Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
I had this virus earlier, but did not experience any major symptoms except in like 2 days, of having it my system wouldn't startup past the main startup of a reset.
I had this virus a few days ago, and thought I had gotten rid of it, by doing a full system reinstall. Windows somehow backed up a lot of my old files. After I started my windows again and copied over my backups, I saw this virus pop up. I tried stuff from this website where I originally asked my question.
Microsoft
I also got expert assistance from people(Microsoft people),it was free, who claim to have been in the antivirus and malware services for 5+ years. Person tried Rkill and TDSSkiller and Mbam, MSE, which those 2 I already had, and windows defender, AVG, Superantispyware. He tried renaming the TDSSkiller program but was unable to remove the Rootkit.boot.SST.B that came along with the virus DOS\Alureon.e.
My GMER log might be a little weird, could only have my Services, files, and registries checked since I recently reinstalled, and just copied my backups over.
DDS Log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Michael Nicodemus at 19:10:01 on 2011-11-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.2023 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\DllHost.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michael Nicodemus\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
uRun: [Google Update] "C:\Users\Michael Nicodemus\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRunOnce: [Microsoft Security Client] C:\Program Files\Microsoft Security Client\msseces.exe /UpdateAndQuickScan /OpenWebPageOnClose
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{2772379B-B59C-4E2D-BB9B-04F36375DF30} : DhcpNameServer = 10.0.0.1
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
.
=============== Created Last 30 ================
.
2011-11-29 23:55:49 -------- d-----w- C:\Users\Michael Nicodemus\AppData\Local\Google
2011-11-29 23:43:29 917840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F86A6041-2307-46D8-8FA5-3264266D9E1E}\gapaengine.dll
2011-11-29 23:43:25 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC2642EB-8CC1-496D-8773-2F8CE6EA4FAD}\offreg.dll
2011-11-29 23:43:22 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EC2642EB-8CC1-496D-8773-2F8CE6EA4FAD}\mpengine.dll
2011-11-29 23:38:10 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-29 23:38:02 -------- d-sh--w- C:\Windows\Installer
2011-11-29 23:38:02 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-29 23:32:47 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C0F75A5-A03D-495A-B396-A46C2D0246AB}\mpengine.dll
2011-11-29 23:32:47 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-29 23:20:40 139264 ----a-w- C:\Windows\System32\cabview.dll
2011-11-29 23:20:40 132608 ----a-w- C:\Windows\SysWow64\cabview.dll
2011-11-29 15:14:27 -------- d-----w- C:\Windows\Panther
2011-11-29 14:53:40 -------- d-----w- C:\Windows.old.000
2011-11-27 23:59:52 -------- d-sh--w- C:\found.003
2011-11-27 23:27:00 -------- d-sh--w- C:\Boot
2011-11-27 23:15:11 -------- d-----w- C:\Windows.old
2011-11-27 21:42:24 -------- d-sh--w- C:\Recovery
2011-11-27 01:18:37 -------- d-----w- C:\Old
2011-11-25 19:12:18 -------- d-----w- C:\sh4ldr
.
==================== Find3M ====================
.
.
============= FINISH: 19:10:28.19 ===============
Attached File(s)
-
Attach.txt (3.19K)
Number of downloads: 0
This post has been edited by Nickod: 29 November 2011 - 07:14 PM
Back to top
