We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

virus help please - poorly pc

Options
13567

Comments

  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    tdskiller found 1 malicious object "rootkit.win32.tdss.tdl4" underneath says physical drive name:\device\harddisk0\dro

    its says cure..with a drop down menu
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-04 00:32:32
    00:32:32.231 OS Version: Windows 5.1.2600 Service Pack 3
    00:32:32.231 Number of processors: 2 586 0x4B02
    00:32:32.231 ComputerName: Surname UserName: Laura
    00:32:32.762 Initialize success
    00:32:43.137 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000032
    00:32:43.137 Disk 0 Vendor: MAXTOR_STM3250310AS 3.AAC Size: 238475MB BusType: 3
    00:32:43.137 Disk 2 \Device\Harddisk2\DR14 -> \Device\00000092
    00:32:43.137 Disk 2 Vendor: Size: 238475MB BusType: 0
    00:32:43.137 Device \Device\00000075 -> \??\IDE#DiskMAXTOR_STM3250310AS_____________________3.AAC___#202020202020202020202020523632594C585034#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
    00:32:43.137 Disk 0 MBR read error 0
    00:32:43.137 Disk 0 MBR scan
    00:32:43.137 Disk 0 unknown MBR code
    00:32:43.137 MBR BIOS signature not found 0
    00:32:43.137 Disk 0 scanning sectors +488376000
    00:32:43.137 Disk 0 scanning C:\WINDOWS\system32\drivers
    00:32:49.418 Service scanning
    00:32:50.278 Disk 0 trace - called modules:
    00:32:50.278 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89590a70]<<
    00:32:50.278 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aba6ab8]
    00:32:50.278 Scan finished successfully
    00:33:46.604 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Laura\Desktop\MBR.dat"
    00:33:46.604 The log file has been saved successfully to "C:\Documents and Settings\Laura\Desktop\aswMBR.txt"
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    hitmanpro link only seems to give me the option to download and install
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
  • RussJK
    RussJK Posts: 2,359 Forumite
    Just run it, and it'll give two options
  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    tdskiller did ask me to reboot..so I did so (hoping that was right) currently running hitmanpro. poor hubby having a breakdown at all this computer stuff and i need some redbull lol
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    hitmanpro says no threats found.
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
  • RussJK
    RussJK Posts: 2,359 Forumite
    Lol you're doing well, but I really doubt the rootkit is gone completely unfortunately. Best to continue trying to clean it, but ultimately you might want to backup your documents and firefox profiles etc, and do a full reinstall (i.e. format the drive, wipe the MBR since the rootkit is hiding on it, then reinstall).
  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    phew...breathe in....and out...lol...i'll be owing you some redbull too.:D

    done that.

    do you need another hijack this log?

    update...have removed said programs including pctools firewall. completed step 5 - system restore stuff.

    next step?

    thanks again.

    hp x
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
  • RussJK
    RussJK Posts: 2,359 Forumite
    Yes another HJT log will be good. Afterwards I think it'll be a good idea to run Combofix, and post the resulting log. I'll get a link for you.
  • HalfPint
    HalfPint Posts: 646 Forumite
    Part of the Furniture Combo Breaker
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:26:35, on 04/06/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17096)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\TalkTalk\bin\sprtcmd.exe
    C:\PROGRA~1\Keyboard\Ikeymain.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Program Files\DNA\btdna.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    C:\WINDOWS\system32\FsUsbExService.Exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Laura\Desktop\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.co.uk/talktalk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk
    O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
    O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S9E.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Search Image on TinEye - file://C:\Documents and Settings\Laura\My Documents\TinEye 1.0\TinEye.js
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
    O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    --
    End of file - 8572 bytes
    DEBT FREE DATE: 05/02/2015!

    Those things in life that we find the hardest to do, are the things we are the most thankful we did.
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.9K Banking & Borrowing
  • 253.1K Reduce Debt & Boost Income
  • 453.5K Spending & Discounts
  • 243.9K Work, Benefits & Business
  • 598.7K Mortgages, Homes & Bills
  • 176.9K Life & Family
  • 257.2K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture