Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I知 infected with Antivirus 2010 cannot run Mabm or Superantispyware


  • This topic is locked This topic is locked
16 replies to this topic

#1 lanra

lanra

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 02:32 PM

Background Pc it’s a windows XP Pro SP3 with Microsoft Security Essentials production workstation. CPU is an old Intel Cel 600 Ram 512 Mb HDD 80 Gb
Last Friday user complaint of the antivirus demanding to be bought and that the computer was infected with several viruses. I have not being able to make any progress following the self help guides. Any time I try to run Malwarebytes it is killed with in 10 sec. SuperAntispyware portable goes a little longer but its also killed Hijackthis the same, cannot get a log file from them. Safemode or normal boot makes no differences.

Here is the TDSSKiller log
2010/11/02 15:47:44.0116 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 15:47:44.0116 ================================================================================
2010/11/02 15:47:44.0116 SystemInfo:
2010/11/02 15:47:44.0116
2010/11/02 15:47:44.0116 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/02 15:47:44.0116 Product type: Workstation
2010/11/02 15:47:44.0116 ComputerName: TPA-058
2010/11/02 15:47:44.0116 UserName: Administrator
2010/11/02 15:47:44.0116 Windows directory: C:\WINDOWS
2010/11/02 15:47:44.0116 System windows directory: C:\WINDOWS
2010/11/02 15:47:44.0116 Processor architecture: Intel x86
2010/11/02 15:47:44.0116 Number of processors: 1
2010/11/02 15:47:44.0116 Page size: 0x1000
2010/11/02 15:47:44.0116 Boot type: Normal boot
2010/11/02 15:47:44.0116 ================================================================================
2010/11/02 15:47:44.0466 Initialize success
2010/11/02 15:47:52.0017 ================================================================================
2010/11/02 15:47:52.0017 Scan started
2010/11/02 15:47:52.0017 Mode: Manual;
2010/11/02 15:47:52.0017 ================================================================================
2010/11/02 15:47:53.0979 AFD (5d0cd3793630320bfa2750379979f14a) C:\WINDOWS\System32\drivers\afd.sys
2010/11/02 15:47:54.0210 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/02 15:47:56.0533 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/02 15:47:56.0753 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/02 15:47:57.0104 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/02 15:47:57.0304 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/02 15:47:57.0564 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
2010/11/02 15:47:57.0764 AW_HOST (852d995a4b283c341a2baefaa8067671) C:\WINDOWS\system32\drivers\aw_host5.sys
2010/11/02 15:47:57.0975 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/02 15:47:58.0355 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/02 15:47:58.0746 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/02 15:47:58.0936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/02 15:47:59.0116 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/02 15:47:59.0487 cirrus (a7d38b7c4c69c72dfa98129cac1f9f1b) C:\WINDOWS\system32\DRIVERS\cirrus.sys
2010/11/02 15:48:00.0929 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/02 15:48:01.0570 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/02 15:48:01.0850 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/02 15:48:02.0060 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/02 15:48:03.0272 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/02 15:48:03.0512 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/02 15:48:03.0733 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/02 15:48:03.0903 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/02 15:48:04.0133 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/02 15:48:04.0393 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/02 15:48:04.0764 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/02 15:48:05.0094 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
2010/11/02 15:48:05.0315 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/02 15:48:05.0605 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/02 15:48:06.0036 HPEWSFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2010/11/02 15:48:06.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/02 15:48:07.0107 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/02 15:48:07.0327 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/02 15:48:07.0758 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/02 15:48:07.0978 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/02 15:48:08.0189 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/02 15:48:08.0549 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/02 15:48:08.0980 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/02 15:48:09.0200 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/02 15:48:09.0621 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/02 15:48:09.0851 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/02 15:48:10.0051 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/02 15:48:10.0261 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/02 15:48:10.0462 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/02 15:48:10.0982 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/02 15:48:11.0203 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/02 15:48:11.0393 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/11/02 15:48:11.0964 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/02 15:48:12.0234 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/02 15:48:12.0434 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/02 15:48:12.0635 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/02 15:48:13.0035 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/02 15:48:13.0276 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/02 15:48:13.0546 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/02 15:48:14.0007 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/02 15:48:14.0337 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/02 15:48:14.0798 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/02 15:48:15.0058 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/02 15:48:15.0288 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/02 15:48:15.0549 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/02 15:48:15.0979 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/02 15:48:16.0981 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/02 15:48:18.0272 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/02 15:48:19.0524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/02 15:48:19.0704 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/11/02 15:48:20.0315 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/02 15:48:21.0126 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/02 15:48:21.0407 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/02 15:48:21.0627 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/02 15:48:21.0957 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/02 15:48:22.0168 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/02 15:48:22.0398 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/02 15:48:22.0668 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/02 15:48:23.0219 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/02 15:48:23.0449 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/11/02 15:48:24.0961 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/02 15:48:25.0232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/02 15:48:25.0432 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/02 15:48:26.0694 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/02 15:48:26.0954 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/02 15:48:27.0174 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/02 15:48:27.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/02 15:48:27.0585 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/02 15:48:27.0795 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/02 15:48:28.0046 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/02 15:48:28.0386 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/02 15:48:28.0646 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/02 15:48:29.0027 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/11/02 15:48:29.0297 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/02 15:48:29.0588 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2010/11/02 15:48:29.0858 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2010/11/02 15:48:30.0158 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/02 15:48:30.0399 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/02 15:48:30.0659 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/02 15:48:31.0070 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/02 15:48:31.0871 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/02 15:48:32.0161 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/02 15:48:32.0652 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/02 15:48:33.0493 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/02 15:48:34.0344 Tcpip (5ae1c2695f6523ad98b948f2887d8c5e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/02 15:48:34.0574 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/02 15:48:34.0815 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/02 15:48:35.0766 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/02 15:48:36.0787 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/02 15:48:37.0338 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/02 15:48:37.0789 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/02 15:48:37.0999 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/02 15:48:38.0249 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/02 15:48:38.0450 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
2010/11/02 15:48:38.0690 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/02 15:48:39.0091 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/02 15:48:39.0191 Suspicious service (NoAccess): vbmaa4e3
2010/11/02 15:48:39.0381 vbmaa4e3 (40aeb1b54132ef90f5853a3fa19b8f6d) C:\WINDOWS\system32\drivers\vbmaa4e3.sys
2010/11/02 15:48:39.0381 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmaa4e3.sys. md5: 40aeb1b54132ef90f5853a3fa19b8f6d
2010/11/02 15:48:39.0481 vbmaa4e3 - detected Locked service (1)
2010/11/02 15:48:39.0701 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/02 15:48:40.0102 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/02 15:48:40.0442 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/02 15:48:40.0703 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/11/02 15:48:41.0944 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/02 15:48:42.0215 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/02 15:48:42.0425 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/02 15:48:42.0976 ================================================================================
2010/11/02 15:48:42.0976 Scan finished
2010/11/02 15:48:42.0976 ================================================================================
2010/11/02 15:48:43.0126 Detected object count: 1
2010/11/02 15:48:45.0279 Locked service(vbmaa4e3) - User select action: Skip

Edited by lanra, 02 November 2010 - 02:54 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:13 AM

Posted 02 November 2010 - 03:33 PM

Hello and welcome. The first thing we need is to rerun the TDDS Killer and select CURE and post the new log.

Now lets' try to run the other tools like this and post those logs.

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post 3 logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 03:44 PM

ok rebooting now

#4 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 04:04 PM

here is the new TDSSKiller log

2010/11/02 16:50:19.0533 TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/11/02 16:50:19.0533 ================================================================================
2010/11/02 16:50:19.0533 SystemInfo:
2010/11/02 16:50:19.0533
2010/11/02 16:50:19.0533 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/02 16:50:19.0533 Product type: Workstation
2010/11/02 16:50:19.0533 ComputerName: TPA-058
2010/11/02 16:50:19.0533 UserName: Administrator
2010/11/02 16:50:19.0533 Windows directory: C:\WINDOWS
2010/11/02 16:50:19.0533 System windows directory: C:\WINDOWS
2010/11/02 16:50:19.0533 Processor architecture: Intel x86
2010/11/02 16:50:19.0533 Number of processors: 1
2010/11/02 16:50:19.0533 Page size: 0x1000
2010/11/02 16:50:19.0533 Boot type: Safe boot with network
2010/11/02 16:50:19.0533 ================================================================================
2010/11/02 16:50:19.0994 Initialize success
2010/11/02 16:50:34.0435 ================================================================================
2010/11/02 16:50:34.0435 Scan started
2010/11/02 16:50:34.0435 Mode: Manual;
2010/11/02 16:50:34.0435 ================================================================================
2010/11/02 16:50:37.0009 AFD (5d0cd3793630320bfa2750379979f14a) C:\WINDOWS\System32\drivers\afd.sys
2010/11/02 16:50:37.0019 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 5d0cd3793630320bfa2750379979f14a, Fake md5: 38d7b715504da4741df35e3594fe2099
2010/11/02 16:50:37.0119 AFD - detected Forged file (1)
2010/11/02 16:50:37.0409 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/02 16:50:39.0863 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/02 16:50:40.0083 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/02 16:50:40.0654 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/02 16:50:41.0044 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/02 16:50:41.0345 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys
2010/11/02 16:50:41.0595 AW_HOST (852d995a4b283c341a2baefaa8067671) C:\WINDOWS\system32\drivers\aw_host5.sys
2010/11/02 16:50:41.0896 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/02 16:50:42.0486 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/02 16:50:43.0017 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/02 16:50:43.0298 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/02 16:50:43.0608 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/02 16:50:44.0129 cirrus (a7d38b7c4c69c72dfa98129cac1f9f1b) C:\WINDOWS\system32\DRIVERS\cirrus.sys
2010/11/02 16:50:45.0891 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/02 16:50:46.0312 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/02 16:50:46.0683 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/02 16:50:46.0983 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/02 16:50:48.0065 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/02 16:50:48.0395 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/02 16:50:48.0645 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/02 16:50:48.0986 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/02 16:50:49.0296 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/11/02 16:50:49.0967 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/02 16:50:50.0258 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/02 16:50:50.0558 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys
2010/11/02 16:50:50.0879 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/02 16:50:51.0319 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/02 16:50:51.0680 HPEWSFXBULK (299683d4c8aaa3f6f5d5d226a1782a6e) C:\WINDOWS\system32\drivers\hpfxbulk.sys
2010/11/02 16:50:52.0210 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/02 16:50:53.0142 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/02 16:50:53.0442 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/02 16:50:54.0093 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/02 16:50:54.0354 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/11/02 16:50:54.0714 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/02 16:50:55.0004 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/02 16:50:55.0325 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/02 16:50:55.0615 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/02 16:50:55.0946 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/02 16:50:56.0226 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/02 16:50:56.0587 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/02 16:50:56.0877 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/02 16:50:57.0077 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/02 16:50:57.0959 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/02 16:50:58.0349 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/02 16:50:58.0660 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2010/11/02 16:50:58.0910 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/02 16:50:59.0170 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/02 16:50:59.0501 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/02 16:50:59.0831 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/11/02 16:51:00.0422 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/02 16:51:00.0863 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/02 16:51:01.0113 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/02 16:51:01.0464 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/02 16:51:02.0045 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/02 16:51:02.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/02 16:51:02.0946 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/02 16:51:03.0216 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/02 16:51:03.0577 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/02 16:51:03.0827 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/02 16:51:04.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/02 16:51:04.0348 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/02 16:51:04.0748 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/02 16:51:04.0949 NtApm (325ffaeceeace80d2643e6bdc7c1f9e2) C:\WINDOWS\system32\DRIVERS\NtApm.sys
2010/11/02 16:51:05.0209 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/02 16:51:05.0560 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/02 16:51:05.0800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/02 16:51:06.0020 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/02 16:51:06.0271 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/02 16:51:06.0521 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/02 16:51:06.0711 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/02 16:51:06.0972 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/02 16:51:07.0543 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/02 16:51:07.0803 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/11/02 16:51:09.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/02 16:51:09.0525 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/02 16:51:09.0726 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/02 16:51:10.0877 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/02 16:51:11.0108 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/02 16:51:11.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/02 16:51:11.0538 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/02 16:51:11.0809 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/02 16:51:12.0059 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/02 16:51:12.0349 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/02 16:51:12.0610 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/02 16:51:12.0910 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/02 16:51:13.0211 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
2010/11/02 16:51:13.0431 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2010/11/02 16:51:13.0701 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2010/11/02 16:51:13.0942 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2010/11/02 16:51:14.0202 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/02 16:51:14.0623 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/02 16:51:14.0833 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/02 16:51:15.0143 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/02 16:51:15.0925 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/02 16:51:16.0205 Srv (70cd8b8dd2a680b128617c19eb0ab94f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/02 16:51:16.0656 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/02 16:51:17.0236 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/11/02 16:51:18.0338 Tcpip (5ae1c2695f6523ad98b948f2887d8c5e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/02 16:51:18.0789 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/02 16:51:19.0159 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/02 16:51:19.0349 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/02 16:51:20.0321 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/02 16:51:20.0902 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/02 16:51:21.0252 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/02 16:51:21.0523 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/02 16:51:21.0783 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/02 16:51:22.0093 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
2010/11/02 16:51:22.0404 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/02 16:51:22.0634 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/02 16:51:22.0784 Suspicious service (NoAccess): vbmaa4e3
2010/11/02 16:51:23.0005 vbmaa4e3 (40aeb1b54132ef90f5853a3fa19b8f6d) C:\WINDOWS\system32\drivers\vbmaa4e3.sys
2010/11/02 16:51:23.0005 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmaa4e3.sys. md5: 40aeb1b54132ef90f5853a3fa19b8f6d
2010/11/02 16:51:23.0045 vbmaa4e3 - detected Locked service (1)
2010/11/02 16:51:23.0285 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/02 16:51:23.0726 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/02 16:51:24.0607 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/02 16:51:25.0358 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/11/02 16:51:27.0782 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/02 16:51:28.0392 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/02 16:51:28.0973 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/02 16:51:30.0415 ================================================================================
2010/11/02 16:51:30.0415 Scan finished
2010/11/02 16:51:30.0415 ================================================================================
2010/11/02 16:51:30.0486 Detected object count: 2
2010/11/02 16:57:44.0463 AFD (5d0cd3793630320bfa2750379979f14a) C:\WINDOWS\System32\drivers\afd.sys
2010/11/02 16:57:44.0473 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: 5d0cd3793630320bfa2750379979f14a, Fake md5: 38d7b715504da4741df35e3594fe2099
2010/11/02 16:57:44.0573 C:\WINDOWS\System32\drivers\afd.sys - quarantined
2010/11/02 16:57:44.0573 Forged file(AFD) - User select action: Quarantine
2010/11/02 16:57:44.0914 vbmaa4e3 (40aeb1b54132ef90f5853a3fa19b8f6d) C:\WINDOWS\system32\drivers\vbmaa4e3.sys
2010/11/02 16:57:44.0914 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmaa4e3.sys. md5: 40aeb1b54132ef90f5853a3fa19b8f6d
2010/11/02 16:57:44.0944 C:\WINDOWS\system32\drivers\vbmaa4e3.sys - quarantined
2010/11/02 16:57:44.0944 Locked service(vbmaa4e3) - User select action: Quarantine

#5 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 04:06 PM

Rkill log

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 11/02/2010 at 17:05:43.


Services Stopped:


Processes terminated by Rkill or while it was running:


\\.\globalroot\Device\svchost.exe\svchost.exe
C:\Documents and Settings\Administrator.TPA-058\Desktop\rkill.scr


Rkill completed on 11/02/2010 at 17:05:49.

#6 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 04:18 PM

I installed Superantispyware free and updated def. files however once I started it never got to main screen and when trying to restar it I get this "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

#7 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 04:44 PM

Ok downloded and installed SuperAntispyware portable and it runs for 12 min. and shuts down on its own I was able to wright down two infections before it closed 典rojan.Dropper/SVCHost-Fake there were two instances of this and also 17 of 鄭dware.HBHelper

#8 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 02 November 2010 - 04:53 PM

Downloaded installed and updated MBAM on normal mode. There is no change it will run for 10sec and quits

Boopme thanks for the help hope to hear from you. I will be away from the computer till tomorrow morning so will not be able to do anything else for today.

Edited by lanra, 02 November 2010 - 05:03 PM.


#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:13 AM

Posted 02 November 2010 - 08:28 PM

Hell, had to run out. Take OWNERSHIP of SAS
Right click on the SAS folder/icon.

Goto properties.

Goto security

Goto advanced

Click on your username

Tick take ownership

Hit OK, if asked say all files and subfolders.

Run again.


How to take ownership of a file or a folder in Windows XP

Edited by boopme, 02 November 2010 - 08:30 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 03 November 2010 - 08:53 AM

Ok boopme no prob. and thanks again for your help. I was able to take ownership of SAS it took me 3 times and first 2 times it quit after the initial setup was finished. On the third it finally let me set the configurations and it run for about 12 min just like the portable version did it also found the same infections from previous post 典rojan.Dropper/SVCHost-Fake there were two instances of this and also 17 of 鄭dware.HBHelper

Over night I booted to a Kaspersky Rescue Disk and this morning I had some results I will post the log here, however I don't know how to open it properly and notepad shows the results a little jumble

Kaspersky log

RPD2 /  P sP 5ヌワX 椴ュユリX 5ヌワX / g L ! O " Z # {# $ 「9 % ; & x= ' g? ( GC ) XA * 9E + 'G , I - K .  strm  シ  。 i ? 0ods 0 
0BC:/WINDOWS/system32/usミオrinit.exe 0*Packed.Win32.Krap.ao  貅クf0 0 x 芋ケ 0 0 0BC:/WINDOWS/system32/usミオrinit.exe 符・キ涜F :" A
 C:/WINDOWS/system32/usミオrinit.exe 貅テh 0  strm  シ  ク ? 0ods 0 
0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 0(Trojan.Win32.PMax.i  貅セ50 0 f ト 紙コ? 0 0 0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll ム供ニ萢皎Z p A
 C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 貅テh 0 7 strm  シ 7 ッ p ? 0ods 0 
0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 08Trojan-Spy.Win32.Agent.blbk  貅セt0 0 f リ 献哇C 0 0 0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini °ヲ衒ホッィ A) A
 C:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 貅テh 0  strm  シ  ラ ? 0ods 0 
0xC:/Program Files/NoAdware.com/No Adware No Spyware/Core.dll 0`not-a-virus:FraudTool.Win32.BPSSpywareRemover.b  貅ヒ/0 0 h ッ 昇毬 0 0 0xC:/Program Files/NoAdware.com/No Adware No Spyware/Core.dll ホt鬥蚌 T< A
 C:/Program Files/NoAdware.com/No Adware No Spyware/Core.dll 貅テh 0  ャvHェホXstrm  シ  ラ ? 0ods 0  0xC:/Program Files/NoAdware.com/No Adware No Spyware/Core.dll 0`not-a-virus:FraudTool.Win32.BPSSpywareRemover.b  貅,0 0 h ッ 昇毬 0 0 0xC:/Program Files/NoAdware.com/No Adware No Spyware/Core.dll ホt鬥蚌 T< A
 C:/Program Files/NoAdware.com/No Adware No Spyware/Core.dll 貅テhカウハ懺R0  strm  シ  タ G 0ods 0Scan_Objects  0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 0(Trojan.Win32.PMax.i  貅'0 0 f ト 紙コ? 0 0 0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll ム供ニ萢皎Z p A
 C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 貅テh↑フ恕リ横 0 G strm  シ G キ x G 0ods 0Scan_Objects  0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 08Trojan-Spy.Win32.Agent.blbk  貅'0 0 f リ 献哇C 0 0 0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini °ヲ衒ホッィ A) A
 C:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 貅テhウヅワ0 + 怨1ュホXstrm  シ + ゥ q G 0ods 0Scan_Objects  0BC:/WINDOWS/system32/usミオrinit.exe 0*Packed.Win32.Krap.ao  貅)0 0 x 芋ケ 0 0 0BC:/WINDOWS/system32/usミオrinit.exe 符・キ涜F :" A
 C:/WINDOWS/system32/usミオrinit.exe 貅テh‰禾官∩ツ0  strm  シ  ク ? 0ods 0 
0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 04HEUR:Trojan.Win32.Generic  貊゙10 0 = ト キ鱶 0 0 0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll ム供ニ萢皎Z p A
 C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 貅テh↑フ恕リ横 0 ? strm  シ ? ッ p ? 0ods 0 
0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 08Trojan-Spy.Win32.Agent.blbk  貊゙x0 0 f リ 献哇C 0 0 0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini °ヲ衒ホッィ A) A
 C:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 貅テhウヅワ0  strm  シ  ク ?  0ods 0 
0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 04HEUR:Trojan.Win32.Generic  戝モh0 0 = ト キ鱶 0 0 0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll ム供ニ萢皎Z p A
 C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 貅テhマ血琳0 G strm  シ G キ x G 0ods 0Scan_Objects  0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 08Trojan-Spy.Win32.Agent.blbk  豼菟0 0 f リ 献哇C 0 0 0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini °ヲ衒ホッィ A) A
 C:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 貅テhウヅワ0  Ws&リXstrm  シ  タ G 0ods 0Scan_Objects  0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 0(Trojan.Win32.PMax.i  戝ゥ
0 0 f ト 紙コ? 0 0 0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll ム供ニ萢皎Z p A
 C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 貅テh↑フ恕リ横 0 ? strm  シ ? ッ p ?  0ods 0 
0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 08Trojan-Spy.Win32.Agent.blbk  戝ヤ00 0 f リ 献哇C 0 0 0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini °ヲ衒ホッィ A) A
 C:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 貅テhウヅワ0 ム strm  シ ム ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000003.dll 04HEUR:Trojan.Win32.Generic  戝緞0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000003.dll サノ毘ネチT u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000003.dll 貅テh 0 ユ strm  シ ユ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000004.ini 08Trojan-Spy.Win32.Agent.blbk  戝緻0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000004.ini タオ樺ロィン奏 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000004.ini 貅テh 0 メ strm  シ メ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000010.dll 04HEUR:Trojan.Win32.Generic  戝緲0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000010.dll ∀葩龜ー u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000010.dll 貅テh 0 ユ strm  シ ユ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000011.ini 08Trojan-Spy.Win32.Agent.blbk  戝緲0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000011.ini ノイ卮5 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000011.ini 貅テh 0 ユ strm  シ ユ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000024.ini 08Trojan-Spy.Win32.Agent.blbk  戝縅0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000024.ini %」αテ憫ヌ u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000024.ini 貅テh 0 メ strm  シ メ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000023.dll 04HEUR:Trojan.Win32.Generic  戝縅0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000023.dll <椋レンC u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000023.dll 貅テh 0 メ strm  シ メ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000044.dll 04HEUR:Trojan.Win32.Generic  戝縣0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000044.dll ュモ羔「7 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000044.dll 貅テh 0 ユ strm  シ ユ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000045.ini 08Trojan-Spy.Win32.Agent.blbk  戝縣0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000045.ini カヴェョ u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000045.ini 貅テh 0 メ strm  シ メ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000064.dll 04HEUR:Trojan.Win32.Generic  戝縱0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000064.dll §ォ鞏Τウ9 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000064.dll 貅テh 0 ユ strm  シ ユ ・ ?  0ods 0 
0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000065.ini 08Trojan-Spy.Win32.Agent.blbk  戝縱0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000065.ini チモタク、ホ u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000065.ini 貅テh 0 ル SンテワXstrm  シ ル ・ ?  0ods 0  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000003.dll 04HEUR:Trojan.Win32.Generic  貽オ30 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000003.dll サノ毘ネチT u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000003.dll 貅テhコヨせ0  oイ#ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000004.ini 08Trojan-Spy.Win32.Agent.blbk  貽カO0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000004.ini タオ樺ロィン奏 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000004.ini 貅テh粱ャョセ.0  oイ#ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000010.dll 04HEUR:Trojan.Win32.Generic  貽カO0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000010.dll ∀葩龜ー u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000010.dll 貅テh○ムカ戻ノモンp0  Pィ)ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000011.ini 08Trojan-Spy.Win32.Agent.blbk  貽カP0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000011.ini ノイ卮5 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000011.ini 貅テhク雹響ぷ0  Pィ)ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000023.dll 04HEUR:Trojan.Win32.Generic  貽カP0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000023.dll <椋レンC u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000023.dll 貅テhΨ企タ。00  Pィ)ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000024.ini 08Trojan-Spy.Win32.Agent.blbk  貽カP0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000024.ini %」αテ憫ヌ u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000024.ini 貅テh≦ヒォ燎S0  1/ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000044.dll 04HEUR:Trojan.Win32.Generic  貽カQ0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000044.dll ュモ羔「7 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000044.dll 貅テhフチナタ筴0  1/ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000045.ini 08Trojan-Spy.Win32.Agent.blbk  貽カQ0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000045.ini カヴェョ u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000045.ini 貅テhシ楳郛チ:0  1/ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000064.dll 04HEUR:Trojan.Win32.Generic  貽カQ0 0 = ト キ鱶 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000064.dll §ォ鞏Τウ9 u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000064.dll 貅テh$ァ動セス常-0  1/ヌワXstrm  シ  ュ G  0ods 0Scan_Objects  0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000065.ini 08Trojan-Spy.Win32.Agent.blbk  貽カQ0 0 f リ 献哇C 0 0 0:C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000065.ini チモタク、ホ u] A
 C:/System Volume Information/_restore{703A4529-D228-42C6-8A8C-19D5122EA21A}/RP1/A0000065.ini 貅テh∋セホソ、蔭W0  5ヌワXstrm  シ  タ G  0ods 0Scan_Objects  0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 04HEUR:Trojan.Win32.Generic  貽カR0 0 = ト キ鱶 0 0 0〜C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll ム供ニ萢皎Z p A
 C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909/shsvcs.dll 貅テhマ血琳0 G 5ヌワXstrm  シ G キ x G  0ods 0Scan_Objects  0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 08Trojan-Spy.Win32.Agent.blbk  貽カR0 0 f リ 献哇C 0 0 0RC:/WINDOWS/assembly/GAC_MSIL/Desktop.ini °ヲ衒ホッィ A) A
 C:/WINDOWS/assembly/GAC_MSIL/Desktop.ini 貅テhウヅワ0

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:13 AM

Posted 03 November 2010 - 02:35 PM

Maybe we can run an online scan now and get a better log to read.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 03 November 2010 - 02:58 PM

Ok I'm trying this now

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:13 AM

Posted 03 November 2010 - 03:35 PM

OK, I'll be baclk around 7pm
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 lanra

lanra
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:13 AM

Posted 03 November 2010 - 05:49 PM

boopme it finally finished but I have to go home I'll check back in tomorrow below its the ESET log

C:\MGtools\Process.exe Win32/PrcView application cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.11.2010_14.31.46\susp0000\svc0000\tsk0000.dta a variant of Win32/Olmarik.AGN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.11.2010_16.50.19\susp0000\svc0000\tsk0000.dta Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.11.2010_16.50.19\susp0001\svc0000\tsk0000.dta a variant of Win32/Olmarik.AGN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.11.2010_15.32.33\susp0000\svc0000\tsk0000.dta Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.11.2010_15.32.33\susp0001\svc0000\tsk0000.dta a variant of Win32/Olmarik.AGN trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2010_14.52.37\susp0000\svc0000\tsk0000.dta Win32/Rootkit.Agent.NSF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\29.10.2010_14.52.37\susp0001\svc0000\tsk0000.dta a variant of Win32/Olmarik.AGN trojan cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JL6KV36Y\script_card[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\T5ZS95HI\script_card[1] Win32/Adware.Antivirus2010 application cleaned by deleting - quarantined
C:\WINDOWS\system32\drivers\afd.sys Win32/Rootkit.Agent.NSF trojan unable to clean

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:13 AM

Posted 03 November 2010 - 07:38 PM

Hello again lanra. ... In that log ... Win32/Rootkit.Agent.NSF trojan unable to clean
This means we will need some special tools as this is tricky to remove. We have specialists here for this,but we need to move and post a DDS and GMER log.


We need a deeper look. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users