alright,TDSS killer didnt kill the rootkit neither ots did any good so another option this is a
tdl4 rootkit.We need a bigger tool to kill it so follow this:
Download
aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply
after the scan is complete u can hit fix or fixmbr option to remove the rootkit.THENStart OTS. Copy/Paste the information in the quotebox below into the panel where it says
"Paste fix here" and then click the
Run Fix button.
it may ask to reboot after the fix is completed please do the same if asked.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\"XMLHTTP_UUID_Default" -> BD 0E 95 01 3B 31 A1 44 BB 43 1F 4A 1E 73 F4 62 [binary data] ->
YN->HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\"XMLHTTP_UUID_Default" -> BD 0E 95 01 3B 31 A1 44 BB 43 1F 4A 1E 73 F4 62 [binary data] ->
YN->HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
YN->network.proxy.http -> "127.0.0.1" ->
YN->network.proxy.http_port -> 52889 ->
YN->network.proxy.type -> 0 ->
YN->HOSTS File > ([2001/08/23 06:00:00 | 000,000,734 | ----->
YN->C:\WINDOWS\system32\drivers\etc\hosts ->
YN->Reset Hosts
YN->127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
YN->{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
YN->{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} [HKLM]->[Somoto Toolbar]->File not found
YN->{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} [HKLM]->[Somoto Toolbar]->File not found
YN->WebBrowser\\"{9D425283-D487-4337-BAB6-AB8354A81457}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-329068152-2077806209-1417001333-1003\] > -> HKEY_USERS\S-1-5-21-329068152-2077806209-1417001333-1003\Software\Microsoft\Internet Explorer\Extensions\ ->
YN->CmdMapping\\"{898EA8C8-E7FF-479B-8935-AEC46303B9E5}" [HKLM] -> [Reg Error: Key error.] -> File not found
[Registry - Additional Scans - Safe List]
YN->Load hkey=HKCU key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -> -> File not found
[Files/Folders - Created Within 30 Days]
NY-> C:\Program Files\BFG
NY-> C:\Documents and Settings\tammy Blackwell\Application Data\sekrbfg
NY-> C:\Documents and Settings\All Users\Application Data\Trymedia
NY-> C:\Documents and Settings\tammy Blackwell\Local Settings\Application Data\fd
[Files/Folders - Modified Within 30 Days]
NY-> C:\WINDOWS\System32\776005517
NY-> C:\Documents and Settings\tammy Blackwell\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY-> C:\Documents and Settings\tammy Blackwell\Application Data\C24A.F9C
NY-> C:\WINDOWS\tasks\At1.job
NY-> C:\WINDOWS\System32\dllcache\tcpip.sys
[Files - No Company Name]
NY-> C:\WINDOWS\System32\authz32.exe
NY-> C:\WINDOWS\System32\shfolder32.exe
NY-> C:\WINDOWS\System32\776005517
[File - Lop Check]
NY-> C:\Documents and Settings\tammy Blackwell\Application Data\Toolbar4
NY-> C:\WINDOWS\Tasks\At1.job
NY-> C:\Documents and Settings\tammy Blackwell\Application Data\sekrbfg
NY-> C:\Documents and Settings\tammy Blackwell\Application Data\TOMI3
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[Custom Items]
:files
ipconfig /flushdns /c
:end
post aswmbr and ots log on next reply.