13 15:00:04.0859 3928 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/07/13 15:00:05.0187 3928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/13 15:00:05.0515 3928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/13 15:00:06.0437 3928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/13 15:00:06.0984 3928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/13 15:00:07.0703 3928 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/13 15:00:09.0812 3928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/13 15:00:10.0437 3928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/13 15:00:11.0578 3928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/13 15:00:12.0687 3928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/13 15:00:13.0218 3928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/13 15:00:14.0703 3928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/13 15:00:15.0609 3928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/13 15:00:16.0296 3928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/13 15:00:17.0343 3928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/13 15:00:17.0906 3928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/07/13 15:00:18.0703 3928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/13 15:00:19.0062 3928 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/07/13 15:00:19.0500 3928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/13 15:00:20.0078 3928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/13 15:00:20.0875 3928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/13 15:00:21.0453 3928 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/13 15:00:22.0562 3928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/13 15:00:23.0843 3928 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/13 15:00:24.0781 3928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/13 15:00:26.0906 3928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/13 15:00:27.0640 3928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/13 15:00:28.0671 3928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/13 15:00:29.0468 3928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/13 15:00:30.0437 3928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/13 15:00:30.0796 3928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/13 15:00:31.0031 3928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/13 15:00:31.0796 3928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/13 15:00:32.0546 3928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/13 15:00:33.0687 3928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/13 15:00:34.0843 3928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/13 15:00:35.0406 3928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/13 15:00:35.0859 3928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/13 15:00:36.0453 3928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/13 15:00:37.0015 3928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/13 15:00:38.0500 3928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/13 15:00:39.0515 3928 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/13 15:00:40.0218 3928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/13 15:00:40.0609 3928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/13 15:00:40.0984 3928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/13 15:00:41.0375 3928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/13 15:00:41.0750 3928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/13 15:00:42.0031 3928 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/13 15:00:42.0984 3928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/13 15:00:43.0984 3928 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/13 15:00:44.0593 3928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/13 15:00:44.0828 3928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/13 15:00:45.0312 3928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/13 15:00:45.0671 3928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/13 15:00:45.0937 3928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/13 15:00:46.0437 3928 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/07/13 15:00:46.0921 3928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/13 15:00:47.0703 3928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/13 15:00:49.0328 3928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/13 15:00:49.0937 3928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/13 15:00:50.0593 3928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/13 15:00:50.0875 3928 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/07/13 15:00:51.0406 3928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/13 15:00:51.0875 3928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/13 15:00:52.0562 3928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/13 15:00:53.0046 3928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/13 15:00:53.0796 3928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/13 15:00:54.0500 3928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/13 15:00:56.0359 3928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/13 15:00:56.0656 3928 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/13 15:00:56.0921 3928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/13 15:00:57.0625 3928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/13 15:01:01.0531 3928 RapportCerberus_26762 (7bf4f7e3ff7067b80b7d3d1e031bcb0e) C:\Documents and Settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys
2011/07/13 15:01:02.0875 3928 RapportEI (d299e4973da2dc9ded9066232e99e3d2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
2011/07/13 15:01:03.0609 3928 RapportKELL (b4fedb7c55968ebe2bb9b8d7612eb2d5) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/07/13 15:01:04.0093 3928 RapportPG (352cae4a3c3b6f6ccdaa246a0a6a61c6) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/07/13 15:01:05.0234 3928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/13 15:01:05.0921 3928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/13 15:01:06.0578 3928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/13 15:01:07.0812 3928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/13 15:01:08.0937 3928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/13 15:01:10.0500 3928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/13 15:01:11.0468 3928 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/13 15:01:12.0484 3928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/13 15:01:13.0343 3928 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/13 15:01:14.0015 3928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/13 15:01:15.0359 3928 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/13 15:01:15.0734 3928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/13 15:01:15.0906 3928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/13 15:01:16.0671 3928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/13 15:01:16.0875 3928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/13 15:01:17.0562 3928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/13 15:01:18.0546 3928 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/07/13 15:01:18.0984 3928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/13 15:01:19.0640 3928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/13 15:01:22.0203 3928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/13 15:01:22.0953 3928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/13 15:01:23.0656 3928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/13 15:01:24.0593 3928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/13 15:01:25.0265 3928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/13 15:01:25.0765 3928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/13 15:01:26.0781 3928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/13 15:01:28.0000 3928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/13 15:01:28.0750 3928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/13 15:01:29.0687 3928 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/13 15:01:30.0531 3928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/13 15:01:31.0203 3928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/13 15:01:31.0812 3928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/13 15:01:32.0921 3928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/13 15:01:33.0609 3928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/13 15:01:34.0750 3928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/13 15:01:34.0937 3928 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/07/13 15:01:34.0968 3928 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/07/13 15:01:34.0984 3928 Boot (0x1200) (c6651dceb8448590400f987fc524372f) \Device\Harddisk0\DR0\Partition0
2011/07/13 15:01:34.0984 3928 ================================================================================
2011/07/13 15:01:34.0984 3928 Scan finished
2011/07/13 15:01:34.0984 3928 ================================================================================
2011/07/13 15:01:35.0015 3840 Detected object count: 1
2011/07/13 15:01:35.0015 3840 Actual detected object count: 1
2011/07/13 15:02:07.0640 3840 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/07/13 15:02:07.0640 3840 \Device\Harddisk0\DR0 - ok
2011/07/13 15:02:07.0640 3840 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/07/13 15:03:12.0906 2936 Deinitialize success

**shelf life** · 2011-07-13, 22:22

ok. Run tdsskiller once more then you can download and run combofix. Combofix requires you read a guide first. Read through the guide then apply the directions on your own machine. Post the combofix log;

Guide to using Combofix

**Edgecrusher** · 2011-07-14, 00:00

my avira has just detected 2 malware in my boot sector

**Edgecrusher** · 2011-07-14, 00:45

here's the combofix log report

ComboFix 11-07-13.03 - philip 07/13/2011 23:25:35.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.615 [GMT 1:00]
Running from: c:\documents and settings\philip.PHILIP-5D444590\My Documents\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Phil\WINDOWS
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ahut
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ahut\teolt.eki
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Icyxso
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Icyxso\dyxa.exe
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Myewke
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Myewke\odqe.exe
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ogbev
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ogbev\ebin.pih
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Riizq
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Riizq\tizop.caq
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Seiput
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Seiput\wyli.exe
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ulapy
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ulapy\suaza.ond
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ydsid
c:\documents and settings\philip.PHILIP-5D444590\Application Data\Ydsid\eslu.exe
c:\windows\system32\_000110_.tmp.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-13 to 2011-07-13 )))))))))))))))))))))))))))))))
.
.
2011-07-07 22:55 . 2011-07-07 22:55 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData
2011-07-05 12:02 . 2011-07-05 23:30 0 ----a-w- c:\windows\Nwayecoxewugon.bin
2011-07-05 12:02 . 2011-07-05 12:02 -------- d-----w- c:\documents and settings\philip.PHILIP-5D444590\Local Settings\Application Data\{440EC676-89B1-4059-9BFD-CEA1AD987EE4}
2011-06-25 09:29 . 2011-06-25 09:29 -------- d-----w- C:\found.000
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 09:17 . 2010-07-26 19:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 09:17 . 2010-07-26 19:42 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-29 08:11 . 2010-07-26 19:58 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2010-07-26 19:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 06:34 . 2011-05-19 06:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-11-02 20:41 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 15:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-01-11 14:08 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\philip.PHILIP-5D444590\\Desktop\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Desktop\\WCESCOMM.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [6/22/2011 6:01 PM 53816]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [6/13/2011 11:59 AM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [6/22/2011 6:01 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [6/22/2011 6:01 PM 158904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 10:18 PM 136360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [6/22/2011 6:01 PM 870200]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [6/10/2010 8:24 PM 88176]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\philip.PHILIP-5D444590\Application Data\Mozilla\Firefox\Profiles\qtmy4q9x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://yeppo.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Mega Manager Integration: {40a1f5d7-afc2-498f-b264-02668d616ff6} - %profile%\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {440EC676-89B1-4059-9BFD-CEA1AD987EE4} - c:\documents and settings\philip.PHILIP-5D444590\Local Settings\Application Data\{440EC676-89B1-4059-9BFD-CEA1AD987EE4}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\philip.PHILIP-5D444590\Application Data\IDM\idmmzcc3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-13 23:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{254bf102-ea21-4f43-91fb-37718b29904a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014c
"Therad"=dword:00000021
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):34,5c,dd,3a,c2,0c,0e,27,7a,b0,ec,5c,c8,fa,75,ca,82,07,47,63,b6,
59,2b,d0,b9,0f,87,98,a1,88,1f,b8,eb,06,2d,db,b1,b7,ab,e0,00,00,00,00,00,00,\
.
Completion time: 2011-07-13 23:37:55
ComboFix-quarantined-files.txt 2011-07-13 22:37
.
Pre-Run: 6,586,896,384 bytes free
Post-Run: 7,108,284,416 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 2A6B97946008EC86CF2562D8F386AFA4

**shelf life** · 2011-07-14, 03:20

ok.Good.We will use combofix to remove a file;

Click Start, then Run and type Notepad and click OK.
Copy/paste the text in the code box below into notepad:

Code:

File::
c:\windows\Nwayecoxewugon.bin

Name the Notepad file CFScript.txt and Save it to your desktop.
Now locate the file you just saved and the combofix icon, both on your desktop.
Using your mouse drag the CFScript right on top of the combofix icon and release, combofix will run and produce a new log.
please post the new combofix log.

You can also check Malwarebytes for updates and scan with it.
Did you rerun Tdsskiller?

**Edgecrusher** · 2011-07-14, 12:03

i rerun TDDSKiller yesterday after my computer showed the windows background, when it was attempting to restart. do i need to rerun it again?

when i scan with anti malwarebytes, shall i do a full scan or quick scan?

here's my new combofix log report

ComboFix 11-07-13.04 - philip 07/14/2011 10:17:33.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.581 [GMT 1:00]
Running from: c:\documents and settings\philip.PHILIP-5D444590\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\philip.PHILIP-5D444590\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
FILE ::
"c:\windows\Nwayecoxewugon.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Nwayecoxewugon.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-06-14 to 2011-07-14 )))))))))))))))))))))))))))))))
.
.
2011-07-14 09:03 . 2011-07-14 09:03 -------- d-----w- c:\windows\LastGood
2011-07-07 22:55 . 2011-07-07 22:55 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY.000\UserData
2011-07-05 12:02 . 2011-07-05 12:02 -------- d-----w- c:\documents and settings\philip.PHILIP-5D444590\Local Settings\Application Data\{440EC676-89B1-4059-9BFD-CEA1AD987EE4}
2011-06-25 09:29 . 2011-06-25 09:29 -------- d-----w- C:\found.000
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 09:17 . 2010-07-26 19:42 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-07-01 09:17 . 2010-07-26 19:42 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-05-29 08:11 . 2010-07-26 19:58 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 08:11 . 2010-07-26 19:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-19 06:34 . 2011-05-19 06:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-13_22.35.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-14 09:01 . 2011-07-14 09:01 16384 c:\windows\Temp\Perflib_Perfdata_49c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-05-27 2815408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2010-11-02 20:41 281768 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 15:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-01-11 14:08 577536 ----a-w- c:\windows\soundman.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Documents and Settings\\philip.PHILIP-5D444590\\Desktop\\spotify.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Desktop\\WCESCOMM.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [6/22/2011 6:01 PM 53816]
R1 RapportCerberus_26762;RapportCerberus_26762;c:\documents and settings\All Users.WINDOWS\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\26762\RapportCerberus_26762.sys [6/13/2011 11:59 AM 57144]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [6/22/2011 6:01 PM 66360]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [6/22/2011 6:01 PM 158904]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/31/2009 10:18 PM 136360]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [6/22/2011 6:01 PM 870200]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\SITEAD~1\mcsacore.exe [6/10/2010 8:24 PM 88176]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WUAUSERV
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\philip.PHILIP-5D444590\Application Data\Mozilla\Firefox\Profiles\qtmy4q9x.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://yeppo.net
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Mega Manager Integration: {40a1f5d7-afc2-498f-b264-02668d616ff6} - %profile%\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
FF - Ext: Veehd Plugin: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC} - %profile%\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {440EC676-89B1-4059-9BFD-CEA1AD987EE4} - c:\documents and settings\philip.PHILIP-5D444590\Local Settings\Application Data\{440EC676-89B1-4059-9BFD-CEA1AD987EE4}
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\philip.PHILIP-5D444590\Application Data\IDM\idmmzcc3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-14 10:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{254bf102-ea21-4f43-91fb-37718b29904a}]
@Denied: (Full) (Everyone)
"Model"=dword:0000014c
"Therad"=dword:00000021
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):34,5c,dd,3a,c2,0c,0e,27,7a,b0,ec,5c,c8,fa,75,ca,82,07,47,63,b6,
59,2b,d0,b9,0f,87,98,a1,88,1f,b8,eb,06,2d,db,b1,b7,ab,e0,00,00,00,00,00,00,\
.
Completion time: 2011-07-14 10:27:01
ComboFix-quarantined-files.txt 2011-07-14 09:26
ComboFix2.txt 2011-07-13 22:37
.
Pre-Run: 7,050,141,696 bytes free
Post-Run: 7,032,303,616 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=5 Sets=1,2,3,5
- - End Of File - - 2DA916036EA3F143664A474D161C942C

Thread: 20 something viruses on my computer! cant post dds log

Thread Tools

Display

Posting Permissions