Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Micorsoft Security Essentials Alert, Google Redirects, Soundcard Disabled etc.


  • Please log in to reply
12 replies to this topic

#1 DoubleJ1

DoubleJ1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 27 October 2010 - 11:21 PM

Well about a week ago I caught a virus which falsely identified itself as Microsoft Security Essentials and also called itself Thinkpoint. The virus hijacked my computer and eventually made it so that when I started the computer I would get nothing but a black screen. So at this point I used my Computer's system recovery CD's to wipe the C Drive and restore my computer to factory settings while still keeping all my files on the D Drive. This worked and allowed me to access windows again and I haven't seen the Thinkpoint interface since then either but there were still several problems with my computer such as: whenever I click on a google search results link I am redirected to a different unrelated site, Not being able to install Antivirus software such as Malwarebytes and AVG, the soundcard being disabled, and occasionally getting popups and warnings from the Micorsoft Security Essentials. Also, my taskbar will always turn gray for some reason. At this point I downloaded the AVG Rescue CD from another computer, put it on a CD, and then ran it on my computer. The AVG Rescue CD identified several trojans, malware, and adware and I then deleted eveything it identified. But once I restarted the computer it was still plagued by the same problems as before (Google redirects, sound disabled, unable to install certain programs, security alerts etc.) I've tried a number of proposed solutions that I've found on the net but nothing has worked. Can anybody help me?

Edited by hamluis, 28 October 2010 - 05:45 AM.
Moved from XP forum to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 PM

Posted 28 October 2010 - 07:20 AM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Please download and scan with the Kaspersky Virus Removal Tool from one of the links provided below and save it to your desktop.
Link 1
Link 2Be sure to print out and read the instructions provided in:How to Install Kaspersky Virus Removal Tool
How to use the Kaspersky Virus Removal Tool
  • Double-click the setup file (i.e. setup_9.0.0.722_22.01.2010_10-04.exe) to install the utility.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If you receive a UAC prompt asking if you would like to continue running the program, you should press the Continue button.
  • A window will open with a tab that says Autoscan and Manual disinfection.
  • Click the green Start scan button on the Autoscan tab in the main window.
  • If malware is detected, place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • After the scan finishes, if any threats are left unneutralized in the Scan window (Red exclamation point), click the Neutralize all button.
  • Place a checkmark in the Apply to all box, and click Disinfect if the button is active.
  • If advised that a special disinfection procedure is required which demands system reboot, click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Copy and paste the report results of any threats detected and if they were successfully removed in your next reply. Do not include the longer list marked Events.
  • When finished, follow these instructions on How to uninstall Kaspersky Virus Removal Tool 2010.
-- If you cannot run this tool in normal mode, then try using it in "safe mode".

Note: If you cannot use the Internet or download any required programs to the infected machine, try downloading them from another computer (family member, friend, library, etc) with an Internet connection. Save to a flash (usb, pen, thumb, jump) drive or CD, transfer to the infected machine, then install and run the program(s). If you cannot copy files to your usb drive, make sure it is not "Write Protected".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 DoubleJ1

DoubleJ1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 October 2010 - 01:29 PM

Alright heres the log from the TDSSKiller scan:

2010/10/28 14:18:43.0296 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 14:18:43.0296 ================================================================================
2010/10/28 14:18:43.0296 SystemInfo:
2010/10/28 14:18:43.0296
2010/10/28 14:18:43.0296 OS Version: 5.1.2600 ServicePack: 0.0
2010/10/28 14:18:43.0296 Product type: Workstation
2010/10/28 14:18:43.0296 ComputerName: VALUED-CB7D4C82
2010/10/28 14:18:43.0312 UserName: Corey
2010/10/28 14:18:43.0312 Windows directory: C:\WINDOWS
2010/10/28 14:18:43.0312 System windows directory: C:\WINDOWS
2010/10/28 14:18:43.0312 Processor architecture: Intel x86
2010/10/28 14:18:43.0312 Number of processors: 1
2010/10/28 14:18:43.0312 Page size: 0x1000
2010/10/28 14:18:43.0312 Boot type: Normal boot
2010/10/28 14:18:43.0312 ================================================================================
2010/10/28 14:18:43.0609 Initialize success
2010/10/28 14:18:52.0859 ================================================================================
2010/10/28 14:18:52.0859 Scan started
2010/10/28 14:18:52.0859 Mode: Manual;
2010/10/28 14:18:52.0859 ================================================================================
2010/10/28 14:18:53.0812 ACPI (45e0d94158ca0ec71ff12dbb81b39ed3) C:\WINDOWS\System32\DRIVERS\ACPI.sys
2010/10/28 14:18:53.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\System32\drivers\ACPIEC.sys
2010/10/28 14:18:54.0062 aec (20111248dbb647abd239e0ba76813d77) C:\WINDOWS\System32\drivers\aec.sys
2010/10/28 14:18:54.0171 AFD (560dce566000fed5bbfcbca321dbb84b) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 14:18:54.0531 Arp1394 (bac00074336440dd961f4ab86d81b118) C:\WINDOWS\System32\DRIVERS\arp1394.sys
2010/10/28 14:18:54.0781 AsyncMac (03f403b07a884fc2aa54a0916c410931) C:\WINDOWS\System32\DRIVERS\asyncmac.sys
2010/10/28 14:18:54.0875 atapi (d921be80c70c25cefcd8ab79ea6fbaf2) C:\WINDOWS\System32\DRIVERS\atapi.sys
2010/10/28 14:18:55.0031 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) C:\WINDOWS\System32\DRIVERS\atmarpc.sys
2010/10/28 14:18:55.0125 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\System32\DRIVERS\audstub.sys
2010/10/28 14:18:55.0218 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\System32\drivers\Beep.sys
2010/10/28 14:18:55.0312 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\drivers\cbidf2k.sys
2010/10/28 14:18:55.0406 CCDECODE (1108137a497c112126b3f1f0e8a021b6) C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
2010/10/28 14:18:55.0531 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\System32\drivers\Cdaudio.sys
2010/10/28 14:18:55.0609 Cdfs (bab95bbefd0676eab2dc02cf88c99fc5) C:\WINDOWS\System32\drivers\Cdfs.sys
2010/10/28 14:18:55.0718 Cdrom (cb762e814f602229a574f4d78d3d6a30) C:\WINDOWS\System32\DRIVERS\cdrom.sys
2010/10/28 14:18:56.0125 Disk (79058d377940e5f4b78638419a401376) C:\WINDOWS\System32\DRIVERS\disk.sys
2010/10/28 14:18:56.0265 dmboot (e18132d39407aadca6b1d19adf408a8a) C:\WINDOWS\System32\drivers\dmboot.sys
2010/10/28 14:18:56.0437 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\System32\DRIVERS\DMICall.sys
2010/10/28 14:18:56.0531 dmio (aca44e9a8e2ff7c833664263c8478629) C:\WINDOWS\System32\drivers\dmio.sys
2010/10/28 14:18:56.0640 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\System32\drivers\dmload.sys
2010/10/28 14:18:56.0734 DMusic (ef05974d47d56fa8387f170f05bae5e7) C:\WINDOWS\System32\drivers\DMusic.sys
2010/10/28 14:18:56.0906 drmkaud (aa94e0cbd79db63100d0eae061eb69bc) C:\WINDOWS\System32\drivers\drmkaud.sys
2010/10/28 14:18:57.0015 Fastfat (998bbf32a142910b5e539df4225df892) C:\WINDOWS\System32\drivers\Fastfat.sys
2010/10/28 14:18:57.0125 Fdc (19c5c7eac0190a42522290bf002f64ea) C:\WINDOWS\System32\DRIVERS\fdc.sys
2010/10/28 14:18:57.0203 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\System32\drivers\Fips.sys
2010/10/28 14:18:57.0296 Flpydisk (21e41e89b9b191b685f99b7a8885310b) C:\WINDOWS\System32\DRIVERS\flpydisk.sys
2010/10/28 14:18:57.0390 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\System32\drivers\Fs_Rec.sys
2010/10/28 14:18:57.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\System32\DRIVERS\ftdisk.sys
2010/10/28 14:18:57.0562 Gpc (13591e0a02e85de2a388f3ec4bd206df) C:\WINDOWS\System32\DRIVERS\msgpc.sys
2010/10/28 14:18:57.0703 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\System32\DRIVERS\hidusb.sys
2010/10/28 14:18:58.0015 i8042prt (54ae656490b33f84b4417194aa127b25) C:\WINDOWS\System32\DRIVERS\i8042prt.sys
2010/10/28 14:18:58.0109 Imapi (d4aba93b1932cbe6219d80ac29793ded) C:\WINDOWS\System32\DRIVERS\imapi.sys
2010/10/28 14:18:58.0250 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
2010/10/28 14:18:58.0328 IpInIp (f56dd863ba732a4e8ee58d486c31250f) C:\WINDOWS\System32\DRIVERS\ipinip.sys
2010/10/28 14:18:58.0390 IpNat (561e2aede82cae972d572c60d4e090bf) C:\WINDOWS\System32\DRIVERS\ipnat.sys
2010/10/28 14:18:58.0468 IPSec (87ad207bc4437f215508024559d72f30) C:\WINDOWS\System32\DRIVERS\ipsec.sys
2010/10/28 14:18:58.0531 IRENUM (b43201394646b7e98c89056edda686b5) C:\WINDOWS\System32\DRIVERS\irenum.sys
2010/10/28 14:18:58.0609 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\System32\DRIVERS\isapnp.sys
2010/10/28 14:18:58.0671 Kbdclass (9c30cd464d87102497fd7c32910e6253) C:\WINDOWS\System32\DRIVERS\kbdclass.sys
2010/10/28 14:18:58.0734 kbdhid (4e33c6dea3bcc50776f02a1c1ae28671) C:\WINDOWS\System32\DRIVERS\kbdhid.sys
2010/10/28 14:18:58.0796 kmixer (ecd42891ecc1ca80fcb849511d3df186) C:\WINDOWS\System32\drivers\kmixer.sys
2010/10/28 14:18:58.0890 KSecDD (abc70e8b89cce44731a346deb764bf95) C:\WINDOWS\System32\drivers\KSecDD.sys
2010/10/28 14:18:59.0093 LucentSoftModem (d96ff9c7997a4311f6a5db9afcdea936) C:\WINDOWS\System32\DRIVERS\LTSM.sys
2010/10/28 14:18:59.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\System32\drivers\mnmdd.sys
2010/10/28 14:18:59.0281 Modem (7760873e4ec17f288e61f00044dea000) C:\WINDOWS\System32\drivers\Modem.sys
2010/10/28 14:18:59.0328 Mouclass (e534ccba5714e8bfff4fb97d6453898f) C:\WINDOWS\System32\DRIVERS\mouclass.sys
2010/10/28 14:18:59.0375 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) C:\WINDOWS\System32\drivers\MountMgr.sys
2010/10/28 14:18:59.0468 MRxDAV (d30cba20cc355d3648b9fed5bb55a9d5) C:\WINDOWS\System32\DRIVERS\mrxdav.sys
2010/10/28 14:18:59.0562 MRxSmb (a3ad34d36242e92c86b0c1bfbd131255) C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
2010/10/28 14:18:59.0671 Msfs (a1831538e119363d0d90d757ac8a2012) C:\WINDOWS\System32\drivers\Msfs.sys
2010/10/28 14:18:59.0734 MSKSSRV (73ff6ddeac27839583fe6a2573ee60ca) C:\WINDOWS\System32\drivers\MSKSSRV.sys
2010/10/28 14:18:59.0781 MSPCLOCK (bd8a0dcf208c27e20416bf9e8aed9cf9) C:\WINDOWS\System32\drivers\MSPCLOCK.sys
2010/10/28 14:18:59.0812 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\System32\drivers\MSPQM.sys
2010/10/28 14:18:59.0875 MSTEE (84c60d6caada1b4ab387187e883f520a) C:\WINDOWS\System32\drivers\MSTEE.sys
2010/10/28 14:18:59.0937 Mup (4928129e4b09f315bae2dea7bd0f6e62) C:\WINDOWS\System32\drivers\Mup.sys
2010/10/28 14:19:00.0015 NABTSFEC (536e726644e1e9a8e4b8287cf2b86a4e) C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
2010/10/28 14:19:00.0093 NDIS (3efd4f59ba0a340de0a3ab984001dbf7) C:\WINDOWS\System32\drivers\NDIS.sys
2010/10/28 14:19:00.0156 NdisIP (46dde6cdaa4677eb2d9b7df35a25f9a2) C:\WINDOWS\System32\DRIVERS\NdisIP.sys
2010/10/28 14:19:00.0218 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\System32\DRIVERS\ndistapi.sys
2010/10/28 14:19:00.0265 Ndisuio (da77857d9f9bc724d779df64da15164b) C:\WINDOWS\System32\DRIVERS\ndisuio.sys
2010/10/28 14:19:00.0328 NdisWan (df101384699c87c70e9bd71ddf0e8509) C:\WINDOWS\System32\DRIVERS\ndiswan.sys
2010/10/28 14:19:00.0406 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\System32\drivers\NDProxy.sys
2010/10/28 14:19:00.0453 NetBIOS (9f880d46ef6dcc865b8ef5c5a4956e3b) C:\WINDOWS\System32\DRIVERS\netbios.sys
2010/10/28 14:19:00.0515 NetBT (58a5116194bc0ad86a6bbdbdfa5e1240) C:\WINDOWS\System32\DRIVERS\netbt.sys
2010/10/28 14:19:00.0609 NIC1394 (807e924d54ec8b3203430ca4d4c08314) C:\WINDOWS\System32\DRIVERS\nic1394.sys
2010/10/28 14:19:00.0703 Npfs (20aba9f035e3a98877480e34fcc4dcb3) C:\WINDOWS\System32\drivers\Npfs.sys
2010/10/28 14:19:00.0796 Ntfs (e57ad09522176a8f7d8081b2fa3c4881) C:\WINDOWS\System32\drivers\Ntfs.sys
2010/10/28 14:19:00.0906 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\System32\drivers\Null.sys
2010/10/28 14:19:01.0046 nv (21ceedfa76170a6cf19ad833aa948393) C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
2010/10/28 14:19:01.0203 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
2010/10/28 14:19:01.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
2010/10/28 14:19:01.0328 ohci1394 (d72273fefcc1fb32f214e344667c243f) C:\WINDOWS\System32\DRIVERS\ohci1394.sys
2010/10/28 14:19:01.0375 Parport (1424ffbf560627b07cce5082fa837f5c) C:\WINDOWS\System32\DRIVERS\parport.sys
2010/10/28 14:19:01.0453 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\System32\drivers\PartMgr.sys
2010/10/28 14:19:01.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\System32\drivers\ParVdm.sys
2010/10/28 14:19:01.0593 PCC_PFW (d34befa4689c26bf5c74f846a396d8f9) C:\WINDOWS\System32\Drivers\PCC_PFW.sys
2010/10/28 14:19:01.0703 PCI (1f96eecdf5d1e3385ac44c6a457b381f) C:\WINDOWS\System32\DRIVERS\pci.sys
2010/10/28 14:19:01.0796 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/10/28 14:19:01.0859 Pcmcia (2f2d0d6bd48759ef4f17d569869c4a92) C:\WINDOWS\System32\drivers\Pcmcia.sys
2010/10/28 14:19:02.0203 PptpMiniport (5849957dc3f7cae702e03b69744b9bfe) C:\WINDOWS\System32\DRIVERS\raspptp.sys
2010/10/28 14:19:02.0265 Processor (72f923f0a0fdfbe3252579ca1d1d8948) C:\WINDOWS\System32\DRIVERS\processr.sys
2010/10/28 14:19:02.0359 PSched (7fd061b0b0833d5106244b0cf2a1e68c) C:\WINDOWS\System32\DRIVERS\psched.sys
2010/10/28 14:19:02.0406 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\System32\DRIVERS\ptilink.sys
2010/10/28 14:19:02.0468 PxHelp20 (42d4c34300405d9f377e55f5ddadd720) C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
2010/10/28 14:19:02.0734 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\System32\DRIVERS\rasacd.sys
2010/10/28 14:19:02.0812 Rasl2tp (01bd60cde35d8b60f46ebdf5358d7127) C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
2010/10/28 14:19:02.0875 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) C:\WINDOWS\System32\DRIVERS\raspppoe.sys
2010/10/28 14:19:02.0968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\System32\DRIVERS\raspti.sys
2010/10/28 14:19:03.0046 Rdbss (de300831c74cff09091e954a1844bdbf) C:\WINDOWS\System32\DRIVERS\rdbss.sys
2010/10/28 14:19:03.0125 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
2010/10/28 14:19:03.0203 RDPWD (bcd7227ecf3757ddaedeeda7190b257a) C:\WINDOWS\System32\drivers\RDPWD.sys
2010/10/28 14:19:03.0421 redbook (dd2183a5092feee8961a1e19abd1a0fc) C:\WINDOWS\System32\DRIVERS\redbook.sys
2010/10/28 14:19:03.0531 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
2010/10/28 14:19:03.0656 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\System32\DRIVERS\secdrv.sys
2010/10/28 14:19:03.0734 Serial (1a315877d2efcc2d0ff892d6bdb845b5) C:\WINDOWS\System32\drivers\Serial.sys
2010/10/28 14:19:03.0781 Sfloppy (cc9f1e77ba1777a0d25b05b278731a7d) C:\WINDOWS\System32\drivers\Sfloppy.sys
2010/10/28 14:19:03.0968 SiS315 (5021c54419c48e852cd93e99ceb96c5a) C:\WINDOWS\System32\DRIVERS\sisgrp.sys
2010/10/28 14:19:04.0062 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/10/28 14:19:04.0171 SiSkp (0ba1bc20204db877236eb5f674879ed5) C:\WINDOWS\System32\drivers\srvkp.sys
2010/10/28 14:19:04.0234 SLIP (80b86f9b9ec4cd0e25627e4a7c54826a) C:\WINDOWS\System32\DRIVERS\SLIP.sys
2010/10/28 14:19:04.0328 soma (fa197db78c086f8ebdf15c995375f091) C:\WINDOWS\System32\DRIVERS\soma.sys
2010/10/28 14:19:04.0453 SONYWBMS (a8201c45292114606f6620d21275a5e1) C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS
2010/10/28 14:19:04.0546 splitter (a9a67b5376e649cd593be9007f540a36) C:\WINDOWS\System32\drivers\splitter.sys
2010/10/28 14:19:04.0671 sr (f899a5d353dcbba12eacb379e7abfeee) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/10/28 14:19:04.0750 Srv (94619eb663216f9bf12f9b950fcab3c0) C:\WINDOWS\System32\DRIVERS\srv.sys
2010/10/28 14:19:04.0875 streamip (c0e7e159415c1d10a88297b7eba01066) C:\WINDOWS\System32\DRIVERS\StreamIP.sys
2010/10/28 14:19:04.0953 swenum (064740c5c02de46723c4b8200ee876df) C:\WINDOWS\System32\DRIVERS\swenum.sys
2010/10/28 14:19:05.0015 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\System32\drivers\swmidi.sys
2010/10/28 14:19:05.0218 sysaudio (d0459f71807cce71fe26a52f2edebad9) C:\WINDOWS\System32\drivers\sysaudio.sys
2010/10/28 14:19:05.0312 Tcpip (e7774698bb0d14b0710a9a31e209f9b6) C:\WINDOWS\System32\DRIVERS\tcpip.sys
2010/10/28 14:19:05.0406 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) C:\WINDOWS\System32\drivers\TDPIPE.sys
2010/10/28 14:19:05.0453 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) C:\WINDOWS\System32\drivers\TDTCP.sys
2010/10/28 14:19:05.0531 TermDD (68b71eb2e79f60640b4b3a1a714317e5) C:\WINDOWS\System32\DRIVERS\termdd.sys
2010/10/28 14:19:05.0609 Tmfilter (e9580ede10d367efbae4879ee3e73568) C:\WINDOWS\System32\drivers\TmXPFlt.sys
2010/10/28 14:19:05.0671 Tmpreflt (8242cc016c504dc46382d9de23975449) C:\WINDOWS\System32\drivers\Tmpreflt.sys
2010/10/28 14:19:05.0796 Udfs (0bad94aa644ce926cdeb6e57fca09031) C:\WINDOWS\System32\drivers\Udfs.sys
2010/10/28 14:19:05.0906 Update (164cfae1d766905f56c432acfc54f28c) C:\WINDOWS\System32\DRIVERS\update.sys
2010/10/28 14:19:06.0015 usbehci (cdaa3ef29eabae9ae825baf2b8e36735) C:\WINDOWS\System32\DRIVERS\usbehci.sys
2010/10/28 14:19:06.0078 usbhub (6191c287442495d5f04ac300a4b15504) C:\WINDOWS\System32\DRIVERS\usbhub.sys
2010/10/28 14:19:06.0140 usbohci (ba6b6215621255f0cd231f08b7d5d8cb) C:\WINDOWS\System32\DRIVERS\usbohci.sys
2010/10/28 14:19:06.0250 VgaSave (1e379233dd5ead78bd367c94576a1fc2) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 14:19:06.0359 VolSnap (6fdc9523ef81617cf5028f47fcaf0fbe) C:\WINDOWS\System32\drivers\VolSnap.sys
2010/10/28 14:19:06.0437 Vsapint (82fedcda8ee692b914e7bec52d89dc45) C:\WINDOWS\System32\drivers\Vsapint.sys
2010/10/28 14:19:06.0593 Wanarp (484af08f15d1306ff2e8b64fe62a160c) C:\WINDOWS\System32\DRIVERS\wanarp.sys
2010/10/28 14:19:06.0734 wdmaud (1106767a0647bf3be4535c91f74fe7da) C:\WINDOWS\System32\drivers\wdmaud.sys
2010/10/28 14:19:06.0796 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\System32\drivers\yacxgc.sys
2010/10/28 14:19:06.0953 WSTCODEC (0d133af83165827b0b2f58f30cde9290) C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
2010/10/28 14:19:07.0031 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/28 14:19:07.0031 ================================================================================
2010/10/28 14:19:07.0031 Scan finished
2010/10/28 14:19:07.0031 ================================================================================
2010/10/28 14:19:07.0062 Detected object count: 1
2010/10/28 14:20:07.0453 \HardDisk0\MBR - will be cured after reboot
2010/10/28 14:20:07.0453 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/28 14:20:09.0968 Deinitialize success

#4 DoubleJ1

DoubleJ1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 October 2010 - 01:49 PM

Well I just trried to install Kaspersky but I was unable to due to a run time error. This is what it said: Runtime Error (65:990) Could not call proc.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 PM

Posted 28 October 2010 - 01:53 PM

This is the pertinent section of the log which indicates an infected Master Boot Record (MBR) that will be cured after reboot.

2010/10/28 14:19:07.0031 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/28 14:19:07.0031 ================================================================================
2010/10/28 14:19:07.0031 Scan finished
2010/10/28 14:19:07.0031 ================================================================================
2010/10/28 14:19:07.0062 Detected object count: 1
2010/10/28 14:20:07.0453 \HardDisk0\MBR - will be cured after reboot
2010/10/28 14:20:07.0453 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

Please reboot if you have not done so already. Rerun TDSSKiller again and post the new log to confirm the infection was cured.

To learn more about this infection please refer to:
Try doing this online scan instead.


Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 DoubleJ1

DoubleJ1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 October 2010 - 02:26 PM

Just ran another scan with TDSSKiller. Nothing was found. Here's the log:

2010/10/28 15:24:33.0437 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/28 15:24:33.0437 ================================================================================
2010/10/28 15:24:33.0437 SystemInfo:
2010/10/28 15:24:33.0437
2010/10/28 15:24:33.0437 OS Version: 5.1.2600 ServicePack: 0.0
2010/10/28 15:24:33.0437 Product type: Workstation
2010/10/28 15:24:33.0437 ComputerName: VALUED-CB7D4C82
2010/10/28 15:24:33.0437 UserName: Corey
2010/10/28 15:24:33.0437 Windows directory: C:\WINDOWS
2010/10/28 15:24:33.0437 System windows directory: C:\WINDOWS
2010/10/28 15:24:33.0437 Processor architecture: Intel x86
2010/10/28 15:24:33.0437 Number of processors: 1
2010/10/28 15:24:33.0437 Page size: 0x1000
2010/10/28 15:24:33.0437 Boot type: Normal boot
2010/10/28 15:24:33.0437 ================================================================================
2010/10/28 15:24:33.0671 Initialize success
2010/10/28 15:24:40.0312 ================================================================================
2010/10/28 15:24:40.0312 Scan started
2010/10/28 15:24:40.0312 Mode: Manual;
2010/10/28 15:24:40.0312 ================================================================================
2010/10/28 15:24:41.0218 ACPI (45e0d94158ca0ec71ff12dbb81b39ed3) C:\WINDOWS\System32\DRIVERS\ACPI.sys
2010/10/28 15:24:41.0312 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\System32\drivers\ACPIEC.sys
2010/10/28 15:24:41.0562 aec (20111248dbb647abd239e0ba76813d77) C:\WINDOWS\System32\drivers\aec.sys
2010/10/28 15:24:41.0796 AFD (560dce566000fed5bbfcbca321dbb84b) C:\WINDOWS\System32\drivers\afd.sys
2010/10/28 15:24:42.0843 Arp1394 (bac00074336440dd961f4ab86d81b118) C:\WINDOWS\System32\DRIVERS\arp1394.sys
2010/10/28 15:24:43.0781 AsyncMac (03f403b07a884fc2aa54a0916c410931) C:\WINDOWS\System32\DRIVERS\asyncmac.sys
2010/10/28 15:24:44.0046 atapi (d921be80c70c25cefcd8ab79ea6fbaf2) C:\WINDOWS\System32\DRIVERS\atapi.sys
2010/10/28 15:24:44.0453 Atmarpc (8d735ca1cbdb0081b0e3b9ff0eb222d0) C:\WINDOWS\System32\DRIVERS\atmarpc.sys
2010/10/28 15:24:44.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\System32\DRIVERS\audstub.sys
2010/10/28 15:24:45.0328 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\System32\drivers\Beep.sys
2010/10/28 15:24:45.0625 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\drivers\cbidf2k.sys
2010/10/28 15:24:46.0062 CCDECODE (1108137a497c112126b3f1f0e8a021b6) C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
2010/10/28 15:24:46.0687 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\System32\drivers\Cdaudio.sys
2010/10/28 15:24:46.0906 Cdfs (bab95bbefd0676eab2dc02cf88c99fc5) C:\WINDOWS\System32\drivers\Cdfs.sys
2010/10/28 15:24:47.0031 Cdrom (cb762e814f602229a574f4d78d3d6a30) C:\WINDOWS\System32\DRIVERS\cdrom.sys
2010/10/28 15:24:47.0890 Disk (79058d377940e5f4b78638419a401376) C:\WINDOWS\System32\DRIVERS\disk.sys
2010/10/28 15:24:48.0140 dmboot (e18132d39407aadca6b1d19adf408a8a) C:\WINDOWS\System32\drivers\dmboot.sys
2010/10/28 15:24:48.0312 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\System32\DRIVERS\DMICall.sys
2010/10/28 15:24:48.0406 dmio (aca44e9a8e2ff7c833664263c8478629) C:\WINDOWS\System32\drivers\dmio.sys
2010/10/28 15:24:48.0500 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\System32\drivers\dmload.sys
2010/10/28 15:24:48.0593 DMusic (ef05974d47d56fa8387f170f05bae5e7) C:\WINDOWS\System32\drivers\DMusic.sys
2010/10/28 15:24:48.0703 drmkaud (aa94e0cbd79db63100d0eae061eb69bc) C:\WINDOWS\System32\drivers\drmkaud.sys
2010/10/28 15:24:48.0796 Fastfat (998bbf32a142910b5e539df4225df892) C:\WINDOWS\System32\drivers\Fastfat.sys
2010/10/28 15:24:48.0875 Fdc (19c5c7eac0190a42522290bf002f64ea) C:\WINDOWS\System32\DRIVERS\fdc.sys
2010/10/28 15:24:48.0968 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\System32\drivers\Fips.sys
2010/10/28 15:24:49.0062 Flpydisk (21e41e89b9b191b685f99b7a8885310b) C:\WINDOWS\System32\DRIVERS\flpydisk.sys
2010/10/28 15:24:49.0140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\System32\drivers\Fs_Rec.sys
2010/10/28 15:24:49.0203 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\System32\DRIVERS\ftdisk.sys
2010/10/28 15:24:49.0296 Gpc (13591e0a02e85de2a388f3ec4bd206df) C:\WINDOWS\System32\DRIVERS\msgpc.sys
2010/10/28 15:24:49.0390 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\System32\DRIVERS\hidusb.sys
2010/10/28 15:24:49.0625 i8042prt (54ae656490b33f84b4417194aa127b25) C:\WINDOWS\System32\DRIVERS\i8042prt.sys
2010/10/28 15:24:49.0734 Imapi (d4aba93b1932cbe6219d80ac29793ded) C:\WINDOWS\System32\DRIVERS\imapi.sys
2010/10/28 15:24:49.0937 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys
2010/10/28 15:24:50.0031 IpInIp (f56dd863ba732a4e8ee58d486c31250f) C:\WINDOWS\System32\DRIVERS\ipinip.sys
2010/10/28 15:24:50.0125 IpNat (561e2aede82cae972d572c60d4e090bf) C:\WINDOWS\System32\DRIVERS\ipnat.sys
2010/10/28 15:24:50.0218 IPSec (87ad207bc4437f215508024559d72f30) C:\WINDOWS\System32\DRIVERS\ipsec.sys
2010/10/28 15:24:50.0312 IRENUM (b43201394646b7e98c89056edda686b5) C:\WINDOWS\System32\DRIVERS\irenum.sys
2010/10/28 15:24:50.0406 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\System32\DRIVERS\isapnp.sys
2010/10/28 15:24:50.0500 Kbdclass (9c30cd464d87102497fd7c32910e6253) C:\WINDOWS\System32\DRIVERS\kbdclass.sys
2010/10/28 15:24:50.0578 kbdhid (4e33c6dea3bcc50776f02a1c1ae28671) C:\WINDOWS\System32\DRIVERS\kbdhid.sys
2010/10/28 15:24:50.0687 kmixer (ecd42891ecc1ca80fcb849511d3df186) C:\WINDOWS\System32\drivers\kmixer.sys
2010/10/28 15:24:50.0875 KSecDD (abc70e8b89cce44731a346deb764bf95) C:\WINDOWS\System32\drivers\KSecDD.sys
2010/10/28 15:24:51.0093 LucentSoftModem (d96ff9c7997a4311f6a5db9afcdea936) C:\WINDOWS\System32\DRIVERS\LTSM.sys
2010/10/28 15:24:51.0218 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\System32\drivers\mnmdd.sys
2010/10/28 15:24:51.0296 Modem (7760873e4ec17f288e61f00044dea000) C:\WINDOWS\System32\drivers\Modem.sys
2010/10/28 15:24:51.0375 Mouclass (e534ccba5714e8bfff4fb97d6453898f) C:\WINDOWS\System32\DRIVERS\mouclass.sys
2010/10/28 15:24:51.0421 MountMgr (d4face53a1c48cf8419b4cf494d2ee2e) C:\WINDOWS\System32\drivers\MountMgr.sys
2010/10/28 15:24:51.0531 MRxDAV (d30cba20cc355d3648b9fed5bb55a9d5) C:\WINDOWS\System32\DRIVERS\mrxdav.sys
2010/10/28 15:24:51.0656 MRxSmb (a3ad34d36242e92c86b0c1bfbd131255) C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
2010/10/28 15:24:51.0765 Msfs (a1831538e119363d0d90d757ac8a2012) C:\WINDOWS\System32\drivers\Msfs.sys
2010/10/28 15:24:52.0000 MSKSSRV (73ff6ddeac27839583fe6a2573ee60ca) C:\WINDOWS\System32\drivers\MSKSSRV.sys
2010/10/28 15:24:52.0109 MSPCLOCK (bd8a0dcf208c27e20416bf9e8aed9cf9) C:\WINDOWS\System32\drivers\MSPCLOCK.sys
2010/10/28 15:24:52.0218 MSPQM (f6a726b8832db1f88326b8be98b11981) C:\WINDOWS\System32\drivers\MSPQM.sys
2010/10/28 15:24:52.0296 MSTEE (84c60d6caada1b4ab387187e883f520a) C:\WINDOWS\System32\drivers\MSTEE.sys
2010/10/28 15:24:52.0406 Mup (4928129e4b09f315bae2dea7bd0f6e62) C:\WINDOWS\System32\drivers\Mup.sys
2010/10/28 15:24:52.0515 NABTSFEC (536e726644e1e9a8e4b8287cf2b86a4e) C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
2010/10/28 15:24:52.0609 NDIS (3efd4f59ba0a340de0a3ab984001dbf7) C:\WINDOWS\System32\drivers\NDIS.sys
2010/10/28 15:24:52.0734 NdisIP (46dde6cdaa4677eb2d9b7df35a25f9a2) C:\WINDOWS\System32\DRIVERS\NdisIP.sys
2010/10/28 15:24:52.0828 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\System32\DRIVERS\ndistapi.sys
2010/10/28 15:24:52.0984 Ndisuio (da77857d9f9bc724d779df64da15164b) C:\WINDOWS\System32\DRIVERS\ndisuio.sys
2010/10/28 15:24:53.0218 NdisWan (df101384699c87c70e9bd71ddf0e8509) C:\WINDOWS\System32\DRIVERS\ndiswan.sys
2010/10/28 15:24:53.0296 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\System32\drivers\NDProxy.sys
2010/10/28 15:24:53.0375 NetBIOS (9f880d46ef6dcc865b8ef5c5a4956e3b) C:\WINDOWS\System32\DRIVERS\netbios.sys
2010/10/28 15:24:53.0468 NetBT (58a5116194bc0ad86a6bbdbdfa5e1240) C:\WINDOWS\System32\DRIVERS\netbt.sys
2010/10/28 15:24:53.0593 NIC1394 (807e924d54ec8b3203430ca4d4c08314) C:\WINDOWS\System32\DRIVERS\nic1394.sys
2010/10/28 15:24:53.0812 Npfs (20aba9f035e3a98877480e34fcc4dcb3) C:\WINDOWS\System32\drivers\Npfs.sys
2010/10/28 15:24:53.0906 Ntfs (e57ad09522176a8f7d8081b2fa3c4881) C:\WINDOWS\System32\drivers\Ntfs.sys
2010/10/28 15:24:54.0046 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\System32\drivers\Null.sys
2010/10/28 15:24:54.0187 nv (21ceedfa76170a6cf19ad833aa948393) C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
2010/10/28 15:24:54.0296 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys
2010/10/28 15:24:54.0390 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys
2010/10/28 15:24:54.0484 ohci1394 (d72273fefcc1fb32f214e344667c243f) C:\WINDOWS\System32\DRIVERS\ohci1394.sys
2010/10/28 15:24:54.0578 Parport (1424ffbf560627b07cce5082fa837f5c) C:\WINDOWS\System32\DRIVERS\parport.sys
2010/10/28 15:24:54.0671 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\System32\drivers\PartMgr.sys
2010/10/28 15:24:54.0765 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\System32\drivers\ParVdm.sys
2010/10/28 15:24:54.0859 PCC_PFW (d34befa4689c26bf5c74f846a396d8f9) C:\WINDOWS\System32\Drivers\PCC_PFW.sys
2010/10/28 15:24:54.0953 PCI (1f96eecdf5d1e3385ac44c6a457b381f) C:\WINDOWS\System32\DRIVERS\pci.sys
2010/10/28 15:24:55.0078 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2010/10/28 15:24:55.0171 Pcmcia (2f2d0d6bd48759ef4f17d569869c4a92) C:\WINDOWS\System32\drivers\Pcmcia.sys
2010/10/28 15:24:55.0515 PptpMiniport (5849957dc3f7cae702e03b69744b9bfe) C:\WINDOWS\System32\DRIVERS\raspptp.sys
2010/10/28 15:24:55.0562 Processor (72f923f0a0fdfbe3252579ca1d1d8948) C:\WINDOWS\System32\DRIVERS\processr.sys
2010/10/28 15:24:55.0656 PSched (7fd061b0b0833d5106244b0cf2a1e68c) C:\WINDOWS\System32\DRIVERS\psched.sys
2010/10/28 15:24:55.0750 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\System32\DRIVERS\ptilink.sys
2010/10/28 15:24:55.0828 PxHelp20 (42d4c34300405d9f377e55f5ddadd720) C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
2010/10/28 15:24:56.0109 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\System32\DRIVERS\rasacd.sys
2010/10/28 15:24:56.0187 Rasl2tp (01bd60cde35d8b60f46ebdf5358d7127) C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
2010/10/28 15:24:56.0250 RasPppoe (888335b3be346119cf7b4eff3a3fca7c) C:\WINDOWS\System32\DRIVERS\raspppoe.sys
2010/10/28 15:24:56.0359 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\System32\DRIVERS\raspti.sys
2010/10/28 15:24:56.0453 Rdbss (de300831c74cff09091e954a1844bdbf) C:\WINDOWS\System32\DRIVERS\rdbss.sys
2010/10/28 15:24:56.0562 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
2010/10/28 15:24:56.0671 RDPWD (bcd7227ecf3757ddaedeeda7190b257a) C:\WINDOWS\System32\drivers\RDPWD.sys
2010/10/28 15:24:56.0781 redbook (dd2183a5092feee8961a1e19abd1a0fc) C:\WINDOWS\System32\DRIVERS\redbook.sys
2010/10/28 15:24:56.0906 rtl8139 (d0ac0b0355a3ffb85eb77b083cd0627c) C:\WINDOWS\System32\DRIVERS\R8139n51.SYS
2010/10/28 15:24:57.0031 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\System32\DRIVERS\secdrv.sys
2010/10/28 15:24:57.0140 Serial (1a315877d2efcc2d0ff892d6bdb845b5) C:\WINDOWS\System32\drivers\Serial.sys
2010/10/28 15:24:57.0203 Sfloppy (cc9f1e77ba1777a0d25b05b278731a7d) C:\WINDOWS\System32\drivers\Sfloppy.sys
2010/10/28 15:24:57.0343 SiS315 (5021c54419c48e852cd93e99ceb96c5a) C:\WINDOWS\System32\DRIVERS\sisgrp.sys
2010/10/28 15:24:57.0453 sisagp (497ce69d7222df2758bec383cfd3638f) C:\WINDOWS\System32\DRIVERS\sisagp.sys
2010/10/28 15:24:57.0562 SiSkp (0ba1bc20204db877236eb5f674879ed5) C:\WINDOWS\System32\drivers\srvkp.sys
2010/10/28 15:24:57.0656 SLIP (80b86f9b9ec4cd0e25627e4a7c54826a) C:\WINDOWS\System32\DRIVERS\SLIP.sys
2010/10/28 15:24:57.0781 soma (fa197db78c086f8ebdf15c995375f091) C:\WINDOWS\System32\DRIVERS\soma.sys
2010/10/28 15:24:57.0906 SONYWBMS (a8201c45292114606f6620d21275a5e1) C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS
2010/10/28 15:24:58.0046 splitter (a9a67b5376e649cd593be9007f540a36) C:\WINDOWS\System32\drivers\splitter.sys
2010/10/28 15:24:58.0171 sr (f899a5d353dcbba12eacb379e7abfeee) C:\WINDOWS\System32\DRIVERS\sr.sys
2010/10/28 15:24:58.0296 Srv (94619eb663216f9bf12f9b950fcab3c0) C:\WINDOWS\System32\DRIVERS\srv.sys
2010/10/28 15:24:58.0421 streamip (c0e7e159415c1d10a88297b7eba01066) C:\WINDOWS\System32\DRIVERS\StreamIP.sys
2010/10/28 15:24:58.0515 swenum (064740c5c02de46723c4b8200ee876df) C:\WINDOWS\System32\DRIVERS\swenum.sys
2010/10/28 15:24:58.0609 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\System32\drivers\swmidi.sys
2010/10/28 15:24:58.0890 sysaudio (d0459f71807cce71fe26a52f2edebad9) C:\WINDOWS\System32\drivers\sysaudio.sys
2010/10/28 15:24:59.0031 Tcpip (e7774698bb0d14b0710a9a31e209f9b6) C:\WINDOWS\System32\DRIVERS\tcpip.sys
2010/10/28 15:24:59.0125 TDPIPE (1a96630babbd59e8b885eae0dfbe6a3e) C:\WINDOWS\System32\drivers\TDPIPE.sys
2010/10/28 15:24:59.0203 TDTCP (d1c578c6b37713694c5edd7c2d7f7451) C:\WINDOWS\System32\drivers\TDTCP.sys
2010/10/28 15:24:59.0296 TermDD (68b71eb2e79f60640b4b3a1a714317e5) C:\WINDOWS\System32\DRIVERS\termdd.sys
2010/10/28 15:24:59.0421 Tmfilter (e9580ede10d367efbae4879ee3e73568) C:\WINDOWS\System32\drivers\TmXPFlt.sys
2010/10/28 15:24:59.0531 Tmpreflt (8242cc016c504dc46382d9de23975449) C:\WINDOWS\System32\drivers\Tmpreflt.sys
2010/10/28 15:24:59.0671 Udfs (0bad94aa644ce926cdeb6e57fca09031) C:\WINDOWS\System32\drivers\Udfs.sys
2010/10/28 15:24:59.0796 Update (164cfae1d766905f56c432acfc54f28c) C:\WINDOWS\System32\DRIVERS\update.sys
2010/10/28 15:24:59.0937 usbehci (cdaa3ef29eabae9ae825baf2b8e36735) C:\WINDOWS\System32\DRIVERS\usbehci.sys
2010/10/28 15:25:00.0046 usbhub (6191c287442495d5f04ac300a4b15504) C:\WINDOWS\System32\DRIVERS\usbhub.sys
2010/10/28 15:25:00.0171 usbohci (ba6b6215621255f0cd231f08b7d5d8cb) C:\WINDOWS\System32\DRIVERS\usbohci.sys
2010/10/28 15:25:00.0296 VgaSave (1e379233dd5ead78bd367c94576a1fc2) C:\WINDOWS\System32\drivers\vga.sys
2010/10/28 15:25:00.0437 VolSnap (6fdc9523ef81617cf5028f47fcaf0fbe) C:\WINDOWS\System32\drivers\VolSnap.sys
2010/10/28 15:25:00.0562 Vsapint (82fedcda8ee692b914e7bec52d89dc45) C:\WINDOWS\System32\drivers\Vsapint.sys
2010/10/28 15:25:00.0703 Wanarp (484af08f15d1306ff2e8b64fe62a160c) C:\WINDOWS\System32\DRIVERS\wanarp.sys
2010/10/28 15:25:00.0859 wdmaud (1106767a0647bf3be4535c91f74fe7da) C:\WINDOWS\System32\drivers\wdmaud.sys
2010/10/28 15:25:00.0953 WDM_YAMAHAAC97 (dce25235272a28ed34780ac4c848fc3f) C:\WINDOWS\System32\drivers\yacxgc.sys
2010/10/28 15:25:01.0125 WSTCODEC (0d133af83165827b0b2f58f30cde9290) C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS
2010/10/28 15:25:01.0312 ================================================================================
2010/10/28 15:25:01.0312 Scan finished
2010/10/28 15:25:01.0312 ================================================================================

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 PM

Posted 28 October 2010 - 02:34 PM

That's good. Now do the online scan.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 DoubleJ1

DoubleJ1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 28 October 2010 - 07:42 PM

Sorry it took so long but I had to go to work. Anyways heres the log from the online scan:

D:\d\Sysfiles\WxBug.EXE Win32/Adware.WBug.A application deleted - quarantined
D:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP7\A0022951.EXE Win32/Adware.WBug.A application deleted - quarantined

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 PM

Posted 28 October 2010 - 08:46 PM

How is your computer running now? Are there any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 DoubleJ1

DoubleJ1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 30 October 2010 - 01:18 AM

No it's all good now!! Thanks for all your help. I really appreciate it.

#11 berni2k

berni2k

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 30 October 2010 - 04:31 AM

may i step in and ask for help too, i think i am infected with the same virus, my other thread doesnt get any answers thats why i am asking, thx

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:53 PM

Posted 30 October 2010 - 08:16 AM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
berni2k I replied to your open topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 berni2k

berni2k

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:07:53 PM

Posted 30 October 2010 - 04:34 PM

thank you, let us kick some virus a$$ :thumbsup:

here a shortcut to the new thread: http://www.bleepingcomputer.com/forums/topic357148.html/page__p__1994298#entry1994298

Edited by berni2k, 30 October 2010 - 04:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users