Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with alureon h virus. HELP!


  • Please log in to reply
12 replies to this topic

#1 lstiles

lstiles

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 01 October 2010 - 05:27 PM

This my first ever posting so forgive me if I don't do the right thing. I work at my father-in-laws office on Saturdays, the computer there is running Windows XP - home. He is constantly getting malware infections. we were using the security software from Mcafee that you can get through Verizon but after several viruses, hours on the phone with mcafee to no avail I ditched that, reformatted the drive and started over. I installed Microsoft security essentials. Now we are infected again. The browser redirects and after a while we get a rogue secruity virus screen that won' close. I tried running Malwarebytes and was unable to, so i renamed it and ran it safe mode and it found some trojan.fake ifections and removed them. The browser was still being hijacked so i checked the logs in security escentials and noticed a virus. I ran a scan and it found a win 32 / Alureon h infection and was unable to remove or quarantine it. No what do I do.

I have read several postings where the first lines warn that the fix is only for the person posting the problem. I am hoping you can help me. I am not at the office with the computer untill tomorrow. I have read that this infecition is very invasive and replecates itself over and over. Is there a way to get rid of this infection without wiping out my system and starting over? I don't understand why this machine is constanly getting infected. My father in law is basically computer illiterate. He uses the internet to check his bank account, check his very limited email account with verizon.net (4-5 emails per day) and he reads his canadian news papers.

is there anyway for me to remvoe this infection for good?

Leslie

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 01 October 2010 - 07:50 PM

Welcome lstiles,let's run these next and review the logs and see if we have improved.
Please run the tool here How to remove Google Redirects

When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 02 October 2010 - 02:34 PM

Thank you so much. I downloaded the TDSSkiller program at home and brought in on my jumb drive. I installed and ran it and it found something. I will post the log below. I then rebooted, updated and ran Malwarbytes and it also found 1 item. I rebooted and reran Malwarebytes and it did not find anything. I will post the log from Malwarebytes the first time I ran it today. I tried to log on to the Bleepting COmputer to read the instruction before running the programs and it would not let me but as you see I am here now.

Here is the TDSS log:

2010/10/02 11:35:21.0796 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/10/02 11:35:21.0796 ================================================================================
2010/10/02 11:35:21.0796 SystemInfo:
2010/10/02 11:35:21.0796
2010/10/02 11:35:21.0796 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/02 11:35:21.0796 Product type: Workstation
2010/10/02 11:35:21.0796 ComputerName: BOBSCARPET
2010/10/02 11:35:21.0796 UserName: Owner
2010/10/02 11:35:21.0796 Windows directory: C:\WINDOWS
2010/10/02 11:35:21.0796 System windows directory: C:\WINDOWS
2010/10/02 11:35:21.0796 Processor architecture: Intel x86
2010/10/02 11:35:21.0796 Number of processors: 1
2010/10/02 11:35:21.0796 Page size: 0x1000
2010/10/02 11:35:21.0796 Boot type: Normal boot
2010/10/02 11:35:21.0796 ================================================================================
2010/10/02 11:35:22.0859 Initialize success
2010/10/02 11:35:28.0484 ================================================================================
2010/10/02 11:35:28.0484 Scan started
2010/10/02 11:35:28.0484 Mode: Manual;
2010/10/02 11:35:28.0484 ================================================================================
2010/10/02 11:35:28.0796 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/02 11:35:28.0906 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/02 11:35:29.0015 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/02 11:35:29.0125 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/02 11:35:29.0203 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/02 11:35:29.0406 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2010/10/02 11:35:29.0515 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/10/02 11:35:29.0703 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/10/02 11:35:29.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/02 11:35:29.0875 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/02 11:35:30.0015 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/02 11:35:30.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/02 11:35:30.0156 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/02 11:35:30.0265 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/02 11:35:30.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/02 11:35:30.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/02 11:35:30.0515 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/02 11:35:30.0812 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/02 11:35:30.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/02 11:35:31.0062 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/02 11:35:31.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/02 11:35:31.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/02 11:35:31.0421 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/02 11:35:31.0562 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/02 11:35:31.0656 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/02 11:35:31.0718 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/02 11:35:31.0796 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/02 11:35:31.0859 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/10/02 11:35:31.0921 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/02 11:35:31.0984 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/02 11:35:32.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/02 11:35:32.0156 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/02 11:35:32.0343 HSFHWBS2 (128ef741b2293c36810561092b566b1c) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/10/02 11:35:32.0484 HSF_DP (9a0d0c461ef2b3d80cb7875b4b995e47) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/10/02 11:35:32.0656 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/02 11:35:32.0859 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/02 11:35:32.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/02 11:35:33.0140 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/02 11:35:33.0234 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/10/02 11:35:33.0296 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/02 11:35:33.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/02 11:35:33.0437 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/02 11:35:33.0546 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/02 11:35:33.0656 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/02 11:35:33.0750 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/02 11:35:33.0812 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/02 11:35:33.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/02 11:35:34.0015 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/02 11:35:34.0156 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2010/10/02 11:35:34.0281 mdmxsdk (5110edd87e2508f02b922e83a2487dfc) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/02 11:35:34.0343 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/02 11:35:34.0421 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/02 11:35:34.0484 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/02 11:35:34.0546 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/02 11:35:34.0671 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/02 11:35:34.0718 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/10/02 11:35:34.0828 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/02 11:35:34.0968 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/02 11:35:35.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/02 11:35:35.0156 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/02 11:35:35.0234 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/02 11:35:35.0296 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/02 11:35:35.0343 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/02 11:35:35.0406 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2010/10/02 11:35:35.0484 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/02 11:35:35.0562 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/02 11:35:35.0687 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/02 11:35:35.0765 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/02 11:35:35.0828 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/02 11:35:35.0906 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/02 11:35:35.0953 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/02 11:35:36.0000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/02 11:35:36.0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/10/02 11:35:36.0218 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/02 11:35:36.0281 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/02 11:35:36.0421 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/02 11:35:36.0546 nv (69766e223343b4da517f49666556edc7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/02 11:35:36.0718 nvax (51635322a7ba00b05977f70b1fff95bb) C:\WINDOWS\system32\drivers\nvax.sys
2010/10/02 11:35:36.0796 NVENET (5155e22da2f2e1ca4023d00f6eb31b5e) C:\WINDOWS\system32\DRIVERS\NVENET.sys
2010/10/02 11:35:36.0875 nvnforce (f9000a5b746caba368810147ca804e9d) C:\WINDOWS\system32\drivers\nvapu.sys
2010/10/02 11:35:37.0000 nv_agp (29291c3a7256337327051cc37e4fc09a) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
2010/10/02 11:35:37.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/02 11:35:37.0109 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/02 11:35:37.0187 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/10/02 11:35:37.0281 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/02 11:35:37.0390 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/02 11:35:37.0500 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/02 11:35:37.0562 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/02 11:35:37.0656 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/02 11:35:37.0734 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/02 11:35:38.0046 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/02 11:35:38.0093 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/10/02 11:35:38.0156 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/02 11:35:38.0203 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/02 11:35:38.0468 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/02 11:35:38.0531 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/02 11:35:38.0609 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/02 11:35:38.0687 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/02 11:35:38.0765 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/02 11:35:38.0921 RDPCDD (e5e8f1081a6522c600f3aa02d0ac9ea8) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/02 11:35:38.0921 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: e5e8f1081a6522c600f3aa02d0ac9ea8, Fake md5: 988c5235e41a68a15b258cf1b1a6e169
2010/10/02 11:35:38.0921 RDPCDD - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/10/02 11:35:39.0000 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/02 11:35:39.0078 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/02 11:35:39.0171 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/10/02 11:35:39.0265 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/02 11:35:39.0343 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/02 11:35:39.0421 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/02 11:35:39.0515 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/02 11:35:39.0671 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/02 11:35:39.0718 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/10/02 11:35:39.0796 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/02 11:35:39.0937 SunkFilt (d8cbd8b4bf4dc9cd64b5cc8e2bec1b96) C:\WINDOWS\System32\Drivers\sunkfilt.sys
2010/10/02 11:35:40.0015 SunkFilt39 (fabcc3bec89a2853958cefb28943c470) C:\WINDOWS\System32\Drivers\sunkfilt39.sys
2010/10/02 11:35:40.0109 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/02 11:35:40.0187 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/02 11:35:40.0421 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/02 11:35:40.0515 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/02 11:35:40.0625 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/02 11:35:40.0703 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/02 11:35:40.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/02 11:35:40.0890 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/02 11:35:41.0000 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/02 11:35:41.0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/02 11:35:41.0203 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/02 11:35:41.0265 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/02 11:35:41.0343 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/10/02 11:35:41.0421 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/02 11:35:41.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/02 11:35:41.0546 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/02 11:35:41.0578 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/02 11:35:41.0656 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/02 11:35:41.0796 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/02 11:35:41.0890 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/02 11:35:42.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/02 11:35:42.0125 winachsf (ce545a84bf3411e7516fa8da51ad9d93) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/10/02 11:35:42.0328 ================================================================================
2010/10/02 11:35:42.0328 Scan finished
2010/10/02 11:35:42.0328 ================================================================================
2010/10/02 11:35:42.0359 Detected object count: 1
2010/10/02 11:35:56.0625 RDPCDD (e5e8f1081a6522c600f3aa02d0ac9ea8) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/02 11:35:56.0625 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\RDPCDD.sys. Real md5: e5e8f1081a6522c600f3aa02d0ac9ea8, Fake md5: 988c5235e41a68a15b258cf1b1a6e169
2010/10/02 11:35:57.0781 Backup copy not found, trying to cure infected file..
2010/10/02 11:35:57.0781 Cure success, using it..
2010/10/02 11:35:57.0812 C:\WINDOWS\system32\DRIVERS\RDPCDD.sys - will be cured after reboot
2010/10/02 11:35:57.0812 Rootkit.Win32.TDSS.tdl3(RDPCDD) - User select action: Cure

Here is the malwarebytes log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4733

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/2/2010 10:52:19 AM
mbam-log-2010-10-02 (10-52-19).txt

Scan type: Quick scan
Objects scanned: 143929
Time elapsed: 6 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\Application Data\jsdfgs.bat (Malware.Trace) -> Quarantined and deleted successfully.

Do you have any suggestions on how I can protect this computer from getting infected? I don't have this problem with any of the other computers I use. The only difference I can tell is that this computer uses a routed modem from verizon and the others have linksys routers. Could it be the firewall in the linksys that is protecting my other computers.

Well, I hope this does it and the infection is gone. My father in law was saying that last week he was getting a page opening up with a big red cross (i think like the antivirus hoax viruses) that he couldnt close and I have told him in the past not to click on those types of things. would this be a symptom of the Alureon H. that we just got rid of (hopefully).

Thank you again for your help and your quick response. I think you've saved me hours on the phone trying to get help from tech support people. You're the best.

Best Regards,

Leslie

Leslie

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 02 October 2010 - 04:28 PM

Hello a couple of things.. when the rogues pop up probably the safest thing in to close that page with Task Manager so you do not trip any executables. Press CTRL+SHIFT+ ESC.. highlight that page in the Processes tab and click End Task.

I would still like to do this before you go.


Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.



Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 02 October 2010 - 08:58 PM

I will perform the additional steps but it might not be until next Saturday. Don't think I gave up on you.

Thanks.

Leslie

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 02 October 2010 - 10:03 PM

OK. ,if I lose you with all these posts PM me that you replied.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 09 October 2010 - 12:39 PM

I followed your instructions to the letter. I performed all the steps then started the Super scan last night and left it running. When I came in this morning the computer was frozen. I restarted it and checked the Superscan log and I checked the quarantine and there is a file in there from yesterday. I wasn't sure if I should rerun the scan or not. Here is the log:

Core Rules Database Version : 5661
Trace Rules Database Version: 3473

Scan type : Complete Scan
Total Scan Time : 01:45:18

Memory items scanned : 214
Memory threats detected : 0
Registry items scanned : 5968
Registry threats detected : 0
File items scanned : 44064
File threats detected : 41

Adware.Tracking Cookie
core.insightexpressai.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
crackle.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
ictv-ic-ec.indieclicktv.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
indieclick.3janecdn.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
media.entertonement.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\KQFKU2VP ]
crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
media.entertonement.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\XL27GRUN ]
cdn.eyewonder.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
cdn4.specificclick.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
core.insightexpressai.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
img-cdn.mediaplex.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
media.mtvnservices.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
media.scanscout.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
media.shufuni.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
media1.break.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
media1.shufuni.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
media10.washingtonpost.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
mediastore.verizonwireless.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
s0.2mdn.net [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
stat.easydate.biz [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
static.xxxmatch.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
vidii.hardsextube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.ahairytube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.alphaporno.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.directporntube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.freeporn.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.goldporntube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.mofosex.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.naiadsystems.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.porntelecast.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash Player\#SharedObjects\3SNNQRHL ]
www.sextube.com [ C:\Documents and Settings\Owner\Application Data\Macromedia\Flash

It looks to me like someone is watching porn from this computer, would you agree? If so I can understand where these infections are coming from.

Is there any thing else I need to do or do you think this computer is now clean?

Thank you so much for your help. THis is really a great service you provide and it has helped me out immensly.

Best Regards,

Leslie Stiles

Leslie

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 09 October 2010 - 03:14 PM

Hello Leslie
Things look much better here.. I just got in and saw this. Hope I am not too late. We should still run one more to be sure you are clear. Yes someonr is looking and that is the infection source. After this scan I will give you some info to help you stay cleaner.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.

EDIT: BTW you are very welcome!!

Edited by boopme, 09 October 2010 - 03:15 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 09 October 2010 - 04:56 PM

I went to the ESET site and ran the scan, I disabled my realtime av protection and closed all open windows but the ESET site. When the scan started I got a pop sayin gthe Generic Host Process for Win32 has encountereed a problem and needs to close. It wanted to send an error report to Microsoft. I clicked on the technical details (even though the scan was running) and it said the error was in C:\Documents~\owner\locals~\temp\werfd1E.dir00\svchost.exe.mdmp and C:\Documents~\owner\locals~\temp\werfd1E.dir00\appoompost.txt (not sure about the last before .txt. I cant read my own writing). I don't know if you care about that or not but there it is. Better too much info than not enough.

The ESET scan found no threats. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=94ac968542c31d4bab60f5b775359b39
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-09 09:38:14
# local_time=2010-10-09 01:38:14 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=crash
# scanned=50485
# found=0
# cleaned=0
# scan_time=1037

Let me know if I should redo this scan because of the error message pop up.


Is there any way I can block access to these kind of undesireable sites, through the firewall settings or even some parental settings or something like that?

I await your reply. Thanks again.

Leslie Stiles

Edited by lstiles, 09 October 2010 - 05:01 PM.

Leslie

#10 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 09 October 2010 - 05:11 PM

As soon as I posted my last reply Microsoft Security Essentials popped up with a detected threat:

Trojan.WIN32\chksyn.E threat level: Severe Recommended: Remove Status: Not Found

I told it to remove it and this was the result.

Also the red Windows Security Alert sheild in displayed in the status bar. It is the real icon not a fake. It came up when I disabled the AV real time protection. I re- enabled it right a way but the sheild is still there.

?????

Leslie

#11 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 09 October 2010 - 05:18 PM

Obviously something else is going on here. I can't update Microsoft security escentials and the firewall service has been stopped and sant restart. I think I will take the hard drive home with me so I can work on it over the weekend and try and get it cleaned up I will look for your next post.

Thanks again.

Leslie

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:37 PM

Posted 09 October 2010 - 06:57 PM

Hello, you are correct there seems to be afew things going on.
svchost.exe is a generic process for hosting Windows services. You have lots of services running on your computer, and one of them has terminated unexpectedly, causing the whole svchost.exe process to crash in the process. This is bringing down other services.

We should move to the DDS logs forum as we need to find and remove this safely.

We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 lstiles

lstiles
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Palm Springs, California
  • Local time:03:37 PM

Posted 10 October 2010 - 05:42 PM

okay will do.

Thanks.

Leslie




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users