Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!! Please!


  • Please log in to reply
16 replies to this topic

#1 Spikey2662

Spikey2662

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 21 July 2010 - 02:31 PM

I have been having a hard time finding a way to fix my computer this time. At first it was just redirecting my web pages which was pretty annoying. Then it had a fake anti virus scan come up which was called Antivir. I had attempted to remove it using this method.

Antivir manual removal:

Kill processes:
antivir.exe

Delete registry values:
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinNT-EVI 25.11.2009"

Unregister DLLs:
UpdateCheck.dll

Delete files:
antivir.exe UpdateCheck.dll Antivir.lnk Uninstall.lnk

Delete directories:
C:\Program Files\AV
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\AV
C:\Documents and Settings\All Users\Start Menu\AV

But when I tried to find ANY of these files or locations none of them where there. Now I have spybot S&D popping up stating that awusss.dll is trying to create a registry file. Anytime I deny the change it just comes up 3 seconds later as another random entry. Also now when I start up my computer some programs are not starting up correctly.

There also use to be more processes running but the number has gone down quite a bit. Here are the current processes right from start-up.

System
jps.exe
hpqimzone.exe
LSSrvc.exe
raysat_3dsmax8server.exe
nvsvc32.exe
HPZipm12.exe
rpcapd.exe
realsched.exe
rundll32.exe
TSVNCache.exe
DivXUpdate.exe
RTHDCPL.EXE
smss.exe
BelkinRouterMonitor.exe
ctfmon.exe
csrss.exe
winlogon.exe
services.exe
lsass.exe
rundll32.exe
TeaTimer.exe
hpqtra08.exe
SH4Service.exe
svchost.exe
taskmgr.exe
svchost.exe
acrotray.exe
AdskScSrv.exe
mDNSResponder.exe
CTSVCCDA.EXE
explorer.exe
System Idle Process

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 21 July 2010 - 03:09 PM

Hello and welcome... I am moving this from XP to the Am I Infected forum.

You need to do all the steps as some pertain to your issue..
Please follow our Removal Guide here Remove Antivir Solution ProYou will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 21 July 2010 - 05:14 PM

When I turned my computer on to follow the instructions you posted there were some new problems. First starting up is very slow and the task bar and start menu are gone and do not work, even with the windows key. Second, I cant get on the internet, Internet explorer wont even open. All these effects happen if i am in safe mode or normal. I followed the instructions as close as I could. Opened internet options from the control panel and changed the settings like it told me to. I downloaded rkill from a different computer and ran it. It didn't find anything. I tried to install Malwarebytes but an error came up near the end and wont let it finish. I get an error that states:

Run-time error '372':

Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

I attempted to install their updated version also but when I try to run the application I get the same error.

Edited by Spikey2662, 21 July 2010 - 06:44 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 21 July 2010 - 08:08 PM

OK, run ATF/SAS and see if they remove things to allow MBAM to run. If so run all and psot alll logs.

If you still have the MBAM error...Run-time error '372':Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

Download MSFT Visual Basic from here
http://www.microsoft.com/downloads/details...;displaylang=en

Instructions


Before starting the download, create a download directory on your computer. If your internet connection is less than 300K, it is recommended that you run the multi-part download by following the "More Information" link at the upper right, then clicking "Download Now."

Click "Download" to begin downloading the single download. When prompted by the download software, choose the option "Save this program to disk" and click OK. Then select the directory you created on your computer.

Run the file from the download directory. When prompted, select the same directory you created on your computer. You will be expanding the contents of the EXE into this directory.

Run SetupSP6.exe from the download directory. When you accept the terms of the electronic End User License Agreement (EULA) the setup software will replace the appropriate files in your Visual Basic 6.0 installation.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 22 July 2010 - 07:53 PM

I was able to run the ATF/SAS programs. Here are the logs.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2010 at 07:06 PM

Application Version : 4.41.1000

Core Rules Database Version : 5244
Trace Rules Database Version: 3054

Scan type : Complete Scan
Total Scan Time : 00:46:31

Memory items scanned : 257
Memory threats detected : 0
Registry items scanned : 11011
Registry threats detected : 19
File items scanned : 37005
File threats detected : 101

Trojan.Agent/Gen-Ertfor
HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}
HKCR\CLSID\{A2BA40A0-74F1-52BD-F411-00B15A2C8953}

Adware.Flash Tracking Cookie
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\BANNERFARM.ACE.ADVERTISING.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\140.MEMECOUNTER.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEMECOUNTER.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\BC.YOUPORN.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWWSTATIC.MEGAPORN.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\IA.MEDIA-IMDB.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEDIA.MTVNSERVICES.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEDIA.NOOB.US
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEDIA.RESULTHOST.ORG
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEDIA.SCANSCOUT.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEDIA.TATTOMEDIA.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MEDIA1.BREAK.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\OBJECTS.TREMORMEDIA.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWW.ADULTSWIM.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWW.HOTSEXYSCENES.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWW.SEXBASES.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWW.SEXNVIDS.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\INTERCLICK.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\MOTIFCDN2.DOUBLECLICK.NET
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\UDN.SPECIFICCLICK.NET
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\CRACKLE.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWW.CRACKLE.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\A.ADS2.MSADS.NET
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\ADS2.MSADS.NET
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\B.ADS2.MSADS.NET
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\NAIADSYSTEMS.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\WWW.NAIADSYSTEMS.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\HS.INTERPOLLS.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\SECURE-US.IMRWORLDWIDE.COM
C:\Documents and Settings\SpikeysTwin\Application Data\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\VCNX8PSC\CONTENT.ODDCAST.COM

Malware.Trace
HKU\.DEFAULT\SOFTWARE\AVSolution
HKU\S-1-5-18\SOFTWARE\AVSolution
HKU\.DEFAULT\SOFTWARE\AVSUITE
HKU\S-1-5-18\SOFTWARE\AVSUITE
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer#winid [ 1CB250CE75F65AE ]
HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer#winid [ 1CB250CE75F65AE ]

Adware.AdRotator
HKLM\SOFTWARE\Sky-Banners
HKLM\SOFTWARE\Sky-Banners\skb
HKLM\SOFTWARE\Sky-Banners\skb\instl
HKLM\SOFTWARE\Sky-Banners\skb\instl#InstallDir
HKU\S-1-5-21-1547161642-2111687655-839522115-1004\Software\Sky-Banners
HKLM\SOFTWARE\Classes\AppID\{38061EDC-40BB-4618-A8DA-E56353347E6D}
HKLM\SOFTWARE\Classes\AppID\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{38061EDC-40BB-4618-A8DA-E56353347E6D}
HKLM\SOFTWARE\Classes\AppID\{84C3C236-F588-4c93-84F4-147B2ABBE67B}\apps\{7B6A2552-E65B-4a9e-ADD4-C45577FFD8FD}
C:\WINDOWS\$NTUNINSTALLMTF1011$
C:\Documents and Settings\SpikeysTwin\Application Data\SKY-BANNERS\skb\log.xml
C:\Documents and Settings\SpikeysTwin\Application Data\SKY-BANNERS\skb
C:\Documents and Settings\SpikeysTwin\Application Data\SKY-BANNERS
C:\Documents and Settings\SpikeysTwin\Application Data\STREET-ADS

Trojan.Agent/Gen-Exploit
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\UPDATE\SEUPD.EXE

Adware.Tracking Cookie
content.oddcast.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
hs.interpolls.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
media-glam.pictela.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
msnbcmedia.msn.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\EW9SR57P ]
140.memecounter.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
a.ads2.msads.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
ads2.msads.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
b.ads2.msads.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
banners.securedataimages.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
bc.youporn.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
cdn4.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
content.oddcast.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
crackle.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
flashtrackz.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
googleads.g.doubleclick.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
hs.interpolls.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
ia.media-imdb.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
interclick.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
macromedia.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media.jambocast.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media.mtvnservices.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media.noob.us [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media.resulthost.org [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media.scanscout.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media.tattomedia.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
media1.break.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
memecounter.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
motifcdn2.doubleclick.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
naiadsystems.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
objects.tremormedia.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
secure-us.imrworldwide.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
static.xxxbunker.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
udn.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
vidii.hardsextube.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.adultswim.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.crackle.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.hotsexyscenes.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.naiadsystems.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.pornhub.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.sexbases.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.sexnvids.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
www.ziporn.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
wwwstatic.megaporn.com [ C:\Documents and Settings\SpikeysTwin\Application Data\Macromedia\Flash Player\#SharedObjects\VCNX8PSC ]
.specificmedia.com [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]
cdn4.specificclick.net [ C:\Documents and Settings\SpikeysTwin\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Trojan.Agent/CDesc[Generic]
C:\DOCUMENTS AND SETTINGS\SPIKEYSTWIN\DESKTOP\ALL bleep\DESKTOP\GAMES\EPSXE.V1.6.0+BIOS+PLUGINS\PLUGINS\SPUIORI.DLL

Rootkit.Agent/Gen-TDSS[Rel]
C:\DOCUMENTS AND SETTINGS\SPIKEYSTWIN\LOCAL SETTINGS\TEMP\60D.TMP

Trojan.Agent/Gen-CDesc[Gen]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C2361FE1-D9EA-49ED-95F6-B4A53C23D3A7}\RP5\A0000182.EXE

Trojan.Smitfraud Variant-Gen/Bensorty
C:\WINDOWS\SYSTEM32\FNYW5U1G2H.DLL


Although I am still not able to run MBAM. I get the same error. I tried installing MSFT Visual Basic but it would not install. I am also still having all the other problems and I am not able to move or copy things to my computer I have to run them off the thumb drive in order to install them.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 22 July 2010 - 08:12 PM

Ok, run this and then try MBAM again.

Click on and follow the Automated Removal Instructions ... log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 22 July 2010 - 09:58 PM

Here is the result of running tdsskiller. I still was not able to install or run MBAM

19:39:27:750 1832 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
19:39:27:750 1832 ================================================================================
19:39:27:750 1832 SystemInfo:

19:39:27:750 1832 OS Version: 5.1.2600 ServicePack: 3.0
19:39:27:750 1832 Product type: Workstation
19:39:27:750 1832 ComputerName: EVILSPIKEY
19:39:27:750 1832 UserName: SpikeysTwin
19:39:27:750 1832 Windows directory: C:\WINDOWS
19:39:27:750 1832 System windows directory: C:\WINDOWS
19:39:27:750 1832 Processor architecture: Intel x86
19:39:27:750 1832 Number of processors: 2
19:39:27:750 1832 Page size: 0x1000
19:39:27:750 1832 Boot type: Safe boot with network
19:39:27:750 1832 ================================================================================
19:39:28:093 1832 Initialize success
19:39:28:093 1832
19:39:28:093 1832 Scanning Services ...
19:39:28:890 1832 Raw services enum returned 357 services
19:39:28:890 1832
19:39:28:890 1832 Scanning Drivers ...
19:39:29:125 1832 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:39:29:171 1832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
19:39:29:203 1832 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
19:39:29:234 1832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
19:39:29:250 1832 AFD (f34983c135ef9d38b73e8802341d595d) C:\WINDOWS\System32\drivers\afd.sys
19:39:29:250 1832 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: f34983c135ef9d38b73e8802341d595d, Fake md5: eb31020e8fb8803981fc4abb73fb65e2
19:39:29:250 1832 File "C:\WINDOWS\System32\drivers\afd.sys" infected by TDSS rootkit ... 19:39:31:281 1832 Backup copy not found, trying to cure infected file..
19:39:31:281 1832 Cure success, using it..
19:39:31:328 1832 will be cured on next reboot
19:39:31:437 1832 AFGSp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\AFGSp50.sys
19:39:31:500 1832 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
19:39:31:515 1832 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
19:39:31:562 1832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:39:31:578 1832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
19:39:31:609 1832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:39:31:656 1832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
19:39:31:703 1832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
19:39:31:734 1832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
19:39:31:796 1832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
19:39:31:812 1832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
19:39:31:843 1832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:39:31:890 1832 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
19:39:31:921 1832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
19:39:31:953 1832 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
19:39:32:000 1832 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
19:39:32:046 1832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
19:39:32:078 1832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
19:39:32:093 1832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
19:39:32:125 1832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
19:39:32:140 1832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
19:39:32:156 1832 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
19:39:32:187 1832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:39:32:203 1832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
19:39:32:250 1832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:39:32:265 1832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:39:32:296 1832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:39:32:312 1832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
19:39:32:328 1832 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:39:32:375 1832 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
19:39:32:390 1832 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
19:39:32:421 1832 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
19:39:32:468 1832 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
19:39:32:500 1832 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:39:32:500 1832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
19:39:32:656 1832 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
19:39:32:781 1832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
19:39:32:828 1832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:39:32:828 1832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:39:32:843 1832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:39:32:859 1832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:39:32:890 1832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
19:39:32:921 1832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:39:32:937 1832 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:39:32:937 1832 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:39:32:968 1832 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
19:39:33:015 1832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
19:39:33:031 1832 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\WINDOWS\system32\DRIVERS\KMWDFILTER.sys
19:39:33:046 1832 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
19:39:33:078 1832 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
19:39:33:093 1832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
19:39:33:140 1832 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
19:39:33:156 1832 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:39:33:171 1832 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
19:39:33:187 1832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
19:39:33:250 1832 MRVW245 (b5c305240d6f69da50ea42e640be3ecd) C:\WINDOWS\system32\DRIVERS\MRVW245.sys
19:39:33:265 1832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:39:33:312 1832 MRxSmb (60ae98742484e7ab80c3c1450e708148) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:39:33:328 1832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
19:39:33:343 1832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:39:33:359 1832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:39:33:359 1832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
19:39:33:375 1832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
19:39:33:390 1832 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
19:39:33:421 1832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
19:39:33:437 1832 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:39:33:453 1832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:39:33:468 1832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:39:33:484 1832 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
19:39:33:500 1832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
19:39:33:515 1832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
19:39:33:546 1832 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
19:39:33:593 1832 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
19:39:33:593 1832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
19:39:33:625 1832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
19:39:33:687 1832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
19:39:33:875 1832 nv (70cb8915895ccb92ddf23ce890c4f5be) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:39:34:062 1832 nvata (9eccd189a9554c30a0d18a429778c7ba) C:\WINDOWS\system32\DRIVERS\nvata.sys
19:39:34:093 1832 NVENETFD (4d6f0d3fb17c1ba64942f415c73adcdb) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
19:39:34:140 1832 nvnetbus (921e63aa1e1a20302223d016acafb52b) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
19:39:34:187 1832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:39:34:203 1832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:39:34:234 1832 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
19:39:34:281 1832 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
19:39:34:328 1832 P17 (df886ffed69aead0cf608b89b18c3f6f) C:\WINDOWS\system32\drivers\P17.sys
19:39:34:375 1832 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
19:39:34:375 1832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
19:39:34:421 1832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
19:39:34:437 1832 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
19:39:34:453 1832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
19:39:34:484 1832 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
19:39:34:546 1832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:39:34:562 1832 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
19:39:34:578 1832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
19:39:34:593 1832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:39:34:625 1832 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:39:34:671 1832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:39:34:687 1832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:39:34:703 1832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:39:34:703 1832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
19:39:34:734 1832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:39:34:750 1832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:39:34:781 1832 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
19:39:34:812 1832 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
19:39:34:906 1832 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
19:39:34:921 1832 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
19:39:34:953 1832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:39:34:984 1832 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
19:39:35:031 1832 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
19:39:35:062 1832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
19:39:35:093 1832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
19:39:35:171 1832 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
19:39:35:171 1832 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
19:39:35:187 1832 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
19:39:35:218 1832 Srv (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
19:39:35:250 1832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
19:39:35:250 1832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
19:39:35:296 1832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
19:39:35:343 1832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:39:35:359 1832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
19:39:35:375 1832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
19:39:35:421 1832 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
19:39:35:421 1832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
19:39:35:437 1832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
19:39:35:468 1832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
19:39:35:500 1832 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:39:35:500 1832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:39:35:515 1832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:39:35:562 1832 USBNET_XP (f2eadc6a8f9bce582af6ba855426a47e) C:\WINDOWS\system32\DRIVERS\netusbxp.sys
19:39:35:562 1832 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
19:39:35:593 1832 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
19:39:35:609 1832 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
19:39:35:625 1832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:39:35:640 1832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
19:39:35:656 1832 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
19:39:35:671 1832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:39:35:703 1832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
19:39:35:750 1832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:39:35:750 1832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:39:35:765 1832 Reboot required for cure complete..
19:39:35:843 1832 Cure on reboot scheduled successfully
19:39:35:843 1832
19:39:35:843 1832 Completed
19:39:35:843 1832
19:39:35:843 1832 Results:
19:39:35:843 1832 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:39:35:859 1832 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:39:35:859 1832
19:39:35:875 1832 KLMD(ARK) unloaded successfully

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 22 July 2010 - 10:12 PM

Ok that was a big find..
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 22 July 2010 - 10:34 PM

I was able to install it up until it asked it I wanted to update and launch the program. Once I did that then I got the same error that I got before.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 22 July 2010 - 10:41 PM

I have to leave now, but Look at post 2 here..
http://www.bleepingcomputer.com/forums/t/267354/for-those-having-trouble-running-malwarebytes-anti-malware/
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 22 July 2010 - 11:09 PM

I tried every step in http://www.bleepingcomputer.com/forums/t/267354/for-those-having-trouble-running-malwarebytes-anti-malware/ and still am getting the same error when I try to run MBAM

Run-time error '372':

Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 24 July 2010 - 02:34 PM

Try this first.
Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."


OR
Do a search for vbalsgrid6.ocx and see if it's located elsewhere on the system.

Make sure to search including hidden and system folders under options. The search your entire computer.
Instructions on how to do this can be found here:
How to see hidden files in Windows

Let us know if it finds another copy somewhere else.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 24 July 2010 - 05:28 PM

I am unable to do a search. I cant open the start menu and when I click on the search button the search bar comes up but its just blue. Nothing to type in and just has the little dog at the bottom. I already have proxy settings turned off also.


I did a search using cmd:

FOR %a IN (a b c d e f g h i j k l m n o p q r s t u v w x y z) DO DIR /A-D /N /S /W %a:\vbalsgrid6.ocx 2>NULL

it found 1 file with a size of 496,976 bytes

Directory of c:\Program Files\Malwarebytes' Anti-Malware
vbalsgrid6.ocx

Edited by Spikey2662, 24 July 2010 - 09:35 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 PM

Posted 24 July 2010 - 08:32 PM

I have to ask someone about this
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 Spikey2662

Spikey2662
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orange County
  • Local time:05:27 PM

Posted 24 July 2010 - 08:50 PM

Alright, Thanks for your time man.

Also my friend tried to run HiJackThis on my computer (in safe mode) and it wouldnt run. I got this error from Windows Installer.

The system administrator has set policies to prevent this installation.

Edited by Spikey2662, 24 July 2010 - 09:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users