0

I think my girlfriends netbook has become infected with a rootkit virus thingy. I've tried several things the latest of which was reinstalling Windows XP. Unfortunately search results in Google still redirect to random shopping websites.

Below the various log files as requested.

Any help will be appreciated!

mbam log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5686

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

05/02/2011 23:35:16
mbam-log-2011-02-05 (23-35-16).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 192485
Time elapsed: 51 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

gmer one

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-02-05 22:32:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600BEVT-35ZCT1 rev.11.01A11
Running: yc35pu4r.exe; Driver: C:\DOCUME~1\JENNIT~1\LOCALS~1\Temp\axtyypog.sys


---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 00 (MBR): rootkit-like behavior; TDL4                                                      <-- ROOTKIT !!!
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 03: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 04: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 63: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sectors 312581552 (+255): rootkit-like behavior; 

---- Devices - GMER 1.0.15 ----

Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                      86340292

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                   AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device          \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVT-35ZCT1___________________11.01A11#5&3a1ebe55&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- EOF - GMER 1.0.15 ----

gmer two

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-05 22:39:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD1600BEVT-35ZCT1 rev.11.01A11
Running: yc35pu4r.exe; Driver: C:\DOCUME~1\JENNIT~1\LOCALS~1\Temp\axtyypog.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )                               ZwOpenProcess [0xF45B16C0]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )                               ZwTerminateProcess [0xF45B1770]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )                               ZwTerminateThread [0xF45B1810]
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )                               ZwWriteVirtualMemory [0xF45B18B0]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                   AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                  SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                      86340292

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVT-35ZCT1___________________11.01A11#5&3a1ebe55&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found
---- Processes - GMER 1.0.15 ----

Library         C:\Documents (*** hidden *** ) @ C:\Documents [3464]                                                                                                     0x00400000                                                                                       

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 00 (MBR): rootkit-like behavior; TDL4                                                      <-- ROOTKIT !!!
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 03: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 04: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 63: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sectors 312581552 (+255): rootkit-like behavior; 

---- Files - GMER 1.0.15 ----

File            C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SPYBOLI7\st[1]                                                0 bytes

---- EOF - GMER 1.0.15 ----

dds.txt

DDS (Ver_10-12-12.02) - NTFSx86  
Run by Jenni Tucker at  9:38:09.56 on 06/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1014.249 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung Update Plus\SLUTrayNotifier.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Jenni Tucker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jenni Tucker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settin[U][/U]gs\Jenni Tucker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jenni Tucker\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG10\avgmfapx.exe
C:\Documents and Settings\Jenni Tucker\Desktop\post\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\documents and settings\all users\application data\partner\partner.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\jenni tucker\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0\bin\jusched.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>] 
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jennit~1\applic~1\mozilla\firefox\profiles\o6xhfrv3.default\
FF - plugin: c:\documents and settings\jenni tucker\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0\bin\NPJPI150.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 4300]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32mpcoinst,serviceStartProc --> RUNDLL32.EXE ykx32mpcoinst,serviceStartProc [?]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-15 30208]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 238464]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 135664]
S3 Partner Service;Partner Service;c:\documents and settings\all users\application data\partner\partner.exe [2009-2-12 110576]

=============== Created Last 30 ================

2011-02-05 22:43:07 --------    d-----w-    c:\docume~1\jennit~1\applic~1\Malwarebytes
2011-02-05 22:42:38 38224   ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-05 22:42:37 --------    d-----w-    c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-02-05 22:42:33 20952   ----a-w-    c:\windows\system32\drivers\mbam.sys
2011-02-05 22:42:33 --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2011-02-05 22:03:32 388096  ----a-r-    c:\docume~1\jennit~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-02-05 22:03:32 --------    d-----w-    c:\program files\Trend Micro
2011-02-05 20:19:42 --------    d-----w-    c:\docume~1\jennit~1\applic~1\abscreensavers.com
2011-02-05 20:19:41 --------    d-----w-    c:\program files\abscreensavers.com
2011-02-05 20:11:42 --------    d-----w-    c:\program files\Microsoft Visual Studio 8
2011-02-05 19:52:11 --------    d-----w-    c:\windows\SHELLNEW
2011-02-05 19:51:43 --------    d-----w-    c:\docume~1\jennit~1\locals~1\applic~1\Microsoft Help
2011-02-05 18:54:06 --------    d-sh--w-    c:\documents and settings\jenni tucker\PrivacIE
2011-02-05 18:51:30 --------    d-sh--w-    c:\documents and settings\jenni tucker\IETldCache
2011-02-05 18:45:45 26144   ----a-w-    c:\windows\system32\spupdsvc.exe
2011-02-05 18:44:39 --------    dc-h--w-    c:\windows\ie8
2011-02-05 18:38:27 --------    d-----w-    c:\docume~1\jennit~1\locals~1\applic~1\Temp
2011-02-05 18:33:09 --------    d-----w-    c:\docume~1\jennit~1\applic~1\AVG10
2011-02-05 18:31:14 --------    d--h--w-    c:\docume~1\alluse~1\applic~1\Common Files
2011-02-05 18:30:03 --------    d-----w-    c:\windows\system32\drivers\AVG
2011-02-05 18:30:03 --------    d-----w-    c:\docume~1\alluse~1\applic~1\AVG10
2011-02-05 18:29:36 --------    d-----w-    c:\program files\AVG
2011-02-05 18:13:57 --------    d-----w-    c:\docume~1\alluse~1\applic~1\MFAData
2011-02-05 16:56:03 --------    d-----w-    c:\docume~1\jennit~1\locals~1\applic~1\Google
2011-02-05 16:54:31 --------    d-----w-    c:\documents and settings\jenni tucker\Bluetooth Software

==================== Find3M  ====================


=================== ROOTKIT  ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEVT-35ZCT1 rev.11.01A11 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86340446]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86346504]; MOV EAX, [0x86346580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E1397] -> \Device\Harddisk0\DR0[0x863E18F0]
3 CLASSPNP[0xF764BFD7] -> nt!IofCallDriver[0x804E1397] -> \Device\00000067[0x863E1158]
5 ACPI[0xF75C2620] -> nt!IofCallDriver[0x804E1397] -> [0x86358940]
\Driver\atapi[0x863E2E40] -> IRP_MJ_CREATE -> 0x86340446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD1600BEVT-35ZCT1___________________11.01A11#5&3a1ebe55&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86340292
user != kernel MBR !!! 
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH:  9:39:53.37 ===============

attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/15/2009 7:54:26 AM
System Uptime: 2/5/2011 6:50:32 PM (15 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | NC10                       
Processor:          Intel(R) Atom(TM) CPU N270   @ 1.60GHz | U2E1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 25 GiB total, 17.011 GiB free.
D: is FIXED (NTFS) - 118 GiB total, 34.046 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP3: 2/5/2011 6:29:21 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP4: 2/5/2011 6:29:34 PM - Installed AVG 2011
RP5: 2/5/2011 6:29:56 PM - Installed AVG 2011
RP6: 2/5/2011 6:45:56 PM - Installed Windows Internet Explorer 8.
RP7: 2/5/2011 7:50:11 PM - Installed Microsoft Office Enterprise 2007
RP8: 2/5/2011 8:10:27 PM - Installed Microsoft Office Enterprise 2007
RP9: 2/5/2011 8:21:08 PM - Installed Microsoft Visual C++ 2005 Redistributable

==== Installed Programs ======================

Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Atheros WLAN Client
AVG 2011
Easy Display Manager
Easy Network Manager
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
imagine digital freedom - Samsung
Intel(R) Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0
Magic Keyboard
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 2.0
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 Parser and SDK
Namuga 1.3M Webcam
Play Camera
Random Photo Screensaver 3.3.14 (remove only)
Realtek High Definition Audio Driver
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Recovery Solution III
Samsung Update Plus
Samsung Wallpaper
Security Update for Windows XP (KB958644)
Synaptics Pointing Device Driver
User Guide
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Internet Explorer 8

==== Event Viewer Messages From Past Week ========

2/5/2011 8:20:02 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\abscreensavers.com\Random Photo Screensaver\RPS3.3.exe. Reference error message: The operation completed successfully. .
2/5/2011 8:19:46 PM, error: SideBySide [59]  - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
2/5/2011 8:19:46 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\WINDOWS\RPSstart.scr. Reference error message: The operation completed successfully. .
2/5/2011 8:19:46 PM, error: SideBySide [32]  - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2/5/2011 6:52:40 PM, error: Service Control Manager [7034]  - The AVGIDSAgent service terminated unexpectedly.  It has done this 1 time(s).

==== End Of File ===========================

Edited by happygeek: fixed formatting

2
Contributors
3
Replies
4
Views
6 Years
Discussion Span
Last Post by crunchie
0

Hi and welcome to the Daniweb forums :).

==========

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
0

Hi crunchie,

thanks for the welcome and your help. I've followed the instructions and the results are below. A quick google seems to not direct anymore, but time should tell :)

Cheers,

Marijn

2011/02/06 15:05:20.0203 3212	TDSS rootkit removing tool 2.4.16.0 Feb  1 2011 10:34:03
2011/02/06 15:05:20.0562 3212	================================================================================
2011/02/06 15:05:20.0562 3212	SystemInfo:
2011/02/06 15:05:20.0562 3212	
2011/02/06 15:05:20.0562 3212	OS Version: 5.1.2600 ServicePack: 3.0
2011/02/06 15:05:20.0562 3212	Product type: Workstation
2011/02/06 15:05:20.0562 3212	ComputerName: GWENNIFER
2011/02/06 15:05:20.0562 3212	UserName: Jenni Tucker
2011/02/06 15:05:20.0562 3212	Windows directory: C:\WINDOWS
2011/02/06 15:05:20.0562 3212	System windows directory: C:\WINDOWS
2011/02/06 15:05:20.0562 3212	Processor architecture: Intel x86
2011/02/06 15:05:20.0562 3212	Number of processors: 2
2011/02/06 15:05:20.0562 3212	Page size: 0x1000
2011/02/06 15:05:20.0562 3212	Boot type: Normal boot
2011/02/06 15:05:20.0562 3212	================================================================================
2011/02/06 15:05:21.0171 3212	Initialize success
2011/02/06 15:05:43.0328 2856	================================================================================
2011/02/06 15:05:43.0328 2856	Scan started
2011/02/06 15:05:43.0328 2856	Mode: Manual; 
2011/02/06 15:05:43.0328 2856	================================================================================
2011/02/06 15:05:43.0843 2856	ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/06 15:05:43.0906 2856	ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/06 15:05:44.0015 2856	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/06 15:05:44.0078 2856	AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2011/02/06 15:05:44.0296 2856	AR5416          (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
2011/02/06 15:05:44.0468 2856	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/06 15:05:44.0515 2856	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/06 15:05:44.0578 2856	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/06 15:05:44.0656 2856	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/06 15:05:44.0718 2856	AVGIDSDriver    (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/06 15:05:44.0765 2856	AVGIDSEH        (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/06 15:05:44.0812 2856	AVGIDSFilter    (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/06 15:05:44.0843 2856	AVGIDSShim      (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/02/06 15:05:44.0890 2856	Avgldx86        (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/06 15:05:44.0921 2856	Avgmfx86        (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/06 15:05:44.0953 2856	Avgrkx86        (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/06 15:05:45.0000 2856	Avgtdix         (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/02/06 15:05:45.0062 2856	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/06 15:05:45.0140 2856	BTKRNL          (48aad36baefb7820bfeb986763226905) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/02/06 15:05:45.0218 2856	BTWUSB          (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/02/06 15:05:45.0281 2856	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/06 15:05:45.0328 2856	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/06 15:05:45.0406 2856	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/06 15:05:45.0437 2856	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/06 15:05:45.0484 2856	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\drivers\Cdrom.sys
2011/02/06 15:05:45.0546 2856	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/06 15:05:45.0593 2856	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/06 15:05:45.0750 2856	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/06 15:05:45.0828 2856	dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/06 15:05:45.0906 2856	dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/06 15:05:45.0968 2856	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/06 15:05:46.0015 2856	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/06 15:05:46.0078 2856	DNSeFilter      (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
2011/02/06 15:05:46.0140 2856	DOSMEMIO        (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
2011/02/06 15:05:46.0250 2856	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/06 15:05:46.0312 2856	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/06 15:05:46.0375 2856	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/06 15:05:46.0421 2856	Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/06 15:05:46.0468 2856	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/06 15:05:46.0531 2856	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/02/06 15:05:46.0562 2856	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/06 15:05:46.0593 2856	Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/06 15:05:46.0656 2856	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/06 15:05:46.0718 2856	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/06 15:05:46.0796 2856	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/06 15:05:46.0875 2856	HTTP            (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/06 15:05:47.0000 2856	i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/06 15:05:47.0250 2856	ialm            (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/02/06 15:05:47.0468 2856	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2011/02/06 15:05:47.0687 2856	IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/06 15:05:47.0890 2856	intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/06 15:05:47.0921 2856	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/02/06 15:05:47.0953 2856	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/06 15:05:47.0984 2856	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/06 15:05:48.0015 2856	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/06 15:05:48.0031 2856	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/06 15:05:48.0109 2856	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/06 15:05:48.0140 2856	isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/06 15:05:48.0187 2856	Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/06 15:05:48.0218 2856	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/06 15:05:48.0265 2856	KSecDD          (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/06 15:05:48.0343 2856	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/06 15:05:48.0406 2856	Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/06 15:05:48.0437 2856	Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/06 15:05:48.0484 2856	mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/06 15:05:48.0500 2856	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/06 15:05:48.0562 2856	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/06 15:05:48.0609 2856	MRxSmb          (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/06 15:05:48.0671 2856	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/06 15:05:48.0718 2856	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/06 15:05:48.0765 2856	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/06 15:05:48.0796 2856	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/06 15:05:48.0859 2856	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/06 15:05:48.0890 2856	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/06 15:05:48.0921 2856	Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/06 15:05:48.0937 2856	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/06 15:05:49.0000 2856	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/06 15:05:49.0046 2856	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/06 15:05:49.0093 2856	NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/06 15:05:49.0125 2856	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/06 15:05:49.0156 2856	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/06 15:05:49.0218 2856	NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/06 15:05:49.0265 2856	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/06 15:05:49.0312 2856	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/06 15:05:49.0390 2856	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/06 15:05:49.0437 2856	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/06 15:05:49.0531 2856	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/06 15:05:49.0546 2856	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/06 15:05:49.0593 2856	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/06 15:05:49.0656 2856	Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/06 15:05:49.0671 2856	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/06 15:05:49.0734 2856	ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/06 15:05:49.0781 2856	PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/06 15:05:49.0828 2856	PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/06 15:05:49.0875 2856	Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/06 15:05:50.0109 2856	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/06 15:05:50.0140 2856	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/06 15:05:50.0156 2856	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/06 15:05:50.0296 2856	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/06 15:05:50.0359 2856	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/06 15:05:50.0390 2856	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/06 15:05:50.0421 2856	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/06 15:05:50.0453 2856	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/06 15:05:50.0500 2856	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/06 15:05:50.0562 2856	RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/06 15:05:50.0671 2856	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/06 15:05:50.0718 2856	Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/06 15:05:50.0750 2856	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/06 15:05:50.0859 2856	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/06 15:05:50.0937 2856	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/06 15:05:50.0984 2856	sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/06 15:05:51.0031 2856	Srv             (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/06 15:05:51.0109 2856	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/06 15:05:51.0156 2856	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/06 15:05:51.0171 2856	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/06 15:05:51.0328 2856	SynTP           (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/02/06 15:05:51.0359 2856	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/06 15:05:51.0421 2856	Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/06 15:05:51.0484 2856	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/06 15:05:51.0500 2856	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/06 15:05:51.0531 2856	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/06 15:05:51.0640 2856	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/06 15:05:51.0718 2856	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/06 15:05:51.0781 2856	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/06 15:05:51.0828 2856	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/06 15:05:51.0843 2856	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/06 15:05:51.0906 2856	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/06 15:05:51.0937 2856	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/06 15:05:51.0984 2856	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/02/06 15:05:52.0015 2856	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/06 15:05:52.0093 2856	VMC326          (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
2011/02/06 15:05:52.0140 2856	VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/06 15:05:52.0203 2856	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/06 15:05:52.0281 2856	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/06 15:05:52.0390 2856	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/06 15:05:52.0468 2856	yukonwxp        (1661bf323aa86d1b6dd1fb6f2402d119) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/02/06 15:05:52.0531 2856	\HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/02/06 15:05:52.0531 2856	================================================================================
2011/02/06 15:05:52.0546 2856	Scan finished
2011/02/06 15:05:52.0546 2856	================================================================================
2011/02/06 15:05:52.0562 2408	Detected object count: 1
2011/02/06 15:06:03.0375 2408	\HardDisk0 - will be cured after reboot
2011/02/06 15:06:03.0375 2408	Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 
2011/02/06 15:06:11.0171 1068	Deinitialize success
This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.