Page 4 of 5 FirstFirst 12345 LastLast
Results 31 to 40 of 44

Thread: redirects web pages, errors, slow and locks up.

  1. 2010-10-24, 20:38 #31
    kaustin
    kaustin is offline
    Member
    Join Date
    Oct 2010
    Posts
    38

    Default attached

    dump1.txt attached
  2. 2010-10-24, 21:07 #32
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    OK, thanks, I am having a MBR expert look at this and will post instructions when they get back to me, so sit tight and dont go away
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2010-10-25, 01:07 #33
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go ahead and run TDSS Killer, looks like a rootkit has infected your MBR
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  4. 2010-10-25, 02:21 #34
    kaustin
    kaustin is offline
    Member
    Join Date
    Oct 2010
    Posts
    38

    Default log

    attached screen shot of what it found, do i need to cure, skip, etc...



    2010/10/24 19:07:34.0062 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/24 19:07:34.0062 ================================================================================
    2010/10/24 19:07:34.0062 SystemInfo:
    2010/10/24 19:07:34.0062
    2010/10/24 19:07:34.0062 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/24 19:07:34.0062 Product type: Workstation
    2010/10/24 19:07:34.0062 ComputerName: KEVIN-HOME
    2010/10/24 19:07:34.0062 UserName: Kevin Austin
    2010/10/24 19:07:34.0062 Windows directory: C:\WINDOWS
    2010/10/24 19:07:34.0062 System windows directory: C:\WINDOWS
    2010/10/24 19:07:34.0062 Processor architecture: Intel x86
    2010/10/24 19:07:34.0062 Number of processors: 2
    2010/10/24 19:07:34.0062 Page size: 0x1000
    2010/10/24 19:07:34.0062 Boot type: Normal boot
    2010/10/24 19:07:34.0062 ================================================================================
    2010/10/24 19:07:34.0265 Initialize success
    2010/10/24 19:07:58.0156 ================================================================================
    2010/10/24 19:07:58.0156 Scan started
    2010/10/24 19:07:58.0156 Mode: Manual;
    2010/10/24 19:07:58.0156 ================================================================================
    2010/10/24 19:07:58.0406 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/24 19:07:58.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/24 19:07:58.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/24 19:07:58.0578 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/24 19:07:58.0781 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/24 19:07:59.0000 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
    2010/10/24 19:07:59.0031 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/24 19:07:59.0125 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/24 19:07:59.0218 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/10/24 19:07:59.0281 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/24 19:07:59.0343 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/24 19:07:59.0406 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2010/10/24 19:07:59.0453 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/10/24 19:07:59.0468 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2010/10/24 19:07:59.0515 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/24 19:07:59.0734 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/24 19:07:59.0828 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/24 19:07:59.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/24 19:07:59.0984 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/24 19:08:00.0281 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/24 19:08:00.0390 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/24 19:08:00.0500 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/24 19:08:00.0546 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/24 19:08:00.0593 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/24 19:08:00.0656 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/24 19:08:00.0718 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/10/24 19:08:00.0781 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/24 19:08:00.0843 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/10/24 19:08:00.0921 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/24 19:08:00.0968 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/10/24 19:08:01.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/24 19:08:01.0078 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/24 19:08:01.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/24 19:08:01.0187 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
    2010/10/24 19:08:01.0250 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/24 19:08:01.0312 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/24 19:08:01.0421 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/24 19:08:01.0500 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/24 19:08:01.0687 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2010/10/24 19:08:01.0734 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2010/10/24 19:08:01.0796 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2010/10/24 19:08:01.0828 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/24 19:08:01.0843 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/24 19:08:01.0906 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/24 19:08:01.0968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/24 19:08:02.0000 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/24 19:08:02.0046 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/24 19:08:02.0078 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/24 19:08:02.0125 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/24 19:08:02.0156 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/24 19:08:02.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/24 19:08:02.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/10/24 19:08:02.0265 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/24 19:08:02.0281 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/24 19:08:02.0390 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/24 19:08:02.0453 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/24 19:08:02.0500 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/10/24 19:08:02.0578 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2010/10/24 19:08:02.0609 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/24 19:08:02.0671 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/24 19:08:02.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/24 19:08:02.0750 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/24 19:08:02.0781 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/24 19:08:02.0859 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/24 19:08:02.0937 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/24 19:08:02.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/24 19:08:03.0015 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/24 19:08:03.0062 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/24 19:08:03.0093 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/24 19:08:03.0171 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/24 19:08:03.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/24 19:08:03.0234 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/24 19:08:03.0265 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/24 19:08:03.0312 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/24 19:08:03.0359 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/24 19:08:03.0406 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/24 19:08:03.0484 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/24 19:08:03.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/24 19:08:03.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/24 19:08:03.0656 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/24 19:08:03.0734 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/24 19:08:03.0765 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/24 19:08:03.0812 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/24 19:08:03.0859 PalmUSBD (945da25e897eeb2c64861c3cada00d3a) C:\WINDOWS\system32\drivers\PalmUSBD.sys
    2010/10/24 19:08:03.0906 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/24 19:08:03.0953 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/24 19:08:04.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/24 19:08:04.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/24 19:08:04.0125 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    2010/10/24 19:08:04.0156 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/24 19:08:04.0500 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/24 19:08:04.0546 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/24 19:08:04.0640 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/24 19:08:04.0843 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/24 19:08:04.0875 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/24 19:08:04.0921 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/24 19:08:04.0937 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/24 19:08:05.0000 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/24 19:08:05.0046 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/24 19:08:05.0109 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/24 19:08:05.0171 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/24 19:08:05.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/24 19:08:05.0343 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2010/10/24 19:08:05.0390 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/24 19:08:05.0437 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/24 19:08:05.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/24 19:08:05.0609 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/10/24 19:08:05.0671 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2010/10/24 19:08:05.0765 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/24 19:08:05.0843 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/24 19:08:05.0906 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/24 19:08:06.0015 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/24 19:08:06.0046 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/24 19:08:06.0187 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
    2010/10/24 19:08:06.0218 SymSnap (fea2d66aeb341e11fad6ff2d50b8ca40) C:\WINDOWS\system32\drivers\SymSnap.sys
    2010/10/24 19:08:06.0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/24 19:08:06.0343 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/24 19:08:06.0406 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/24 19:08:06.0453 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/24 19:08:06.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/24 19:08:06.0578 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/24 19:08:06.0671 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/24 19:08:06.0718 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/24 19:08:06.0765 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/24 19:08:06.0781 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/24 19:08:06.0828 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/24 19:08:06.0875 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/24 19:08:06.0906 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/24 19:08:06.0953 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/24 19:08:07.0000 V2IMount (deea641cc5f87867759856a52cbc0999) C:\WINDOWS\system32\drivers\V2IMount.sys
    2010/10/24 19:08:07.0046 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/24 19:08:07.0093 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/24 19:08:07.0156 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/24 19:08:07.0250 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/24 19:08:07.0390 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/24 19:08:07.0453 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/10/24 19:08:07.0515 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/10/24 19:08:07.0515 ================================================================================
    2010/10/24 19:08:07.0515 Scan finished
    2010/10/24 19:08:07.0515 ================================================================================
    2010/10/24 19:08:07.0531 Detected object count: 1
    2010/10/24 19:13:16.0546 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Skip
    2010/10/24 19:13:48.0031 Deinitialize success
  5. 2010-10-25, 07:02 #35
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    All us forums work together with some forums specializing in different areas of infections so I have other people looking at this also. It looks like the TDSS Rootkit has infected your Master Boot Record and this is something we want to handle very delicately so just hang on a bit and lets see what they say
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  6. 2010-10-25, 10:35 #36
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Go ahead and run TDSSKiller again and this time have it cure it. Post the log, then run MBRCheck again and post the NEW LOG
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2010-10-26, 02:22 #37
    kaustin
    kaustin is offline
    Member
    Join Date
    Oct 2010
    Posts
    38

    Default TDS and MBR log

    2010/10/25 19:02:55.0031 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/25 19:02:55.0031 ================================================================================
    2010/10/25 19:02:55.0031 SystemInfo:
    2010/10/25 19:02:55.0031
    2010/10/25 19:02:55.0031 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/25 19:02:55.0031 Product type: Workstation
    2010/10/25 19:02:55.0031 ComputerName: KEVIN-HOME
    2010/10/25 19:02:55.0031 UserName: Kevin Austin
    2010/10/25 19:02:55.0031 Windows directory: C:\WINDOWS
    2010/10/25 19:02:55.0031 System windows directory: C:\WINDOWS
    2010/10/25 19:02:55.0031 Processor architecture: Intel x86
    2010/10/25 19:02:55.0031 Number of processors: 2
    2010/10/25 19:02:55.0031 Page size: 0x1000
    2010/10/25 19:02:55.0031 Boot type: Normal boot
    2010/10/25 19:02:55.0031 ================================================================================
    2010/10/25 19:02:55.0562 Initialize success
    2010/10/25 19:02:58.0750 ================================================================================
    2010/10/25 19:02:58.0750 Scan started
    2010/10/25 19:02:58.0750 Mode: Manual;
    2010/10/25 19:02:58.0750 ================================================================================
    2010/10/25 19:03:00.0296 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/25 19:03:00.0406 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/25 19:03:00.0500 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/25 19:03:00.0531 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/25 19:03:00.0843 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2010/10/25 19:03:01.0078 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys
    2010/10/25 19:03:01.0125 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/25 19:03:01.0171 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2010/10/25 19:03:01.0343 ati2mtag (a7dd7088e2c987dbcb3f4d6d56f723bd) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2010/10/25 19:03:01.0437 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/25 19:03:01.0531 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/25 19:03:01.0656 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
    2010/10/25 19:03:01.0703 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
    2010/10/25 19:03:01.0750 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
    2010/10/25 19:03:01.0796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/25 19:03:02.0000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/25 19:03:02.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/25 19:03:02.0203 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/25 19:03:02.0265 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/25 19:03:02.0515 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/25 19:03:02.0640 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/25 19:03:02.0734 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/25 19:03:02.0796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/25 19:03:02.0859 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/25 19:03:02.0906 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/25 19:03:02.0953 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    2010/10/25 19:03:03.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/25 19:03:03.0093 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2010/10/25 19:03:03.0156 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/25 19:03:03.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2010/10/25 19:03:03.0265 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2010/10/25 19:03:03.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/25 19:03:03.0406 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/25 19:03:03.0453 GearAspiWDM (32a73a8952580b284a47290adb62032a) C:\WINDOWS\system32\drivers\GearAspiWDM.sys
    2010/10/25 19:03:03.0515 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/25 19:03:03.0578 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/25 19:03:03.0734 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/25 19:03:03.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/25 19:03:04.0062 IntelC51 (fcab28ffd3a8964581e16455efaf81c8) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    2010/10/25 19:03:04.0312 IntelC52 (a288e7e3a6255255b9066686d860fbc5) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    2010/10/25 19:03:04.0406 IntelC53 (d5e5a1abf6bdba7ca49941a044f04598) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    2010/10/25 19:03:04.0453 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2010/10/25 19:03:04.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/25 19:03:04.0593 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2010/10/25 19:03:04.0656 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/25 19:03:04.0718 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/25 19:03:04.0765 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/25 19:03:04.0828 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/25 19:03:04.0890 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/25 19:03:04.0937 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/25 19:03:05.0000 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/25 19:03:05.0046 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2010/10/25 19:03:05.0109 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/25 19:03:05.0125 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/25 19:03:05.0265 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/25 19:03:05.0328 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/25 19:03:05.0406 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    2010/10/25 19:03:05.0468 mohfilt (c6a08c4f34b3048a73bbb2951150f98d) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    2010/10/25 19:03:05.0515 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/25 19:03:05.0609 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/25 19:03:05.0656 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/25 19:03:05.0718 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/25 19:03:05.0765 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/25 19:03:05.0859 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/25 19:03:05.0937 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/25 19:03:05.0984 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/25 19:03:06.0031 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/25 19:03:06.0093 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/25 19:03:06.0187 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/25 19:03:06.0281 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/25 19:03:06.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/25 19:03:06.0390 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/25 19:03:06.0406 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/25 19:03:06.0437 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/25 19:03:06.0515 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/25 19:03:06.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/25 19:03:06.0656 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2010/10/25 19:03:06.0734 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/25 19:03:06.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/25 19:03:06.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/25 19:03:06.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/25 19:03:06.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/25 19:03:07.0046 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2010/10/25 19:03:07.0140 PalmUSBD (945da25e897eeb2c64861c3cada00d3a) C:\WINDOWS\system32\drivers\PalmUSBD.sys
    2010/10/25 19:03:07.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2010/10/25 19:03:07.0296 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/25 19:03:07.0375 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/25 19:03:07.0406 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/25 19:03:07.0484 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    2010/10/25 19:03:07.0546 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/25 19:03:07.0859 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/25 19:03:07.0890 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/25 19:03:07.0953 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/25 19:03:08.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/25 19:03:08.0281 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/25 19:03:08.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/25 19:03:08.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/25 19:03:08.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/25 19:03:08.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/25 19:03:08.0578 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/25 19:03:08.0640 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/25 19:03:08.0734 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/25 19:03:08.0828 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    2010/10/25 19:03:08.0875 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2010/10/25 19:03:08.0937 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2010/10/25 19:03:09.0015 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/25 19:03:09.0296 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    2010/10/25 19:03:09.0437 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    2010/10/25 19:03:09.0546 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/25 19:03:09.0593 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/25 19:03:09.0687 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/25 19:03:09.0812 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/25 19:03:09.0843 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/25 19:03:09.0984 symlcbrd (5220576ee29bea7c18dff9ecabf18bbc) C:\WINDOWS\system32\drivers\symlcbrd.sys
    2010/10/25 19:03:10.0031 SymSnap (fea2d66aeb341e11fad6ff2d50b8ca40) C:\WINDOWS\system32\drivers\SymSnap.sys
    2010/10/25 19:03:10.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/25 19:03:10.0296 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/25 19:03:10.0390 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/25 19:03:10.0437 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/25 19:03:10.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/25 19:03:10.0593 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/25 19:03:10.0718 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/25 19:03:10.0796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/25 19:03:10.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/25 19:03:10.0921 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/25 19:03:10.0984 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/25 19:03:11.0078 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/25 19:03:11.0125 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/25 19:03:11.0171 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/25 19:03:11.0218 V2IMount (deea641cc5f87867759856a52cbc0999) C:\WINDOWS\system32\drivers\V2IMount.sys
    2010/10/25 19:03:11.0281 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/25 19:03:11.0359 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/25 19:03:11.0406 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/25 19:03:11.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/25 19:03:11.0640 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2010/10/25 19:03:11.0718 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2010/10/25 19:03:11.0812 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/10/25 19:03:11.0812 ================================================================================
    2010/10/25 19:03:11.0812 Scan finished
    2010/10/25 19:03:11.0812 ================================================================================
    2010/10/25 19:03:11.0828 Detected object count: 1
    2010/10/25 19:03:16.0078 \HardDisk0\MBR - will be cured after reboot
    2010/10/25 19:03:16.0078 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
    2010/10/25 19:03:22.0625 Deinitialize success




    MBR**********************************

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 125):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF7AE5000 \WINDOWS\system32\KDCOM.DLL
    0xF79F5000 \WINDOWS\system32\BOOTVID.dll
    0xF7596000 ACPI.sys
    0xF7AE7000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7585000 pci.sys
    0xF75E5000 isapnp.sys
    0xF75F5000 ohci1394.sys
    0xF7605000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF7BAD000 PCIIde.sys
    0xF7865000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
    0xF7AE9000 intelide.sys
    0xF7615000 MountMgr.sys
    0xF7566000 ftdisk.sys
    0xF786D000 PartMgr.sys
    0xF7625000 VolSnap.sys
    0xF754E000 atapi.sys
    0xF7635000 disk.sys
    0xF7645000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF752E000 fltmgr.sys
    0xF751C000 sr.sys
    0xF7506000 SymSnap.sys
    0xF74EF000 KSecDD.sys
    0xF7462000 Ntfs.sys
    0xF7435000 NDIS.sys
    0xF741B000 Mup.sys
    0xF76D5000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF7785000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF7245000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
    0xF7231000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF78DD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF720D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF78E5000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF71E7000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xF71A7000 \SystemRoot\system32\drivers\smwdm.sys
    0xF7183000 \SystemRoot\system32\drivers\portcls.sys
    0xF7795000 \SystemRoot\system32\drivers\drmk.sys
    0xF7160000 \SystemRoot\system32\drivers\ks.sys
    0xF70AD000 \SystemRoot\system32\drivers\senfilt.sys
    0xF78ED000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF7099000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF77A5000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF7A99000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF77B5000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xF77C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF77D5000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF78F5000 \SystemRoot\System32\Drivers\GearAspiWDM.SYS
    0xF7BC5000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF77E5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF7AA5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF703D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF77F5000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF7805000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF78FD000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF702C000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF7815000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF7905000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF790D000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF7825000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF7915000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF791D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF7B07000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF6FCE000 \SystemRoot\system32\DRIVERS\update.sys
    0xF7AB1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF7855000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF7665000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF7B09000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF7925000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0xF7B0D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7CE5000 \SystemRoot\System32\Drivers\Null.SYS
    0xF7B0F000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7935000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF793D000 \SystemRoot\System32\drivers\vga.sys
    0xF7B11000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF7B13000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xF7945000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF794D000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF73E6000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xEEE8B000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xEEE32000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xEEE19000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xEEDF3000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xEEDCB000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xF7685000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xEEDA9000 \SystemRoot\System32\drivers\afd.sys
    0xF7695000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF76A5000 \SystemRoot\System32\Drivers\V2IMount.SYS
    0xEED2E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xF76B5000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xEECBE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF76C5000 \SystemRoot\System32\Drivers\Fips.SYS
    0xF7955000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xEEC6D000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xF795D000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF7ADD000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF76E5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xEEEC2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xEEEBE000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xF7715000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xEEB8D000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF7B15000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xEEEA2000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF7965000 \SystemRoot\System32\watchdog.sys
    0xBF9C4000 \SystemRoot\System32\drivers\dxg.sys
    0xF7D20000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF9D6000 \SystemRoot\System32\ati2dvag.dll
    0xBFA18000 \SystemRoot\System32\ati2cqag.dll
    0xBFA57000 \SystemRoot\System32\atikvmag.dll
    0xBFA8D000 \SystemRoot\System32\ati3duag.dll
    0xBFD11000 \SystemRoot\System32\ativvaxx.dll
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xB8EEC000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xB8AC3000 \SystemRoot\system32\drivers\wdmaud.sys
    0xB8C10000 \SystemRoot\system32\drivers\sysaudio.sys
    0xB88D8000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF7B93000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xB88C0000 \SystemRoot\System32\Drivers\Aspi32.SYS
    0xB8606000 \SystemRoot\system32\DRIVERS\srv.sys
    0xB8BE0000 \SystemRoot\system32\DRIVERS\secdrv.sys
    0xB824A000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xF78C5000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
    0xB7F89000 \SystemRoot\System32\Drivers\HTTP.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 47):
    0 System Idle Process
    4 System
    468 C:\WINDOWS\system32\smss.exe
    516 csrss.exe
    544 C:\WINDOWS\system32\winlogon.exe
    592 C:\WINDOWS\system32\services.exe
    604 C:\WINDOWS\system32\lsass.exe
    764 C:\WINDOWS\system32\ati2evxx.exe
    784 C:\WINDOWS\system32\svchost.exe
    848 svchost.exe
    920 C:\WINDOWS\system32\svchost.exe
    984 svchost.exe
    1064 svchost.exe
    1108 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    1140 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    1424 C:\WINDOWS\system32\spoolsv.exe
    1600 C:\WINDOWS\explorer.exe
    312 svchost.exe
    244 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    552 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    652 C:\PROGRA~1\AVG\AVG8\avgtray.exe
    896 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9EA.EXE
    912 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    960 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    1076 C:\Program Files\Norton Ghost\Agent\GhostTray.exe
    1200 C:\WINDOWS\system32\gearsec.exe
    1376 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1272 C:\Program Files\Java\jre6\bin\jqs.exe
    1580 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    1644 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    1752 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1476 C:\WINDOWS\system32\ctfmon.exe
    1156 C:\Program Files\Norton Ghost\Agent\VProSvc.exe
    2064 C:\Program Files\AVG\AVG8\avgrsx.exe
    2072 C:\Program Files\Palm\HOTSYNC.EXE
    2092 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    2256 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    2680 C:\WINDOWS\system32\snmp.exe
    2776 C:\WINDOWS\system32\svchost.exe
    2820 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    3016 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    3076 C:\PROGRA~1\AVG\AVG8\avgemc.exe
    3152 C:\Program Files\AVG\AVG8\avgcsrvx.exe
    3832 alg.exe
    196 C:\PROGRA~1\Yahoo!\Messenger\Ymsgr_tray.exe
    1740 C:\WINDOWS\system32\svchost.exe
    1828 C:\Documents and Settings\Kevin Austin\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3250620AS, Rev: 3.AAC

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
  8. 2010-10-26, 02:29 #38
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Looks like that may have done it. How is your system running now, any redirects ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  9. 2010-10-26, 05:11 #39
    kaustin
    kaustin is offline
    Member
    Join Date
    Oct 2010
    Posts
    38

    Default so far so good

    well... give me another night or two, but so far thing are working well.
    so what was the problem or where? have you seen it before?
    if you dont have time to answer thats fine as I may not unstand any way.
    I will get back with you in a couple of days and let you know how things are doing.
    Thanks
  10. 2010-10-26, 10:26 #40
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Years ago when I first got into this , back in the days when windows 95 first came out, kids and people with to much time on there hands wrote viruses, they at the time really did not do to much damage, more or an annoyance , but thats all changed now, Cybercriminals write this garbage, I mean gangs of criminals that are trying to steal anything they can from you , like your passwords, banking account numbers, credit card numbers, the greater majority of this scum come from off shore so its hard for the US to prosecute them. When they find away of infecting something on your system, they keep abreast of what we do, and once they learn that we can clean it they move on to something else. I don't know what you did ( opened an attachment , visited a bad website, downloaded something you should not have ) and you got infected. I had a poster similar to yours about a month ago and the fix we went through did not work , we had to rebuild his MBR though the Recovery Console, the TDSS rootkit blocked that from happening, the only recourse we had was to have the user use his Windows CD to perform the fix and he did not have one, he never posted back so dont know what he ever did , my point is that you just have to be real careful , make sure your Antivirus program is up todate and run a scan on a regular basis. We dont solicit any software programs but Malwarebytes that you downloaded and ran, the paid version has a block feature that will block you from entering bad or questionable sites, its a very inexpensive program, around $20 or so for lifetime, not a yearly fee. I have this program and keep it updated on my three systems, but this is up to you, the free version you have will still work, you can check for updates and run scans to remove bad stuff.

    What happened to you is somehow you got infected with the TDSS Rootkit and that in turn infected your MBR ( Master Boot Record ) these are the files responsible for booting up your computer so every time you started your computer the infection would kick in.


    You never know what these infections are capable of, I would suggest you change all your passwords for sites you frequent.

    Post back in a few days and let me know how its going
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules