1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

tdl4 Infection

Discussion in 'Virus & Other Malware Removal' started by Blinghound, Jan 15, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Blinghound

    Blinghound Thread Starter

    Joined:
    Jan 15, 2011
    Messages:
    4
    Hello All.

    I recently became infected with a tdl4 rootkit.

    I managed to get rid of it using tdsskiller.

    After doing this and restarting, running again confirmed it was gone. However, in my device manager, prior to removing the rootkit showed a disk drive 'Config Disk 0 ATA Device' which I believe is part of it.

    Even after using the tdsskiller tool and restarting, the disk drive appears.

    Any help would be greatly appreciated.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:36:28, on 16/01/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16700)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Kenny\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6749 bytes








    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Kenny at 1:41:35.24 on 16/01/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.4095.2906 [GMT 0:00]

    AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
    SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\mmc.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Kenny\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    mRun-x64: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    STS-X64: ObjectDockShlExt Class: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\en5c9ex7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchlotto.co.uk/index.php
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Kenny\AppData\Roaming\Mozilla\Firefox\Profiles\en5c9ex7.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    FF - Ext: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - %profile%\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
    FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    FF - Ext: Classic Remix for Windows 7: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Chromifox Basic: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Adblock Plus Pop-up Addon: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    FF - Ext: SkipScreen: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
    FF - Ext: SmoothWheel (mozdev.org): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Ext: SmoothWheel (AMO): {5F590AA2-1221-4113-A6F4-A4BB62414FAC} - %profile%\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    FF - Ext: FastestFox: [email protected] - %profile%\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
    R1 SASDIFSV;SASDIFSV;C:\Users\Kenny\AppData\Local\Temp\SAS_SelfExtract\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Users\Kenny\AppData\Local\Temp\SAS_SelfExtract\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-4 203264]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-8-16 13336]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-4 7451648]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-4 268288]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2010-7-15 116240]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
    R3 netr28ux;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;C:\Windows\System32\drivers\Dnetr28ux.sys [2009-8-6 987648]
    R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\System32\drivers\Ph3xIB64.sys [2009-6-10 1627520]
    R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2008-2-18 129024]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-29 136176]
    S3 atillk64;atillk64;E:\Software\www.x-drivers.ru_atiovervolt\atillk64.sys [2010-8-13 14608]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-16 1255736]

    =============== Created Last 30 ================

    2011-01-16 01:20:17 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
    2011-01-16 00:48:11 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{72B04EA8-72DF-4FD6-B66B-458BD70AD854}\mpengine.dll
    2011-01-14 16:34:47 -------- d-----w- C:\Users\Kenny\AppData\Local\ODUI
    2011-01-14 16:34:45 -------- d-----w- C:\Users\Kenny\AppData\Local\Stardock
    2011-01-14 16:33:37 -------- d-----w- C:\Users\Kenny\AppData\Roaming\Stardock
    2011-01-14 16:33:31 -------- dc-h--w- C:\PROGRA~3\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
    2011-01-14 16:33:31 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
    2011-01-14 16:33:31 -------- d-----w- C:\PROGRA~3\Stardock
    2011-01-14 16:33:30 -------- d-----w- C:\Program Files (x86)\Stardock
    2011-01-14 16:33:25 -------- d-----w- C:\Users\Kenny\AppData\Local\PackageAware
    2011-01-14 09:33:35 -------- d-----w- C:\Users\Kenny\AppData\Local\{221C9115-0D04-4BB8-BB8C-536A7C19FE91}
    2011-01-13 20:02:24 -------- d-----w- C:\Users\Kenny\AppData\Local\Apps
    2011-01-13 11:01:22 -------- d-----w- C:\Users\Kenny\AppData\Local\{3EE65E67-F293-4423-918F-277DBB446934}
    2011-01-12 13:57:28 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-01-12 13:56:07 -------- d-----w- C:\Users\Kenny\AppData\Local\{5BFD3CA1-19BE-4484-83B6-AB2C85865E9C}
    2011-01-11 16:55:42 -------- d-----w- C:\Users\Kenny\AppData\Local\{9496EBC2-FEBE-462E-A37B-0E2F444623BB}
    2011-01-10 15:43:36 -------- d-----w- C:\Users\Kenny\AppData\Local\Paint.NET
    2011-01-10 15:43:36 -------- d-----w- C:\Program Files\Paint.NET
    2011-01-10 14:12:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{86CCF61A-AE0B-455E-BE5A-A5B217E00EF8}
    2011-01-09 20:14:24 -------- d-----w- C:\Users\Kenny\AppData\Roaming\ColorCop
    2011-01-09 19:02:39 -------- d-----w- C:\Users\Kenny\AppData\Local\{59B9636E-7B27-4C49-A142-BDEC75F43A00}
    2011-01-09 07:02:17 -------- d-----w- C:\Users\Kenny\AppData\Local\{9493ECE0-99A8-4B20-B1AA-A6FFE8118014}
    2011-01-08 16:13:05 -------- d-----w- C:\Users\Kenny\AppData\Local\{84CBB950-05BD-4864-B609-B9D329FECB3C}
    2011-01-07 16:44:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{6A7851EC-A9B5-4EE8-85D7-6CCF564C7042}
    2011-01-06 14:37:34 -------- d-----w- C:\Users\Kenny\AppData\Local\{67ABEB82-7299-47A5-ABB1-31E5500EDF6D}
    2011-01-05 15:26:36 -------- d-----w- C:\Users\Kenny\AppData\Local\{CEA9BDB6-E01B-45E3-B3E3-87D662DD5B74}
    2011-01-04 11:37:31 -------- d-----w- C:\Users\Kenny\AppData\Local\{C5FEFBFB-BFBD-437E-B3D0-CD78F8BEB5B1}
    2011-01-03 20:17:17 -------- d-----w- C:\Program Files (x86)\MW2CU
    2011-01-03 18:08:29 -------- d-----w- C:\Users\Kenny\AppData\Local\{C1F6D2E4-6752-4006-A274-020F4663A998}
    2011-01-02 16:32:53 -------- d-----w- C:\Users\Kenny\AppData\Local\AVERT
    2011-01-02 16:27:23 -------- d-----w- C:\Users\Kenny\AppData\Local\matt.malensek.net
    2011-01-02 16:26:56 -------- d-----w- C:\Program Files (x86)\3RVX
    2011-01-02 15:28:34 -------- d-----w- C:\Users\Kenny\AppData\Local\{89E9C2BC-4171-4D95-B6CB-F3ED9C07C5AF}
    2011-01-01 15:31:58 -------- d-----w- C:\Users\Kenny\AppData\Local\{D37529D6-B82B-461E-8B24-279150CB844E}
    2010-12-31 15:30:46 -------- d-----w- C:\Users\Kenny\AppData\Local\{BEEB761F-5BC7-46AF-BC74-6B06A35FBFF1}
    2010-12-30 17:06:55 -------- d-----w- C:\Users\Kenny\AppData\Local\{E3C9AD08-F601-4C3D-A5B1-962D4CCB26FB}
    2010-12-30 14:27:01 -------- d-----w- C:\Users\Kenny\AppData\Local\{84CF43C1-86AB-405F-8DDA-F87921729367}
    2010-12-29 13:26:36 -------- d-----w- C:\Users\Kenny\AppData\Local\{1067BFBA-0219-46DA-A4EC-5F8F56BCA99E}
    2010-12-29 00:17:43 -------- d-----w- C:\Windows\SysWow64\URTTEMP
    2010-12-29 00:17:10 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe
    2010-12-28 13:57:06 -------- d-----w- C:\Users\Kenny\AppData\Local\{AE12559D-213D-43AE-8274-DE3E5452DE00}
    2010-12-27 21:21:22 521448 ----a-w- C:\Windows\System32\deployJava1.dll
    2010-12-27 21:15:16 -------- d-----w- C:\Program Files (x86)\FileHippo.com
    2010-12-27 15:35:44 -------- d-----w- C:\Users\Kenny\AppData\Local\{9F712342-F576-4186-82F8-AA72E54140F0}
    2010-12-25 19:04:43 -------- d-----w- C:\Users\Kenny\AppData\Local\{F5A268D2-CA9A-476C-8FE5-E08E9FBFA468}
    2010-12-25 19:04:32 -------- d-----w- C:\Users\Kenny\AppData\Local\{D52ABDE9-A42D-4B6B-A50C-64180A9A1D2C}
    2010-12-24 13:45:57 -------- d-----w- C:\Users\Kenny\AppData\Local\{A9380C1F-E6A2-4269-A9AD-FBA6660A7100}
    2010-12-23 19:02:10 -------- d-----w- C:\Users\Kenny\AppData\Local\{75003AB4-0E3D-42E0-B812-1B6ACFA0934C}
    2010-12-23 19:01:59 -------- d-----w- C:\Users\Kenny\AppData\Local\{6743EC99-A0F4-4589-B938-10C0A2013C1E}
    2010-12-23 17:37:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{DBD9C8A6-2A12-4E04-9C4F-F4E402B31B5C}
    2010-12-23 05:18:18 -------- d-----w- C:\Users\Kenny\AppData\Local\{35804C61-1183-43AE-9BCC-E23C889FBE18}
    2010-12-22 09:48:29 -------- d-----w- C:\Users\Kenny\AppData\Local\{8E3D0D6F-7AC2-4D91-8FF1-E3DC909F9EF7}
    2010-12-22 00:38:27 -------- d-----w- C:\Program Files (x86)\Auslogics
    2010-12-21 13:31:03 -------- d-----w- C:\Users\Kenny\AppData\Local\{FAD5C326-36E2-4815-AEB0-AF22CD9D1801}
    2010-12-20 11:50:15 -------- d-----w- C:\Users\Kenny\AppData\Local\{30941988-8624-403D-982C-AEA335345AFF}
    2010-12-19 22:06:21 -------- d-----w- C:\Program Files (x86)\uTorrent
    2010-12-19 16:18:06 -------- d-----w- C:\Users\Kenny\AppData\Local\{9E4A36F2-41C0-4EFF-9645-824A7217F826}
    2010-12-18 15:33:58 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2010-12-18 15:33:58 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
    2010-12-18 15:33:34 -------- d-----w- C:\Program Files (x86)\ATI Technologies
    2010-12-18 15:33:13 -------- d-----w- C:\Program Files\ATI Technologies
    2010-12-18 15:32:55 -------- d-----w- C:\ATI
    2010-12-18 15:31:06 -------- d-----w- C:\Program Files\ATI
    2010-12-18 14:59:13 -------- d-----w- C:\Users\Kenny\AppData\Local\{23038188-346A-462D-99C5-9303190B7834}
    2010-12-17 22:29:32 -------- d-----w- C:\Users\Kenny\AppData\Roaming\atunes
    2010-12-17 21:36:50 -------- d-----w- C:\Windows\SysWow64\xlive
    2010-12-17 21:36:49 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    2010-12-17 16:03:56 -------- d-----w- C:\Users\Kenny\AppData\Local\{88D75A81-5C04-4284-B8E1-2409BED47E51}

    ==================== Find3M ====================

    2010-12-29 00:17:19 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2010-12-29 00:17:12 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2010-11-29 17:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-29 17:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-10 02:54:18 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
    2010-11-10 02:28:46 301936 ----a-w- C:\Windows\WLXPGSS.SCR
    2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
    2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-02 05:21:51 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2010-11-02 05:18:59 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
    2010-11-02 05:18:59 229888 ----a-w- C:\Windows\System32\XpsRasterService.dll
    2010-11-02 05:18:58 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2010-11-02 05:18:33 1137664 ----a-w- C:\Windows\System32\FntCache.dll
    2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2010-11-02 05:18:05 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2010-11-02 05:17:48 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2010-11-02 05:17:48 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
    2010-11-02 05:17:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
    2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
    2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
    2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
    2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
    2010-11-02 04:59:08 144384 ----a-w- C:\Windows\System32\cdd.dll
    2010-11-02 04:41:36 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2010-11-02 04:41:36 283648 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2010-11-02 04:41:36 135168 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll
    2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
    2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
    2010-11-02 04:26:00 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2010-11-02 04:25:43 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2010-11-02 04:25:43 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2010-11-02 04:25:43 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2010-11-02 04:25:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2010-11-02 02:50:58 258048 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
    2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
    2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe

    ============= FINISH: 1:41:46.22 ===============


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-16 01:46:18
    Windows 6.1.7600
    Running: w1tt6nx2.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\Temp\TMP00000013C4B77457FD86C255 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. Blinghound

    Blinghound Thread Starter

    Joined:
    Jan 15, 2011
    Messages:
    4
    I would also like to add (Which I forgot to add before), is that browsing the internet through firefox feels a lot slower than before, some pages do not load.

    Thank you
     
  3. Blinghound

    Blinghound Thread Starter

    Joined:
    Jan 15, 2011
    Messages:
    4
  4. Blinghound

    Blinghound Thread Starter

    Joined:
    Jan 15, 2011
    Messages:
    4
    I would really appreciate if someone could take a look at this
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - tdl4 Infection
  1. Scudstorm
    Replies:
    13
    Views:
    764
  2. Coach_Z
    Replies:
    16
    Views:
    2,025
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974922

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice