Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus


  • Please log in to reply
3 replies to this topic

#1 loulou13

loulou13

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 23 October 2010 - 09:12 PM

I'm getting redirected to marketing sites when I am on google or bing. It also seems to open a new window sometimes when I move my mouse around a web page (this just seemed to start today.) I think this problem started last week. I noticed it right after I set up an account with photobucket and downloaded pics. (This is just a guess of when it happened.)

Below is my dds text log and I'm also attaching the attach.txt file and ark file as instructed.

Any help is appreciated!!



DDS (Ver_10-10-21.02) - NTFSx86
Run by Debbie Smith at 18:24:09.99 on Sat 10/23/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3317.2514 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Debbie Smith\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100428204737.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SMSystemAnalyzer] "c:\program files\dell\pc tuneup\SMSystemAnalyzer.exe"
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - c:\program files\microsoft\outlook web access smime client\mimectl.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\debbie~1\applic~1\mozilla\firefox\profiles\9izkbbkm.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.lcisd.net/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-28 385536]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-28 82952]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 596336]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-3-30 596336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-19 88176]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-28 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-28 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-28 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-28 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-28 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-28 141792]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-28 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-28 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-28 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-28 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-28 88480]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-28 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-28 83496]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-10-16 21:38:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-16 21:38:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-16 21:38:36 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 21:38:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-13 19:54:18 -------- d-----w- c:\windows\system32\pt-PT
2010-10-13 19:53:10 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2010-10-13 19:53:09 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2010-10-13 19:53:07 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2010-10-13 19:53:05 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2010-10-13 19:53:01 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2010-10-13 19:52:57 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2010-10-13 19:52:52 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2010-10-13 19:52:06 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2010-09-26 22:53:42 507904 ----a-w- c:\windows\system32\sdclient.cpl
2010-09-26 22:53:42 -------- d-----w- c:\program files\triCerat
2010-09-24 18:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 18:19:08 57072 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-09-24 17:11:44 65024 ----a-w- c:\windows\system32\ZuneTcp2Udp.dll
2010-09-24 17:11:44 58368 ----a-w- c:\windows\system32\ZuneRegUtil.dll
2010-09-24 17:11:44 46080 ----a-w- c:\windows\system32\ZunePTDNS.dll
2010-09-24 17:11:44 365056 ----a-w- c:\windows\system32\ZuneNetProxy.dll
2010-09-24 17:11:44 130560 ----a-w- c:\windows\system32\ZuneUsbTransport.dll
2010-09-24 17:11:42 796672 ----a-w- c:\windows\system32\drivers\umdf\ZuneDriver.dll
2010-09-24 17:11:42 205824 ----a-w- c:\windows\system32\ZuneCoInst.dll
2010-09-24 17:11:42 203776 ----a-w- c:\windows\system32\ZuneMTPZ.dll
2010-09-24 17:06:10 41472 ----a-w- c:\windows\system32\drivers\zumbus.sys

==================== Find3M ====================

2010-09-24 16:31:24 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-08-31 13:38:48 1861888 ------w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ------w- c:\windows\system32\t2embed.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-08-13 12:53:02 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2009-04-15 23:41:30 21878064 -c--a-w- c:\program files\QuickTimeInstaller.exe
2009-04-15 22:02:55 7518920 -c--a-w- c:\program files\Firefox Setup 3.0.8.exe
2009-04-12 23:07:10 28868320 -c--a-w- c:\program files\FileFormatConverters.exe
2009-04-12 22:22:55 5271552 -c--a-w- c:\program files\PStory.msi
2009-04-12 22:19:02 12754672 -c--a-w- c:\program files\MP10Setup.exe

============= FINISH: 18:26:24.80 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 23 October 2010 - 09:33 PM

Hi, loulou13 :)

:welcome:

You may be infected with a backdoor trojan. I would suggest you backup your important documents before proceeding.

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 loulou13

loulou13
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 01 November 2010 - 03:22 PM

I followed all the directions! There was a virus with the first one. I'll show my ignorance and admit that I don't know what the MRBC one says but I copied and pasted it as directed also! I just tried Googling a topic and it seems to have fixed this problem! Is there something more that I need to do to prevent it from happening again? And THANK YOU for all the help!!

Here is the report from TDSS:


2010/11/01 15:05:16.0546 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/01 15:05:16.0546 ================================================================================
2010/11/01 15:05:16.0546 SystemInfo:
2010/11/01 15:05:16.0546
2010/11/01 15:05:16.0546 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/01 15:05:16.0546 Product type: Workstation
2010/11/01 15:05:16.0546 ComputerName: SMITH1
2010/11/01 15:05:16.0546 UserName: Debbie Smith
2010/11/01 15:05:16.0546 Windows directory: C:\WINDOWS
2010/11/01 15:05:16.0546 System windows directory: C:\WINDOWS
2010/11/01 15:05:16.0546 Processor architecture: Intel x86
2010/11/01 15:05:16.0546 Number of processors: 2
2010/11/01 15:05:16.0546 Page size: 0x1000
2010/11/01 15:05:16.0546 Boot type: Normal boot
2010/11/01 15:05:16.0546 ================================================================================
2010/11/01 15:05:16.0718 Initialize success
2010/11/01 15:05:19.0281 ================================================================================
2010/11/01 15:05:19.0281 Scan started
2010/11/01 15:05:19.0281 Mode: Manual;
2010/11/01 15:05:19.0281 ================================================================================
2010/11/01 15:05:20.0093 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/01 15:05:20.0171 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/01 15:05:20.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/01 15:05:20.0218 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/01 15:05:20.0296 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/01 15:05:20.0343 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/01 15:05:20.0359 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/01 15:05:20.0375 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/01 15:05:20.0390 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/01 15:05:20.0437 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/01 15:05:20.0500 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/01 15:05:20.0546 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/01 15:05:20.0578 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/01 15:05:20.0593 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/01 15:05:20.0609 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/01 15:05:20.0640 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/01 15:05:20.0656 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/01 15:05:20.0703 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/01 15:05:20.0734 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/01 15:05:20.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/01 15:05:20.0796 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/01 15:05:20.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/01 15:05:20.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/01 15:05:20.0859 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/01 15:05:20.0875 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/01 15:05:20.0890 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/01 15:05:20.0890 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/01 15:05:20.0937 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/01 15:05:20.0937 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/01 15:05:20.0984 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/01 15:05:21.0046 cfwids (2703bb4f7cee9bf6726b7aafc9e688d4) C:\WINDOWS\system32\drivers\cfwids.sys
2010/11/01 15:05:21.0078 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/01 15:05:21.0093 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/01 15:05:21.0125 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/01 15:05:21.0140 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/01 15:05:21.0187 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/01 15:05:21.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/01 15:05:21.0250 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/01 15:05:21.0265 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/01 15:05:21.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/01 15:05:21.0328 dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/11/01 15:05:21.0343 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/11/01 15:05:21.0375 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/11/01 15:05:21.0421 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/11/01 15:05:21.0468 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/01 15:05:21.0484 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/01 15:05:21.0500 e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/01 15:05:21.0546 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/01 15:05:21.0562 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/01 15:05:21.0578 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/01 15:05:21.0703 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/01 15:05:21.0796 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/01 15:05:21.0812 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/01 15:05:21.0843 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/01 15:05:21.0875 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/11/01 15:05:21.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/01 15:05:21.0953 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/01 15:05:21.0968 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/01 15:05:21.0984 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/01 15:05:22.0078 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/01 15:05:22.0078 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/01 15:05:22.0093 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/01 15:05:22.0203 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/11/01 15:05:22.0359 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
2010/11/01 15:05:22.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/01 15:05:22.0453 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/01 15:05:22.0578 IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/01 15:05:22.0625 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/01 15:05:22.0640 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/01 15:05:22.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/01 15:05:22.0687 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/01 15:05:22.0703 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/01 15:05:22.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/01 15:05:22.0765 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/01 15:05:22.0781 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/01 15:05:22.0796 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/01 15:05:22.0828 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/01 15:05:22.0859 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/01 15:05:22.0890 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/01 15:05:22.0921 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/01 15:05:22.0953 LHidFilt (3fa98339e8d9e007726be62f231e2015) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/11/01 15:05:23.0031 LMouFilt (f259f758e04d8fb8d48c6cdbe45223e8) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/11/01 15:05:23.0125 mfeapfk (1189a284e10177ca767bacc6b8d009e2) C:\WINDOWS\system32\drivers\mfeapfk.sys
2010/11/01 15:05:23.0156 mfeavfk (8739f14f5f3b5953d51dc5dafad08e5f) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/11/01 15:05:23.0171 mfebopk (905a0c6675d61efc74221ef858007476) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/11/01 15:05:23.0203 mfefirek (12da99b1d3a70baf9894bb41f6f5726f) C:\WINDOWS\system32\drivers\mfefirek.sys
2010/11/01 15:05:23.0281 mfehidk (4546e896c64e24f9409bf3345560dafa) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/11/01 15:05:23.0359 mfendisk (363c53d42247b8046e6ae551fd9ad813) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/01 15:05:23.0421 mfendiskmp (363c53d42247b8046e6ae551fd9ad813) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2010/11/01 15:05:23.0453 mferkdet (0d582dd5e018e7f93057db3ce7dd9af4) C:\WINDOWS\system32\drivers\mferkdet.sys
2010/11/01 15:05:23.0468 mfetdi2k (457ec2a45508a57c2664d68e0b3cf3b0) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2010/11/01 15:05:23.0531 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/01 15:05:23.0562 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/01 15:05:23.0578 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/01 15:05:23.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/01 15:05:23.0625 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/01 15:05:23.0640 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/01 15:05:23.0703 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/01 15:05:23.0750 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/01 15:05:23.0765 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/01 15:05:23.0796 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/01 15:05:23.0828 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/01 15:05:23.0843 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/01 15:05:23.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/01 15:05:23.0875 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/01 15:05:23.0906 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/01 15:05:23.0937 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/01 15:05:23.0953 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/01 15:05:23.0968 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/01 15:05:24.0000 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/01 15:05:24.0015 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/01 15:05:24.0031 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/01 15:05:24.0078 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/01 15:05:24.0093 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/01 15:05:24.0156 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/01 15:05:24.0203 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/01 15:05:24.0234 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/01 15:05:24.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/01 15:05:24.0265 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/01 15:05:24.0296 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/01 15:05:24.0312 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/01 15:05:24.0328 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/01 15:05:24.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/01 15:05:24.0359 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/01 15:05:24.0375 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/01 15:05:24.0453 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/01 15:05:24.0500 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/01 15:05:24.0531 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/01 15:05:24.0562 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/01 15:05:24.0593 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/01 15:05:24.0609 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/01 15:05:24.0671 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/01 15:05:24.0687 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/01 15:05:24.0703 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/01 15:05:24.0718 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/01 15:05:24.0734 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/01 15:05:24.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/01 15:05:24.0781 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/01 15:05:24.0796 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/01 15:05:24.0812 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/01 15:05:24.0828 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/01 15:05:24.0843 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/01 15:05:24.0859 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/01 15:05:24.0890 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/01 15:05:24.0906 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/01 15:05:24.0953 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2010/11/01 15:05:25.0031 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/01 15:05:25.0062 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/01 15:05:25.0078 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/01 15:05:25.0093 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/01 15:05:25.0125 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/01 15:05:25.0140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/01 15:05:25.0156 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/01 15:05:25.0187 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/01 15:05:25.0203 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/01 15:05:25.0203 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/01 15:05:25.0234 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/01 15:05:25.0265 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/01 15:05:25.0312 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/01 15:05:25.0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/01 15:05:25.0375 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/01 15:05:25.0437 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/01 15:05:25.0453 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/01 15:05:25.0468 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/01 15:05:25.0484 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/01 15:05:25.0500 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/01 15:05:25.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/01 15:05:25.0562 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/01 15:05:25.0625 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/01 15:05:25.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/01 15:05:25.0687 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/01 15:05:25.0703 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/01 15:05:25.0750 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/01 15:05:25.0781 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/01 15:05:25.0812 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/01 15:05:25.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/01 15:05:25.0828 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/01 15:05:25.0859 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/01 15:05:25.0875 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/01 15:05:25.0906 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/01 15:05:25.0921 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/11/01 15:05:26.0031 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/01 15:05:26.0093 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2010/11/01 15:05:26.0203 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/11/01 15:05:26.0234 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/01 15:05:26.0328 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/01 15:05:26.0375 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2010/11/01 15:05:26.0421 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/01 15:05:26.0421 ================================================================================
2010/11/01 15:05:26.0421 Scan finished
2010/11/01 15:05:26.0421 ================================================================================
2010/11/01 15:05:26.0421 Detected object count: 1
2010/11/01 15:05:55.0828 \HardDisk0\MBR - will be cured after reboot
2010/11/01 15:05:55.0828 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/11/01 15:06:27.0062 Deinitialize success


And here is the report from MRB:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 130):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xB9E44000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E24000 fltMgr.sys
0xB9E12000 sr.sys
0xB9DB6000 mfehidk.sys
0xBA0F8000 PxHelp20.sys
0xB9D9F000 KSecDD.sys
0xB9D88000 WudfPf.sys
0xB9CFB000 Ntfs.sys
0xB9CCE000 NDIS.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CB4000 Mup.sys
0xBA148000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB9112000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB90FE000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB90BD000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA430000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB9099000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA438000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9071000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA440000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB904E000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA448000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xBA712000 \SystemRoot\system32\DRIVERS\audstub.sys
0xB903A000 \SystemRoot\system32\DRIVERS\mfendisk.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9023000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA218000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA450000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB9012000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA228000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB8FEE000 \SystemRoot\system32\drivers\mfeavfk.sys
0xB8DE5000 \SystemRoot\system32\drivers\mfefirek.sys
0xBA460000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA468000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8DB5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA248000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA478000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8D57000 \SystemRoot\system32\DRIVERS\update.sys
0xB9754000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA258000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xBA268000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8CE6000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xBA288000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2A8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA86F8000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA86D4000 \SystemRoot\system32\drivers\portcls.sys
0xBA2D8000 \SystemRoot\system32\drivers\drmk.sys
0xB9764000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5E0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6C2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA388000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA390000 \SystemRoot\System32\drivers\vga.sys
0xBA5E4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA398000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3A0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8CDE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA84D6000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA847D000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA846A000 \SystemRoot\system32\drivers\mfetdi2k.sys
0xA8444000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA841C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA318000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA83FA000 \SystemRoot\System32\drivers\afd.sys
0xB9721000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB9711000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA83CF000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA835F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9701000 \SystemRoot\System32\Drivers\Fips.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA86D0000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB96E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xA86C8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA86C4000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB96B1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8277000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5F4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA869C000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3E8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7E5000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA816B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7EDA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7D6A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA75FD000 \SystemRoot\system32\drivers\wdmaud.sys
0xA7842000 \SystemRoot\system32\drivers\sysaudio.sys
0xA71FC000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7395000 \SystemRoot\system32\drivers\cfwids.sys
0xA6F67000 \SystemRoot\system32\drivers\mfeapfk.sys
0xA756F000 \SystemRoot\system32\drivers\mfebopk.sys
0xA416B000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
1028 C:\WINDOWS\system32\smss.exe
1096 csrss.exe
1120 C:\WINDOWS\system32\winlogon.exe
1164 C:\WINDOWS\system32\services.exe
1176 C:\WINDOWS\system32\lsass.exe
1352 C:\WINDOWS\system32\svchost.exe
1424 svchost.exe
1548 C:\WINDOWS\system32\svchost.exe
1588 C:\WINDOWS\system32\svchost.exe
1648 svchost.exe
1836 svchost.exe
2032 C:\WINDOWS\system32\spoolsv.exe
296 svchost.exe
344 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
360 C:\Program Files\Bonjour\mDNSResponder.exe
456 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
764 C:\Program Files\Java\jre6\bin\jqs.exe
820 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
864 C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
1000 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
1020 C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
1072 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1368 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
1524 C:\WINDOWS\system32\svchost.exe
1644 C:\WINDOWS\system32\ZuneBusEnum.exe
1768 C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
532 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
564 C:\WINDOWS\system32\searchindexer.exe
2184 C:\WINDOWS\system32\wuauclt.exe
3160 alg.exe
3296 C:\WINDOWS\explorer.exe
3384 C:\WINDOWS\system32\rundll32.exe
3536 wmiprvse.exe
1480 C:\WINDOWS\RTHDCPL.EXE
2120 C:\WINDOWS\system32\igfxtray.exe
2128 C:\WINDOWS\system32\hkcmd.exe
2140 C:\WINDOWS\system32\igfxpers.exe
2232 C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
2304 C:\WINDOWS\system32\igfxsrvc.exe
2336 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
2360 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
2960 C:\Program Files\iTunes\iTunesHelper.exe
2956 C:\Program Files\McAfee.com\Agent\mcagent.exe
3048 C:\Program Files\Zune\ZuneLauncher.exe
3076 C:\WINDOWS\system32\ctfmon.exe
3084 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3144 C:\Program Files\Messenger\msmsgs.exe
1240 C:\Program Files\Logitech\SetPoint\SetPoint.exe
3408 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3572 C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
3624 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
3096 C:\Program Files\iPod\bin\iPodService.exe
3692 C:\Program Files\Internet Explorer\iexplore.exe
2196 C:\Program Files\Windows Live\Toolbar\wltuser.exe
4760 C:\WINDOWS\system32\searchprotocolhost.exe
4776 searchfilterhost.exe
4824 C:\Documents and Settings\Debbie Smith\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-75A7B0, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,201 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:02:15 PM

Posted 01 November 2010 - 06:47 PM

Hi, loulou13 :)

Congratulations.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Manually remove any tool loaded during this session left.

Create a Restore point:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - A powerful tool which can search and annihilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users