Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirection to ads when i click on links on google/yahoo, popup ads


  • Please log in to reply
14 replies to this topic

#1 raptorizedkevin

raptorizedkevin

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 18 July 2010 - 05:03 PM

Hey, im new to this site. Glad to finally be using it.

i have a problem that has been going on for some time now.
I would search for things on google and yahoo and when im clicking on the link i will get redirected to an advertisor site. For example, i would go to google, type in NBA and then click on the nba .com link and get redirected to an ad. i would also get a popup ad while on the internet after i used google to serch. I also would get redirected back to the google serch engine site when i click on a link on google.
Ive Tried posting for help on yahoo answers and no one seems to know how to solve the problem. Im currently using AVG. 9.0 Interenet security that i purchased. I also have Malwarebytes, and advanced system care.
Ive scanned with them and none can solve the problem. Other people from yahoo answers have suggested many other things like spybot and combo fix, and i really dont know what to do to solve this problem. Can anyone please explain all the steps in nessary details on how to solve my problem? im very bad with computers i would even appreciate screen shots along the way for more clarity in your explainations. Thank you, i look forward to your soupport =D

By the way, where is the spell check button?

Edited by raptorizedkevin, 18 July 2010 - 05:04 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 AM

Posted 19 July 2010 - 12:14 PM

Please follow these instructions: How to remove the TDSS, TDL3 rootkit using TDSSKiller

If that does not work, then download Norman TDSS Cleaner and save to your Desktop.
  • Double-click on Norman_TDSS_Cleaner.exe to run the tool.
  • Read the agreement and click Accept.
  • When the program window opens, click Start scan.
  • After the scan has finished, a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 19 July 2010 - 02:37 PM

Please follow these instructions: How to remove the TDSS, TDL3 rootkit using TDSSKiller

If that does not work, then download Norman TDSS Cleaner and save to your Desktop.

  • Double-click on Norman_TDSS_Cleaner.exe to run the tool.
  • Read the agreement and click Accept.
  • When the program window opens, click Start scan.
  • After the scan has finished, a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.



i didnt understand how to use the tdss killer. And i dont have that Doctor program installed that gives me fake warning. i tried downloading norman tdss cleaner.exe and when i downloaded it i got to a screen where i had to run it and then it gave me a message saying " Unable to extract resource:nsak.sys. Error(0x00000002)

#4 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 19 July 2010 - 02:59 PM

Please follow these instructions: How to remove the TDSS, TDL3 rootkit using TDSSKiller

If that does not work, then download Norman TDSS Cleaner and save to your Desktop.

  • Double-click on Norman_TDSS_Cleaner.exe to run the tool.
  • Read the agreement and click Accept.
  • When the program window opens, click Start scan.
  • After the scan has finished, a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.



okay what i did instead since i had an error was, i redownloaded the norman application and scanned, it found a TDSS thing and said it was cured. here is the file. For personal reasons, does it matter if i left out my user name? you'll notice i took that user name out just for pursonal reasons. However, if it is really needed than i can supply you with the information.

heres is the log :

Norman TDSS Cleaner
Version 1.9.3
Copyright 1990 - 2010, Norman ASA. Built 2010/05/25 05:56:03

Norman Scanner Engine Version: 6.04.08
Nvcbin.def Version: 6.04.00, Date: 2010/05/25 05:56:03, Variants: 57644

Scan started: 2010/07/19 15:42:27

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Home 5.1.2600 Service Pack 3
Logged on user:

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoDrives = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer -> NoResolveSearch = 0x00000001

Running anti-TDSS module:

TDSS/TDL3 Rootkit Detected
Infected driver successfully cured
Reboot required to complete rootkit disinfection


Running post-scan cleanup routine:
Failed to locate shared service executable: C:\WINDOWS\System32\appmgmts.dll
Removed service: AppMgmt

Number of files found: 0
Number of archives unpacked: 0
Number of files scanned: 0

#5 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 19 July 2010 - 03:16 PM

also, while running that program, it asked for my co mputer to be rebooted. so instead of closing everything and hitting the " quit" button, i just went to restart, and while surfing the web i got another ad popup =/

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 AM

Posted 19 July 2010 - 05:17 PM

i didnt understand how to use the tdss killer. And i dont have that Doctor program installed that gives me fake warning.

Dr. Guard is only one example. The tool works on others so don't worry if you don't have that one.

There are step by step instructions with screenshots in that guide...what part do you not understand?

Download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Before running TDSSKiller, you first need to rename it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com).
  • Some types of malware will disable security tools so they will not run. Renaming helps to prevent the malware from doing this.
    If you do not see the file extension, please refer to
    How to change the file extension.
  • Double-click on 123abc.com to run the tool and scan your computer for known TDSS variants.
  • If any variants are found, TDSSKiller will advise what has been detected.
  • It will then prompt you to type delete into into the screen. Type delete and press Enter
  • You will be prompted to reboot the computer to finish the cleaning process. When prompted to reboot, press the Y key and press Enter.
  • If not prompted, reboot manually.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 20 July 2010 - 12:32 PM

i didnt understand how to use the tdss killer. And i dont have that Doctor program installed that gives me fake warning.

Dr. Guard is only one example. The tool works on others so don't worry if you don't have that one.

There are step by step instructions with screenshots in that guide...what part do you not understand?

Download the TDSS Rootkit Removing Tool (TDSSKiller.zip) and save it to your Desktop. <-Important!!!
  • Extract (unzip) the file to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the Desktop. (click here if you're not sure how to do this. Vista users refer to these instructions.)
  • Before running TDSSKiller, you first need to rename it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com).
  • Some types of malware will disable security tools so they will not run. Renaming helps to prevent the malware from doing this.
    If you do not see the file extension, please refer to
    How to change the file extension.
  • Double-click on 123abc.com to run the tool and scan your computer for known TDSS variants.
  • If any variants are found, TDSSKiller will advise what has been detected.
  • It will then prompt you to type delete into into the screen. Type delete and press Enter
  • You will be prompted to reboot the computer to finish the cleaning process. When prompted to reboot, press the Y key and press Enter.
  • If not prompted, reboot manually.



okay, i did what you told me to do. It found alim1541.sys as an infection i believe and said it would be removed after a reboot. I never recieved an option to run the program, i just double clicked and it started scanning. I also never recieved the option to type in " delete". What should i do now to confirm that my computer is cured? rescan?

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 AM

Posted 20 July 2010 - 12:42 PM

A log file named TDSSKiller_version_date_time (i.e. TDSSKiller.2.3.2.2_20.07.2010.08.26.56_log.txt) should have been created and saved to the root directory (usually Local Disk C:) showing the results.

Also let me know how your computer is running and if there are any more reports/alerts, signs of infection or browser redirections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 20 July 2010 - 12:43 PM

by the way sir, yestarday instead of using TDSS killer i used the other security you recommended. It found the infection and said it would be deleted once rebooted. However, when i scanned once again it found th TDSS infection again and again. However, the TDSS killer seems to have killer my infection . It looks good for now, no redirection or ads. I'll fill you in on the status of my computer if it recieves a redirection or popup. As for now, what can i do to verify that the TDSS is gone? i rescaned with tdss killer and it found nothing, so i think thats just one sign that the TDSS is no longer on my computer? thank you very much your time and patience. I really do appreciate you helping me through my computer problem. Thank you very much sir =D

#10 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 20 July 2010 - 12:47 PM

A log file named TDSSKiller_version_date_time (i.e. TDSSKiller.2.3.2.2_20.07.2010.08.26.56_log.txt) should have been created and saved to the root directory (usually Local Disk C:) showing the results.

Also let me know how your computer is running and if there are any more reports/alerts, signs of infection or browser redirections.


i found the note pad file that you are talking about. Would you like me to paste it here ?

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 AM

Posted 20 July 2010 - 12:49 PM

Yes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 20 July 2010 - 12:53 PM

13:14:51:734 2796 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
13:14:51:734 2796 ================================================================================
13:14:51:734 2796 SystemInfo:

13:14:51:734 2796 OS Version: 5.1.2600 ServicePack: 3.0
13:14:51:734 2796 Product type: Workstation
13:14:51:734 2796 ComputerName:
13:14:51:734 2796 UserName:
13:14:51:734 2796 Windows directory: C:\WINDOWS
13:14:51:734 2796 System windows directory: C:\WINDOWS
13:14:51:734 2796 Processor architecture: Intel x86
13:14:51:734 2796 Number of processors: 1
13:14:51:734 2796 Page size: 0x1000
13:14:51:734 2796 Boot type: Normal boot
13:14:51:734 2796 ================================================================================
13:14:52:718 2796 Initialize success
13:14:52:718 2796
13:14:52:718 2796 Scanning Services ...
13:14:53:343 2796 Raw services enum returned 380 services
13:14:53:375 2796
13:14:53:375 2796 Scanning Drivers ...
13:14:55:734 2796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:14:55:812 2796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:14:55:953 2796 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:14:56:234 2796 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:14:56:312 2796 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:14:56:484 2796 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
13:14:56:796 2796 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:14:56:859 2796 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:14:56:937 2796 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:14:57:015 2796 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:14:57:093 2796 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:14:57:593 2796 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:14:57:703 2796 alim1541 (f8470fd65f690d2577de2904eb91529a) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:14:57:703 2796 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\alim1541.sys. Real md5: f8470fd65f690d2577de2904eb91529a, Fake md5: cb08aed0de2dd889a8a820cd8082d83c
13:14:57:703 2796 File "C:\WINDOWS\system32\DRIVERS\alim1541.sys" infected by TDSS rootkit ... 13:15:00:468 2796 Backup copy not found, trying to cure infected file..
13:15:00:468 2796 Cure success, using it..
13:15:00:500 2796 will be cured on next reboot
13:15:00:625 2796 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:15:00:703 2796 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:15:00:765 2796 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:15:00:906 2796 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:15:01:140 2796 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:15:01:218 2796 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
13:15:01:453 2796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:15:01:671 2796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:15:01:765 2796 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:15:02:015 2796 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:15:02:296 2796 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
13:15:02:437 2796 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
13:15:02:515 2796 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
13:15:02:656 2796 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:15:03:187 2796 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:15:03:250 2796 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:15:03:312 2796 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:15:03:578 2796 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:15:03:640 2796 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:15:03:875 2796 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:15:03:953 2796 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:15:04:296 2796 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:15:04:406 2796 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:15:04:515 2796 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:15:04:640 2796 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:15:04:718 2796 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:15:04:812 2796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:15:05:203 2796 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:15:05:500 2796 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:15:06:234 2796 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:15:06:390 2796 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:15:06:531 2796 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:15:06:718 2796 drvmcdb (b15f9e526ba511a48b1b1b8537815740) C:\WINDOWS\system32\drivers\drvmcdb.sys
13:15:06:796 2796 drvnddm (fa4670cae95ae2bb857c68e535661145) C:\WINDOWS\system32\drivers\drvnddm.sys
13:15:06:890 2796 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
13:15:07:187 2796 Eplpdx02 (bf8bad1fac5c0c73ae97859a3eb428bc) C:\WINDOWS\system32\Drivers\EPLPDX02.SYS
13:15:07:437 2796 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
13:15:07:578 2796 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
13:15:07:703 2796 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:15:07:781 2796 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:15:08:093 2796 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:15:08:375 2796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
13:15:08:593 2796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
13:15:08:656 2796 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:15:08:890 2796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:15:09:000 2796 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:15:09:250 2796 gmer (b56eb0a2210980e76390bd670bcb618b) C:\WINDOWS\system32\DRIVERS\gmer.sys
13:15:09:531 2796 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:15:09:734 2796 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS
13:15:09:937 2796 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
13:15:10:046 2796 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:15:10:343 2796 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:15:10:437 2796 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
13:15:10:765 2796 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
13:15:11:109 2796 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:15:11:375 2796 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:15:11:671 2796 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:15:11:750 2796 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:15:12:093 2796 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
13:15:12:437 2796 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:15:12:656 2796 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:15:12:781 2796 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:15:12:875 2796 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:15:13:171 2796 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
13:15:13:406 2796 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:15:13:703 2796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:15:13:921 2796 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:15:14:250 2796 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:15:14:531 2796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:15:14:781 2796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:15:14:906 2796 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:15:15:187 2796 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
13:15:15:328 2796 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:15:15:421 2796 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:15:15:562 2796 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
13:15:15:828 2796 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
13:15:16:062 2796 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:15:16:296 2796 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:15:16:593 2796 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
13:15:16:812 2796 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:15:17:093 2796 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:15:17:328 2796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:15:17:453 2796 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:15:17:531 2796 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:15:17:625 2796 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:15:17:781 2796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:15:17:843 2796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:15:18:125 2796 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:15:18:359 2796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:15:18:593 2796 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:15:19:031 2796 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:15:19:312 2796 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
13:15:19:375 2796 MxlW2k (a1520761f42dbb06db7929d6fa9753ea) C:\WINDOWS\system32\drivers\MxlW2k.sys
13:15:19:609 2796 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:15:19:812 2796 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:15:19:953 2796 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:15:20:250 2796 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:15:20:421 2796 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:15:20:531 2796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:15:20:734 2796 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
13:15:21:000 2796 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:15:21:078 2796 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:15:21:359 2796 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:15:21:546 2796 nsak (a3033d93e8a92e0be8022dd9825547ba) C:\DOCUME~1\KEVINF~1\LOCALS~1\Temp\00000815.nmc\nse\bin\nsak.sys
13:15:21:687 2796 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:15:21:812 2796 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:15:22:140 2796 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
13:15:22:515 2796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:15:22:828 2796 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:15:23:031 2796 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
13:15:23:328 2796 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:15:23:390 2796 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:15:23:562 2796 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:15:23:718 2796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:15:23:843 2796 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:15:24:312 2796 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:15:24:406 2796 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:15:24:515 2796 pnarp (f5ee6aceff997df5f3bf47126c745f6f) C:\WINDOWS\system32\DRIVERS\pnarp.sys
13:15:24:843 2796 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:15:25:093 2796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:15:25:359 2796 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:15:25:593 2796 purendis (182f9e6d35991c9f0f2fcf007daddcc9) C:\WINDOWS\system32\DRIVERS\purendis.sys
13:15:25:921 2796 PxHelp20 (7e1eacdecba39e0b2a35306426f0decc) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:15:26:062 2796 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:15:26:156 2796 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:15:26:250 2796 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:15:26:375 2796 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:15:26:453 2796 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:15:26:562 2796 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:15:26:796 2796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:15:27:000 2796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:15:27:375 2796 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:15:27:625 2796 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:15:27:750 2796 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:15:28:078 2796 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:15:28:437 2796 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
13:15:28:734 2796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:15:28:937 2796 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:15:29:156 2796 senfilt (9a4c4a4b191200f12085d188be70e4e3) C:\WINDOWS\system32\drivers\senfilt.sys
13:15:29:484 2796 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
13:15:29:750 2796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
13:15:29:968 2796 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:15:30:250 2796 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:15:30:421 2796 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:15:30:656 2796 smwdm (479533bacc58b1edf916855bcd139556) C:\WINDOWS\system32\drivers\smwdm.sys
13:15:30:953 2796 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:15:31:109 2796 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:15:31:296 2796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:15:31:453 2796 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
13:15:31:609 2796 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
13:15:31:750 2796 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
13:15:31:828 2796 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:15:32:093 2796 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:15:32:359 2796 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:15:32:500 2796 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:15:32:562 2796 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:15:32:718 2796 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:15:32:828 2796 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:15:32:921 2796 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:15:33:156 2796 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:15:33:468 2796 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:15:33:718 2796 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:15:33:968 2796 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:15:34:234 2796 tfsnboio (1d265cd2fb1673a0873bf8cec19ddc7f) C:\WINDOWS\system32\dla\tfsnboio.sys
13:15:34:500 2796 tfsncofs (62e4901295e0467cac78e5b4b131ae5c) C:\WINDOWS\system32\dla\tfsncofs.sys
13:15:34:812 2796 tfsndrct (a2f380f9252ab3464c859adf91eead9c) C:\WINDOWS\system32\dla\tfsndrct.sys
13:15:34:984 2796 tfsndres (eee79bbefe9c6a2a3ce6c8753cfea950) C:\WINDOWS\system32\dla\tfsndres.sys
13:15:35:234 2796 tfsnifs (9d644eb11fec9487450c4cfcd63a5df4) C:\WINDOWS\system32\dla\tfsnifs.sys
13:15:35:468 2796 tfsnopio (e656af05c67edb7c0e9230a5df71ed1b) C:\WINDOWS\system32\dla\tfsnopio.sys
13:15:35:687 2796 tfsnpool (64fccb9cce703ca507dffc3cebf6b2cb) C:\WINDOWS\system32\dla\tfsnpool.sys
13:15:35:921 2796 tfsnudf (48bc9d8ab4e4b9bff70fb18e55cec3d6) C:\WINDOWS\system32\dla\tfsnudf.sys
13:15:36:187 2796 tfsnudfa (79f60822224256b49bfc855da8d651d5) C:\WINDOWS\system32\dla\tfsnudfa.sys
13:15:36:484 2796 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:15:36:578 2796 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:15:36:812 2796 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:15:36:906 2796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:15:37:218 2796 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:15:37:484 2796 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
13:15:37:734 2796 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:15:37:921 2796 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:15:38:156 2796 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:15:38:406 2796 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:15:38:625 2796 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:15:38:828 2796 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:15:39:046 2796 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:15:39:234 2796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:15:39:468 2796 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:15:39:546 2796 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:15:39:625 2796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:15:39:781 2796 VX3000 (88322300247273203665c3ffa892e425) C:\WINDOWS\system32\DRIVERS\VX3000.sys
13:15:40:046 2796 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:15:40:343 2796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:15:40:515 2796 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
13:15:40:859 2796 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:15:41:187 2796 WUSB54GV4SRV (0f82a97056ea208183c0085589f83050) C:\WINDOWS\system32\DRIVERS\rt2500usb.sys
13:15:41:265 2796 Reboot required for cure complete..
13:15:41:765 2796 Cure on reboot scheduled successfully
13:15:41:765 2796
13:15:41:765 2796 Completed
13:15:41:765 2796
13:15:41:765 2796 Results:
13:15:41:765 2796 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:15:41:765 2796 File objects infected / cured / cured on reboot: 1 / 0 / 1
13:15:41:765 2796
13:15:41:765 2796 KLMD(ARK) unloaded successfully

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 AM

Posted 20 July 2010 - 01:09 PM

This is the relevant part:

13:14:57:703 2796 File "C:\WINDOWS\system32\DRIVERS\alim1541.sys" infected by TDSS rootkit ... 13:15:00:468 2796 Backup copy not found, trying to cure infected file..
13:15:00:468 2796 Cure success, using it..
13:15:00:500 2796 will be cured on next reboot

13:15:41:265 2796 Reboot required for cure complete..
13:15:41:765 2796 Cure on reboot scheduled successfully
13:15:41:765 2796
13:15:41:765 2796 Completed
13:15:41:765 2796
13:15:41:765 2796 Results:
13:15:41:765 2796 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
13:15:41:765 2796 File objects infected / cured / cured on reboot: 1 / 0 / 1

So it indicates the file was cured after you rebooted.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 raptorizedkevin

raptorizedkevin
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 04 August 2010 - 02:24 AM

after about a week i didnt see any more problems./ Thank you for you time its greatly appreciated. Im so sryr for the late thank you.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:49 AM

Posted 04 August 2010 - 05:59 AM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users