Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

recurring zbot.g virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: recurring zbot.g virus

Unread postby swiiper » November 15th, 2011, 4:37 pm

I can't download tdsskiller on the infrcted machine but I downloaded it to a flash drive on a clean machine and ran it. Nothing found but perhaps thats because its not running from desktop?:
00:21:18.0203 5704 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
00:21:19.0671 5704 ============================================================
00:21:19.0671 5704 Current date / time: 2011/11/15 00:21:19.0671
00:21:19.0671 5704 SystemInfo:
00:21:19.0671 5704
00:21:19.0671 5704 OS Version: 5.1.2600 ServicePack: 3.0
00:21:19.0671 5704 Product type: Workstation
00:21:19.0671 5704 ComputerName: MIKE
00:21:19.0671 5704 UserName: Michael
00:21:19.0671 5704 Windows directory: C:\WINDOWS
00:21:19.0671 5704 System windows directory: C:\WINDOWS
00:21:19.0671 5704 Processor architecture: Intel x86
00:21:19.0671 5704 Number of processors: 2
00:21:19.0671 5704 Page size: 0x1000
00:21:19.0671 5704 Boot type: Normal boot
00:21:19.0671 5704 ============================================================
00:21:25.0671 5704 Initialize success
00:22:08.0968 3088 ============================================================
00:22:08.0968 3088 Scan started
00:22:08.0968 3088 Mode: Manual;
00:22:08.0968 3088 ============================================================
00:22:10.0578 3088 Abiosdsk - ok
00:22:10.0609 3088 abp480n5 - ok
00:22:10.0687 3088 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:22:10.0796 3088 ACPI - ok
00:22:10.0828 3088 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
00:22:10.0937 3088 ACPIEC - ok
00:22:10.0984 3088 adpu160m - ok
00:22:11.0046 3088 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:22:11.0062 3088 aec - ok
00:22:11.0125 3088 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:22:11.0265 3088 AFD - ok
00:22:11.0281 3088 Aha154x - ok
00:22:11.0296 3088 aic78u2 - ok
00:22:11.0328 3088 aic78xx - ok
00:22:11.0359 3088 AliIde - ok
00:22:11.0406 3088 amsint - ok
00:22:11.0531 3088 AR5416 (6eacc829e76b1efdface633619a3db31) C:\WINDOWS\system32\DRIVERS\athw.sys
00:22:11.0890 3088 AR5416 - ok
00:22:11.0953 3088 asc - ok
00:22:11.0968 3088 asc3350p - ok
00:22:11.0984 3088 asc3550 - ok
00:22:12.0015 3088 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:22:12.0250 3088 AsyncMac - ok
00:22:12.0312 3088 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:22:12.0312 3088 atapi - ok
00:22:12.0343 3088 Atdisk - ok
00:22:12.0390 3088 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:22:12.0500 3088 Atmarpc - ok
00:22:12.0546 3088 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:22:12.0625 3088 audstub - ok
00:22:12.0765 3088 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
00:22:12.0843 3088 AvgLdx86 - ok
00:22:12.0906 3088 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
00:22:12.0968 3088 AvgMfx86 - ok
00:22:13.0031 3088 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
00:22:13.0250 3088 AvgTdiX - ok
00:22:13.0312 3088 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:22:13.0500 3088 Beep - ok
00:22:13.0593 3088 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys
00:22:13.0812 3088 btaudio - ok
00:22:13.0937 3088 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys
00:22:14.0062 3088 BTDriver - ok
00:22:14.0125 3088 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
00:22:14.0281 3088 BthEnum - ok
00:22:14.0343 3088 BTHMODEM (fca6f069597b62d42495191ace3fc6c1) C:\WINDOWS\system32\DRIVERS\bthmodem.sys
00:22:14.0484 3088 BTHMODEM - ok
00:22:14.0578 3088 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
00:22:14.0671 3088 BthPan - ok
00:22:14.0796 3088 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
00:22:15.0093 3088 BTHPORT - ok
00:22:15.0140 3088 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
00:22:15.0312 3088 BTHUSB - ok
00:22:15.0468 3088 BTKRNL (48aad36baefb7820bfeb986763226905) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
00:22:15.0640 3088 BTKRNL - ok
00:22:15.0718 3088 BTWDNDIS (5629767b576a2fdccf1b518843058978) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
00:22:15.0828 3088 BTWDNDIS - ok
00:22:15.0875 3088 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys
00:22:16.0000 3088 BTWUSB - ok
00:22:16.0046 3088 Bulk (cb29230ee722c43eed443baabded721c) C:\WINDOWS\system32\Drivers\HDJBulk.sys
00:22:16.0062 3088 Bulk - ok
00:22:16.0125 3088 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:22:16.0265 3088 cbidf2k - ok
00:22:16.0406 3088 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
00:22:16.0468 3088 CCDECODE - ok
00:22:16.0515 3088 cd20xrnt - ok
00:22:16.0578 3088 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:22:16.0734 3088 Cdaudio - ok
00:22:16.0781 3088 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:22:16.0937 3088 Cdfs - ok
00:22:16.0984 3088 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:22:17.0109 3088 Cdrom - ok
00:22:17.0125 3088 Changer - ok
00:22:17.0218 3088 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:22:17.0328 3088 CmBatt - ok
00:22:17.0343 3088 CmdIde - ok
00:22:17.0375 3088 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:22:17.0500 3088 Compbatt - ok
00:22:17.0531 3088 Cpqarray - ok
00:22:17.0593 3088 dac2w2k - ok
00:22:17.0609 3088 dac960nt - ok
00:22:17.0656 3088 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:22:17.0734 3088 Disk - ok
00:22:17.0953 3088 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:22:18.0125 3088 dmboot - ok
00:22:18.0265 3088 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:22:18.0484 3088 dmio - ok
00:22:18.0578 3088 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:22:18.0640 3088 dmload - ok
00:22:18.0703 3088 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:22:18.0718 3088 DMusic - ok
00:22:18.0796 3088 DNSeFilter (128ae3aedde1e3ae772c88320628fe7c) C:\WINDOWS\system32\drivers\SamsungEDS.sys
00:22:18.0921 3088 DNSeFilter - ok
00:22:19.0000 3088 DOSMEMIO (8a4cb9438571814b128b6dc30d698064) C:\WINDOWS\system32\MEMIO.SYS
00:22:19.0203 3088 DOSMEMIO - ok
00:22:19.0218 3088 dpti2o - ok
00:22:19.0296 3088 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:22:19.0296 3088 drmkaud - ok
00:22:19.0406 3088 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:22:19.0453 3088 Fastfat - ok
00:22:19.0515 3088 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:22:19.0656 3088 Fdc - ok
00:22:19.0703 3088 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:22:19.0750 3088 Fips - ok
00:22:19.0843 3088 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:22:19.0953 3088 Flpydisk - ok
00:22:20.0000 3088 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:22:20.0265 3088 FltMgr - ok
00:22:20.0406 3088 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:22:20.0515 3088 Fs_Rec - ok
00:22:20.0562 3088 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:22:20.0671 3088 Ftdisk - ok
00:22:20.0718 3088 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:22:20.0843 3088 Gpc - ok
00:22:20.0906 3088 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:22:20.0968 3088 HDAudBus - ok
00:22:21.0031 3088 HDJMidi (a840ede400211536c96d38d2c099b284) C:\WINDOWS\system32\DRIVERS\HDJMidi.sys
00:22:21.0031 3088 HDJMidi - ok
00:22:21.0093 3088 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
00:22:21.0203 3088 HidBth - ok
00:22:21.0281 3088 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:22:21.0375 3088 HidUsb - ok
00:22:21.0406 3088 hpn - ok
00:22:21.0484 3088 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:22:21.0640 3088 HTTP - ok
00:22:21.0671 3088 i2omgmt - ok
00:22:21.0703 3088 i2omp - ok
00:22:21.0750 3088 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:22:21.0843 3088 i8042prt - ok
00:22:22.0093 3088 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
00:22:22.0500 3088 ialm - ok
00:22:22.0640 3088 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:22:22.0734 3088 Imapi - ok
00:22:22.0828 3088 ini910u - ok
00:22:23.0031 3088 IntcAzAudAddService (32915772ccd5bc2bf9762195c002a949) C:\WINDOWS\system32\drivers\RtkHDAud.sys
00:22:23.0468 3088 IntcAzAudAddService - ok
00:22:23.0562 3088 IntelIde - ok
00:22:23.0625 3088 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:22:23.0734 3088 intelppm - ok
00:22:23.0750 3088 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:22:23.0843 3088 Ip6Fw - ok
00:22:23.0906 3088 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:22:24.0078 3088 IpFilterDriver - ok
00:22:24.0265 3088 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:22:24.0312 3088 IpInIp - ok
00:22:24.0375 3088 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:22:24.0500 3088 IpNat - ok
00:22:24.0562 3088 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:22:24.0671 3088 IPSec - ok
00:22:24.0734 3088 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:22:24.0796 3088 IRENUM - ok
00:22:24.0843 3088 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:22:25.0031 3088 isapnp - ok
00:22:25.0093 3088 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:22:25.0203 3088 Kbdclass - ok
00:22:25.0250 3088 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:22:25.0390 3088 kbdhid - ok
00:22:25.0468 3088 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:22:25.0500 3088 kmixer - ok
00:22:25.0562 3088 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:22:25.0828 3088 KSecDD - ok
00:22:25.0906 3088 lbrtfdc - ok
00:22:25.0984 3088 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:22:26.0093 3088 mnmdd - ok
00:22:26.0171 3088 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:22:26.0265 3088 Modem - ok
00:22:26.0296 3088 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:22:26.0406 3088 Mouclass - ok
00:22:26.0437 3088 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:22:26.0500 3088 mouhid - ok
00:22:26.0531 3088 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:22:26.0656 3088 MountMgr - ok
00:22:26.0671 3088 mraid35x - ok
00:22:26.0734 3088 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:22:26.0734 3088 MRxDAV - ok
00:22:26.0812 3088 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:22:27.0031 3088 MRxSmb - ok
00:22:27.0171 3088 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:22:27.0296 3088 Msfs - ok
00:22:27.0375 3088 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:22:27.0468 3088 MSKSSRV - ok
00:22:27.0515 3088 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:22:27.0593 3088 MSPCLOCK - ok
00:22:27.0718 3088 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:22:27.0796 3088 MSPQM - ok
00:22:27.0859 3088 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:22:27.0968 3088 mssmbios - ok
00:22:28.0015 3088 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
00:22:28.0218 3088 MSTEE - ok
00:22:28.0281 3088 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:22:28.0375 3088 Mup - ok
00:22:28.0437 3088 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
00:22:28.0515 3088 NABTSFEC - ok
00:22:28.0609 3088 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:22:28.0750 3088 NDIS - ok
00:22:28.0812 3088 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
00:22:28.0921 3088 NdisIP - ok
00:22:28.0968 3088 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:22:29.0031 3088 NdisTapi - ok
00:22:29.0093 3088 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:22:29.0093 3088 Ndisuio - ok
00:22:29.0125 3088 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:22:29.0234 3088 NdisWan - ok
00:22:29.0281 3088 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:22:29.0453 3088 NDProxy - ok
00:22:29.0515 3088 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:22:29.0640 3088 NetBIOS - ok
00:22:29.0703 3088 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:22:29.0828 3088 NetBT - ok
00:22:29.0921 3088 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:22:30.0062 3088 Npfs - ok
00:22:30.0109 3088 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:22:30.0234 3088 Ntfs - ok
00:22:30.0296 3088 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:22:30.0390 3088 Null - ok
00:22:30.0437 3088 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:22:30.0515 3088 NwlnkFlt - ok
00:22:30.0562 3088 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:22:30.0671 3088 NwlnkFwd - ok
00:22:30.0765 3088 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
00:22:30.0890 3088 Parport - ok
00:22:30.0921 3088 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:22:31.0125 3088 PartMgr - ok
00:22:31.0171 3088 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:22:31.0187 3088 ParVdm - ok
00:22:31.0218 3088 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:22:31.0390 3088 PCI - ok
00:22:31.0421 3088 PCIDump - ok
00:22:31.0453 3088 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:22:31.0546 3088 PCIIde - ok
00:22:31.0640 3088 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
00:22:31.0703 3088 Pcmcia - ok
00:22:31.0718 3088 PDCOMP - ok
00:22:31.0750 3088 PDFRAME - ok
00:22:31.0812 3088 PDRELI - ok
00:22:31.0843 3088 PDRFRAME - ok
00:22:31.0875 3088 perc2 - ok
00:22:31.0906 3088 perc2hib - ok
00:22:32.0000 3088 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:22:32.0078 3088 PptpMiniport - ok
00:22:32.0125 3088 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:22:32.0250 3088 PSched - ok
00:22:32.0312 3088 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:22:32.0406 3088 Ptilink - ok
00:22:32.0421 3088 ql1080 - ok
00:22:32.0453 3088 Ql10wnt - ok
00:22:32.0484 3088 ql12160 - ok
00:22:32.0500 3088 ql1240 - ok
00:22:32.0515 3088 ql1280 - ok
00:22:32.0578 3088 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:22:32.0718 3088 RasAcd - ok
00:22:32.0781 3088 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:22:32.0953 3088 Rasl2tp - ok
00:22:32.0984 3088 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:22:33.0171 3088 RasPppoe - ok
00:22:33.0203 3088 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:22:33.0265 3088 Raspti - ok
00:22:33.0343 3088 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:22:33.0500 3088 Rdbss - ok
00:22:33.0562 3088 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:22:33.0843 3088 RDPCDD - ok
00:22:33.0953 3088 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
00:22:34.0125 3088 RDPWD - ok
00:22:34.0171 3088 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:22:34.0312 3088 redbook - ok
00:22:34.0437 3088 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
00:22:34.0515 3088 RFCOMM - ok
00:22:34.0640 3088 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:22:34.0640 3088 Secdrv - ok
00:22:34.0718 3088 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
00:22:34.0843 3088 Serial - ok
00:22:34.0890 3088 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
00:22:34.0984 3088 Sfloppy - ok
00:22:35.0046 3088 Simbad - ok
00:22:35.0093 3088 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
00:22:35.0203 3088 SLIP - ok
00:22:35.0218 3088 Sparrow - ok
00:22:35.0281 3088 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:22:35.0296 3088 splitter - ok
00:22:35.0375 3088 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:22:35.0468 3088 sr - ok
00:22:35.0515 3088 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:22:35.0640 3088 Srv - ok
00:22:35.0734 3088 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
00:22:35.0843 3088 streamip - ok
00:22:35.0890 3088 SUEPD (c0137b5947ae3d3fc1c17ba6fdfb3dad) C:\WINDOWS\system32\DRIVERS\SUE_PD.sys
00:22:35.0968 3088 SUEPD - ok
00:22:36.0015 3088 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:22:36.0156 3088 swenum - ok
00:22:36.0203 3088 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:22:36.0218 3088 swmidi - ok
00:22:36.0234 3088 symc810 - ok
00:22:36.0281 3088 symc8xx - ok
00:22:36.0296 3088 sym_hi - ok
00:22:36.0343 3088 sym_u3 - ok
00:22:36.0406 3088 SynTP (ea447f6db6115e8a32352f9faffa824d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
00:22:36.0531 3088 SynTP - ok
00:22:36.0578 3088 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:22:36.0593 3088 sysaudio - ok
00:22:36.0671 3088 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:22:36.0906 3088 Tcpip - ok
00:22:36.0937 3088 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:22:36.0984 3088 TDPIPE - ok
00:22:37.0062 3088 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:22:37.0218 3088 TDTCP - ok
00:22:37.0250 3088 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:22:37.0390 3088 TermDD - ok
00:22:37.0421 3088 TosIde - ok
00:22:37.0515 3088 UAExt (d81fd8e56fd9007445464bf7834c41ea) C:\WINDOWS\system32\DRIVERS\UAExt.sys
00:22:37.0625 3088 UAExt - ok
00:22:37.0734 3088 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:22:37.0843 3088 Udfs - ok
00:22:37.0890 3088 ultra - ok
00:22:37.0937 3088 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:22:38.0031 3088 Update - ok
00:22:38.0078 3088 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
00:22:38.0281 3088 usbaudio - ok
00:22:38.0343 3088 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:22:38.0453 3088 usbccgp - ok
00:22:38.0500 3088 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:22:38.0578 3088 usbehci - ok
00:22:38.0640 3088 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:22:38.0765 3088 usbhub - ok
00:22:38.0875 3088 USBMULCD (f23d08cf90c0dfe8b20b9236a0002250) C:\WINDOWS\system32\drivers\CM106.sys
00:22:39.0093 3088 USBMULCD - ok
00:22:39.0140 3088 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
00:22:39.0296 3088 usbprint - ok
00:22:39.0328 3088 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:22:39.0468 3088 usbscan - ok
00:22:39.0515 3088 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:22:39.0515 3088 USBSTOR - ok
00:22:39.0562 3088 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:22:39.0671 3088 usbuhci - ok
00:22:39.0781 3088 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
00:22:39.0921 3088 usbvideo - ok
00:22:39.0968 3088 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:22:40.0109 3088 VgaSave - ok
00:22:40.0109 3088 ViaIde - ok
00:22:40.0218 3088 VMC326 (4f101e48d060e318752fbc458a4b49f0) C:\WINDOWS\system32\Drivers\VMC326.sys
00:22:40.0375 3088 VMC326 - ok
00:22:40.0437 3088 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:22:40.0515 3088 VolSnap - ok
00:22:40.0609 3088 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:22:40.0687 3088 Wanarp - ok
00:22:40.0750 3088 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
00:22:40.0921 3088 Wdf01000 - ok
00:22:40.0953 3088 WDICA - ok
00:22:41.0015 3088 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:22:41.0046 3088 wdmaud - ok
00:22:41.0171 3088 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
00:22:41.0265 3088 WSTCODEC - ok
00:22:41.0390 3088 yukonwxp (1661bf323aa86d1b6dd1fb6f2402d119) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
00:22:41.0562 3088 yukonwxp - ok
00:22:41.0640 3088 MBR (0x1B8) (a0a345f7ab6f3bac008fb0de602e66cd) \Device\Harddisk0\DR0
00:22:42.0250 3088 \Device\Harddisk0\DR0 - ok
00:22:42.0265 3088 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR4
00:22:42.0281 3088 \Device\Harddisk1\DR4 - ok
00:22:42.0296 3088 Boot (0x1200) (cf0eb274a141103eec62d57191b6bf0c) \Device\Harddisk0\DR0\Partition0
00:22:42.0296 3088 \Device\Harddisk0\DR0\Partition0 - ok
00:22:42.0328 3088 Boot (0x1200) (3c964784cd81ee45c896b01f31a16219) \Device\Harddisk0\DR0\Partition1
00:22:42.0328 3088 \Device\Harddisk0\DR0\Partition1 - ok
00:22:42.0328 3088 Boot (0x1200) (e2d7746edd28b2d9b58f7e05a1b592ee) \Device\Harddisk1\DR4\Partition0
00:22:42.0343 3088 \Device\Harddisk1\DR4\Partition0 - ok
00:22:42.0343 3088 ============================================================
00:22:42.0343 3088 Scan finished
00:22:42.0343 3088 ============================================================
00:22:42.0375 4316 Detected object count: 0
00:22:42.0375 4316 Actual detected object count: 0
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm
Advertisement
Register to Remove

Re: recurring zbot.g virus

Unread postby askey127 » November 15th, 2011, 7:54 pm

Please run aswMBR as I requested.
Do it the same way if you have to.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: recurring zbot.g virus

Unread postby swiiper » November 16th, 2011, 7:59 pm

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-16 23:53:37
-----------------------------
23:53:37.484 OS Version: Windows 5.1.2600 Service Pack 3
23:53:37.484 Number of processors: 2 586 0x1C02
23:53:37.484 ComputerName: MIKE UserName:
23:53:38.531 Initialize success
23:53:56.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
23:53:56.828 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
23:53:58.890 Disk 0 MBR read successfully
23:53:58.890 Disk 0 MBR scan
23:53:58.890 Disk 0 unknown MBR code
23:53:58.906 Disk 0 scanning sectors +312578048
23:53:59.000 Disk 0 scanning C:\WINDOWS\system32\drivers
23:54:23.812 Service scanning
23:54:25.078 Modules scanning
23:54:33.640 Disk 0 trace - called modules:
23:54:33.656 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
23:54:33.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86fe18f0]
23:54:33.671 3 CLASSPNP.SYS[f75cbfd7] -> nt!IofCallDriver -> \Device\00000066[0x86fc69e8]
23:54:33.671 5 ACPI.sys[f7542620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86fc7940]
23:54:33.703 Scan finished successfully
23:55:05.468 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Michael\Desktop\MBR.dat"
23:55:05.468 The log file has been saved successfully to "C:\Documents and Settings\Michael\Desktop\aswMBR.txt"
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm

Re: recurring zbot.g virus

Unread postby askey127 » November 18th, 2011, 5:18 pm

swiiper,
Your computer is behaving abnormally, but there does not appear to be a detectable virus on board.
That usually signifies a rootkit present, because it can hide any malware file so the system can't see it.
In your case, however, there is no rootkit visible either.

I would like you to check your router.
------------------------------------------------
Note:If you use a router, wireless or wired, make sure that the administrator password for the router installation has been changed to one that you chose.
If the default password is retained, a remote attacker can install his own server address in between you and your Internet Provider. (The default passwords are published).
(This is not the password you may need to connect to your wireless network. It's the one you have to enter in the setup screen WHEN YOU SET UP the ROUTER.)
In case the router has been hacked, other machines connected to the same router will also see some type of abnormal behavior.
If you go into the router installation routine, you can take a quick look at the IP addresses in the router setup to make sure no changes have been made.
You may need Tech Help from your Internet Provider, or the original instructions, to make sure this is correct.
Is this something you can do?

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: recurring zbot.g virus

Unread postby swiiper » November 21st, 2011, 5:11 pm

I think the router is okay. The original set up password was changed a long time ago. Also other devices on the network at home do not appear to be affected. I'm using a brand new laptop and the only issue was after I unplugged the flash drive from the affected computer and put it back in here to the new one. My antivirus stopped a bunch of trojans that came from the flash!

Also, for the first number of post on this topic (prob 2 days), I was not on the wireless network at home at all and that's when the issue started.

I have enabled remote access for the router so you can look yourself - do you want me to PM user, password and address to you?
swiiper
Regular Member
 
Posts: 36
Joined: November 3rd, 2011, 12:44 pm

Re: recurring zbot.g virus

Unread postby askey127 » November 21st, 2011, 7:31 pm

swiiper,
No, that's OK.
Thanks for the info.
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • Now quit all running programs.
  • Double click RogueKiller.exe to run it.
  • When prompted, type 1 and hit Enter.
  • A RKreport.txt should appear on your desktop.
  • Note: If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe .
  • Please post the contents of the RKreport.txt in your next Reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: recurring zbot.g virus

Unread postby askey127 » November 26th, 2011, 8:46 am

Due to Lack of Response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware