Recommended for You:
Fix up your PC Fast

TuneUp Utilities 2012 takes out the trash: Get back long lost disk space and performance in a snap – Free Download!






You are not connected. Please login or register

SecuraGeek Forums » Malware/Threat Removal » BDS\small.iuj

View previous topic View next topic Go down  Message [Page 1 of 1]

1 BDSsmall.iuj on Sat Aug 14, 2010 12:17 am

janghag


Member
Member
hi, i reformat my pc because when i upgrade from sp2 to sp3 it doesn't work... and now back to zero, and my explorer.exe was infected again with bds\small.iuj...T_T

2 Re: BDS\small.iuj on Sat Aug 14, 2010 12:47 am

janghag


Member
Member
i tried the combo fix and here's the combo fix log:

ComboFix 10-08-12.03 - jakee 08/14/2010 10:35:46.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.529 [GMT 1:00]
Running from: c:\documents and settings\jakee\Desktop\combo-fix.exe.exe
Command switches used :: c:\documents and settings\jakee\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\desktop.ini

.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 09:03 . 2010-08-14 09:03 -------- d-----w- c:\documents and settings\jakee\Application Data\Avira
2010-08-14 08:48 . 2010-08-14 08:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-08-14 08:42 . 2010-08-14 08:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-14 08:41 . 2010-08-14 08:41 -------- d-----w- c:\program files\Vtune
2010-08-14 08:36 . 2010-08-14 08:36 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-14 08:31 . 2010-08-14 08:31 107132 ----a-w- c:\windows\UninstallFirefox.exe
2010-08-14 01:57 . 2010-08-14 01:57 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 01:57 . 2010-08-14 01:57 -------- d-----w- c:\program files\Bonjour
2010-08-14 01:57 . 2010-08-14 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 01:55 . 2010-08-14 01:55 0 ----a-w- c:\windows\nsreg.dat
2010-08-14 01:53 . 2010-08-14 01:53 -------- d-----w- c:\program files\IDT
2010-08-14 01:53 . 2010-08-14 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-10-05 2158592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Reboot.exe [2006-12-29 409088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/14/2010 3:00 AM 135336]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [8/14/2010 9:52 AM 37376]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jakee\Application Data\Mozilla\Firefox\Profiles\6ytjaevz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - c:\program files\NVIDIA Corporation\nView\nwiz.exe
AddRemove-NVIDIA nView Desktop Manager - c:\program files\NVIDIA Corporation\nView\nViewSetup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 10:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-08-14 10:42:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 09:42

Pre-Run: 34,795,003,904 bytes free
Post-Run: 34,777,042,944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D9B474CB45D70AAC327CEBDCB9DC6DA6

3 Re: BDS\small.iuj on Sat Aug 14, 2010 12:52 am

DragonMaster Jay


Site Owner
Site Owner
Download and SAVE this file to your Desktop: ftp://ftp.geekpolice.net/GPUser/DragonMasterJay/explorer.exe (do not open it!)



  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    killall::

    FCopy::
    c:\documents and settings\jakee\desktop\explorer.exe | c:\windows\explorer.exe

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


NOTE:
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

4 Re: BDS\small.iuj on Sat Aug 14, 2010 1:11 am

janghag


Member
Member
Thank you so much!!! i'll go and download now all those you want me to download in the previous topic...

here's the combo fix log:



ComboFix 10-08-12.03 - jakee 08/14/2010 13:02:45.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.697 [GMT 1:00]
Running from: c:\documents and settings\jakee\Desktop\combo-fix.exe.exe
Command switches used :: c:\documents and settings\jakee\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
ADS - explorer.exe: deleted 26 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\documents and settings\jakee\desktop\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 11:59 . 2006-01-13 01:46 1033216 ----a-w- c:\windows\explorer.exe
2010-08-14 10:13 . 2010-08-14 01:59 -------- d-----w- c:\documents and settings\jakee\Application Data\Apple Computer
2010-08-14 09:03 . 2010-08-14 09:03 -------- d-----w- c:\documents and settings\jakee\Application Data\Avira
2010-08-14 08:48 . 2010-08-14 08:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- c:\program files\AGEIA Technologies
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-14 08:43 . 2010-08-14 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-08-14 08:42 . 2010-08-14 08:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-08-14 08:41 . 2010-08-14 08:41 -------- d-----w- c:\program files\Vtune
2010-08-14 08:36 . 2010-08-14 08:36 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-08-14 01:57 . 2010-08-14 01:57 -------- d-----w- c:\program files\Apple Software Update
2010-08-14 01:57 . 2010-08-14 01:57 -------- d-----w- c:\program files\Bonjour
2010-08-14 01:57 . 2010-08-14 01:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-08-14 01:55 . 2010-08-14 01:55 0 ----a-w- c:\windows\nsreg.dat
2010-08-14 01:53 . 2010-08-14 01:53 -------- d-----w- c:\program files\IDT
2010-08-14 01:53 . 2010-08-14 08:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-21 15:30 . 2010-07-21 15:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-05-18 15:35 . 2010-05-18 15:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35 . 2010-05-18 15:35 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 15:35 . 2010-05-18 15:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 15:35 . 2010-05-18 15:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
.

------- Sigcheck -------

[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . c:\windows\system32\drivers\tcpip.sys

[-] 2010-08-14 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-08-14_09.41.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-14 11:34 . 2010-08-14 11:34 232912 c:\windows\system32\Macromed\Flash\FlashUtil10i_Plugin.exe
+ 2010-08-14 11:34 . 2010-08-14 11:34 5969360 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2009-10-05 2158592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="c:\windows\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-01-13 44544]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Reboot.exe [2006-12-29 409088]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12032:TCP"= 12032:TCP:????

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/14/2010 3:00 AM 135336]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [8/14/2010 9:52 AM 37376]
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\jakee\Application Data\Mozilla\Firefox\Profiles\6ytjaevz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 13:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-08-14 13:09:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-14 12:09
ComboFix2.txt 2010-08-14 09:59
ComboFix3.txt 2010-08-14 09:42

Pre-Run: 34,752,258,048 bytes free
Post-Run: 34,751,705,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 14350754C0C6BC72E39CFBB0C59A38E2

5 Re: BDS\small.iuj on Sat Aug 14, 2010 1:17 am

DragonMaster Jay


Site Owner
Site Owner
We won't need that. I doubt this computer is infected much more.

I just need to do something, though. I think a system driver is infected, too, tcpip.sys. However, I cannot be sure.

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

6 Re: BDS\small.iuj on Sat Aug 14, 2010 1:27 am

janghag


Member
Member
2010/08/14 13:26:42.0078 TDSS rootkit removing tool 2.4.1.1 Aug 10 2010 14:48:09
2010/08/14 13:26:42.0078 ================================================================================
2010/08/14 13:26:42.0078 SystemInfo:
2010/08/14 13:26:42.0078
2010/08/14 13:26:42.0078 OS Version: 5.1.2600 ServicePack: 2.0
2010/08/14 13:26:42.0078 Product type: Workstation
2010/08/14 13:26:42.0078 ComputerName: B6CAA3B35CAE424
2010/08/14 13:26:42.0078 UserName: jakee
2010/08/14 13:26:42.0078 Windows directory: C:\WINDOWS
2010/08/14 13:26:42.0078 System windows directory: C:\WINDOWS
2010/08/14 13:26:42.0078 Processor architecture: Intel x86
2010/08/14 13:26:42.0078 Number of processors: 2
2010/08/14 13:26:42.0078 Page size: 0x1000
2010/08/14 13:26:42.0078 Boot type: Normal boot
2010/08/14 13:26:42.0078 ================================================================================
2010/08/14 13:26:42.0453 Initialize success
2010/08/14 13:27:17.0203 ================================================================================
2010/08/14 13:27:17.0203 Scan started
2010/08/14 13:27:17.0203 Mode: Manual;
2010/08/14 13:27:17.0203 ================================================================================
2010/08/14 13:27:17.0609 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/14 13:27:17.0703 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/14 13:27:17.0796 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2010/08/14 13:27:17.0890 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/08/14 13:27:18.0078 amdide (6e58654cb25730b2579e45e1fd116a47) C:\WINDOWS\system32\DRIVERS\amdide.sys
2010/08/14 13:27:18.0156 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/08/14 13:27:18.0343 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/14 13:27:18.0406 atapi (c4b52426b79c6f6664b70b8e63b1b837) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/14 13:27:18.0484 AtcL001 (7ad0ca6302976fb9889b2bd41e90def3) C:\WINDOWS\system32\DRIVERS\l151x86.sys
2010/08/14 13:27:18.0609 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/14 13:27:18.0703 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/14 13:27:18.0796 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/14 13:27:18.0890 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/14 13:27:18.0937 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/14 13:27:19.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/14 13:27:19.0171 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS
2010/08/14 13:27:19.0281 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/14 13:27:19.0359 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/14 13:27:19.0468 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/14 13:27:19.0531 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/14 13:27:19.0796 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/14 13:27:19.0890 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/14 13:27:20.0062 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/14 13:27:20.0125 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/14 13:27:20.0218 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/14 13:27:20.0312 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/14 13:27:20.0406 Fastfat (144ca88c1bfdb5ed724138d9c08d44c3) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/14 13:27:20.0484 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/08/14 13:27:20.0578 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/14 13:27:20.0671 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/08/14 13:27:20.0765 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/14 13:27:20.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/14 13:27:20.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/14 13:27:20.0984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/08/14 13:27:21.0078 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/14 13:27:21.0125 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/08/14 13:27:21.0265 HTTP (3247a2db333d1521680e6864a8295a47) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/14 13:27:21.0375 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/14 13:27:21.0484 Imapi (ad5e8a6c823f24882a6826d7dbccf4a3) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/14 13:27:21.0640 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/14 13:27:21.0703 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/14 13:27:21.0796 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/14 13:27:21.0859 IpNat (d58ecd3b3969a670e68588f1640920b6) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/14 13:27:21.0968 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/14 13:27:22.0046 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/14 13:27:22.0125 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/14 13:27:22.0203 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/14 13:27:22.0281 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/14 13:27:22.0375 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/14 13:27:22.0500 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/14 13:27:22.0578 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/14 13:27:22.0671 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/14 13:27:22.0750 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/14 13:27:22.0828 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/14 13:27:22.0968 MRxSmb (4ae1dd77357f08b33854ab93b98a1371) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/14 13:27:23.0109 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/14 13:27:23.0156 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/14 13:27:23.0250 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/14 13:27:23.0296 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/14 13:27:23.0343 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/14 13:27:23.0453 Mup (79a9c030299e8cc04f18d0765155d902) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/14 13:27:23.0531 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/14 13:27:23.0656 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/14 13:27:23.0718 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/14 13:27:23.0796 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/14 13:27:23.0890 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/14 13:27:23.0937 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/14 13:27:24.0046 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/14 13:27:24.0140 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/14 13:27:24.0250 Ntfs (04e2d8d0de4c76cee33b7a7a0bcaf8c5) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/14 13:27:24.0406 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/14 13:27:24.0828 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/08/14 13:27:25.0421 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/14 13:27:25.0453 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/14 13:27:25.0515 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/14 13:27:25.0640 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/14 13:27:25.0671 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/14 13:27:25.0718 PCI (de1d9a5d50166a6d8a51daa936fc56a4) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/14 13:27:25.0828 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/14 13:27:25.0890 Pcmcia (36458ab24389af198194f73b9c6db8fe) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/14 13:27:26.0156 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/14 13:27:26.0187 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/14 13:27:26.0234 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/14 13:27:26.0390 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/14 13:27:26.0484 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/14 13:27:26.0531 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/14 13:27:26.0640 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/14 13:27:26.0703 Rdbss (d0fef8156d2d2fec557c100956d76887) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/14 13:27:26.0812 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/14 13:27:26.0875 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/14 13:27:27.0015 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/14 13:27:27.0140 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/14 13:27:27.0234 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/14 13:27:27.0359 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/14 13:27:27.0421 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/14 13:27:27.0453 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/14 13:27:27.0625 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/14 13:27:27.0687 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/14 13:27:27.0812 Srv (54e79b08d0abc9c551d0fe69cc2f87ec) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/14 13:27:27.0921 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/14 13:27:28.0046 STHDA (b2331aa1955c0d66efcb7ddbcd32a2bc) C:\WINDOWS\system32\drivers\sthda.sys
2010/08/14 13:27:28.0156 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/14 13:27:28.0203 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/14 13:27:28.0406 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/14 13:27:28.0468 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys
2010/08/14 13:27:28.0578 Tcpip (2a4818aea80acd2c95d7d92d2f3155f8) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/14 13:27:28.0718 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/14 13:27:28.0765 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/14 13:27:28.0812 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/14 13:27:28.0968 Udfs (5468714efdcc70e24981e5874b5a6ce5) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/14 13:27:29.0078 Update (a4815a4884898f355a3513e60843a4fd) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/14 13:27:29.0203 usbehci (085328b088e4d2bdb359c4952b2489d4) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/14 13:27:29.0265 usbhub (d31e07bf822c7f2bd32714e9ddca8be2) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/14 13:27:29.0343 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/14 13:27:29.0406 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/08/14 13:27:29.0468 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/14 13:27:29.0562 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/14 13:27:29.0687 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/14 13:27:29.0781 ================================================================================
2010/08/14 13:27:29.0781 Scan finished
2010/08/14 13:27:29.0781 ================================================================================

7 Re: BDS\small.iuj on Sat Aug 14, 2010 1:29 am

DragonMaster Jay


Site Owner
Site Owner
Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

8 Re: BDS\small.iuj on Sat Aug 14, 2010 3:37 am

janghag


Member
Member
hi sir, i can't post the result because i was prompted here that the message was so big...

9 Re: BDS\small.iuj on Thu Aug 19, 2010 2:38 pm

DragonMaster Jay


Site Owner
Site Owner
Sorry for the delay, must have missed notification.

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)
Leave the rest of the settings as they appear as default.
  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

10 Re: BDS\small.iuj on Fri Aug 20, 2010 11:12 am

janghag


Member
Member
is that necessary? i scanned my computer with malwarebytes and avira and found nothing... do i have to download and do this?

11 Re: BDS\small.iuj on Sun Aug 22, 2010 1:17 am

DragonMaster Jay


Site Owner
Site Owner
It is recommended to do it, so we can make sure the infection is gone.


..........................................................
DragonMaster Jay
Administrative Director SecuraGeek Association
Advanced Malware Analysts Group Owner


Kaspersky E-Store Kaspersky Anti-Virus 2012: Click Here

Contribute/donate to our site

Ad Bot

View previous topic View next topic Back to top  Message [Page 1 of 1]

SecuraGeek Forums » Malware/Threat Removal » BDS\small.iuj

Permissions in this forum:
You cannot reply to topics in this forum