Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM found 100+ viruses


  • Please log in to reply
9 replies to this topic

#1 M12 130013S

M12 130013S

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:02:47 AM

Posted 08 November 2010 - 02:26 AM

MalwareBytes found around 143 different viruses, on my bro's gf's computer
MalwareBytes log say that they were all quarantined successfully and recent scans indicate that the computer is clean
but when I try to use the internet, google chrome or ie8 cannot connect to the internet
I have successfully pinged all websites I was trying to access...(google.com, facebook.com, msn.com, yahoo.com)
Yet scans still indicate that the computer is clean
There is no anti virus software currently installed on the comp
also the os is windows xp
I have attached all MBAM logs of scans that I have run since I started working on the comp
I thank everybody who is willing to take the time to help me fix this problem

Attached Files


Edited by Budapest, 10 November 2010 - 03:53 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~BP


BC AdBot (Login to Remove)

 


#2 M12 130013S

M12 130013S
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:02:47 AM

Posted 10 November 2010 - 01:16 AM

https connections works on ie8 but not google chrome ex. https://www.google.com
http connections will not connect
I installed avast onto the comp and it found 24 viruses and quarantined them
that is all i have learned so far

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 AM

Posted 10 November 2010 - 07:01 PM

Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

Please download Norman Malware Cleaner and save to your desktop.
alternate download link
Note: If you previously used Norman, delete that version and download it again as the tool is frequently updated!
  • Be sure to read all the information Norman provides on that same page.
  • Double-click on Norman_Malware_Cleaner.exe to start. Vista/Windows 7 users right-click and select Run As Administrator.
    The tool is very slow to load as it uses a special driver. This is normal so please be patient.
  • Read the End User License Agreement and click the Accept button to open the scanning window.
  • Click Start Scan to begin.
  • In some cases Norman Malware Cleaner may require that you restart the computer to completely remove an infection. If prompted, reboot to ensure that all infections are removed.
  • After the scan has finished, a log file a log file named NFix_date_time (i.e. NFix_2009-06-22_07-08-56.log) will be created on your desktop with the results.
  • Copy and paste the contents of that file in your next reply.
-- Note: If you need to scan usb flash drives and/or other removable drives, use the Add button to browse to the drives location, click on the drive to highlight and choose Ok.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 M12 130013S

M12 130013S
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:02:47 AM

Posted 11 November 2010 - 03:55 AM

Here is the tdsskiller log

2010/11/10 21:07:23.0703 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/10 21:07:23.0703 ================================================================================
2010/11/10 21:07:23.0703 SystemInfo:
2010/11/10 21:07:23.0703
2010/11/10 21:07:23.0703 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/10 21:07:23.0703 Product type: Workstation
2010/11/10 21:07:23.0703 ComputerName: TRACY-A6B60ACD5
2010/11/10 21:07:23.0703 UserName: Tracy Sutherland
2010/11/10 21:07:23.0703 Windows directory: C:\WINDOWS
2010/11/10 21:07:23.0703 System windows directory: C:\WINDOWS
2010/11/10 21:07:23.0703 Processor architecture: Intel x86
2010/11/10 21:07:23.0703 Number of processors: 2
2010/11/10 21:07:23.0703 Page size: 0x1000
2010/11/10 21:07:23.0703 Boot type: Normal boot
2010/11/10 21:07:23.0703 ================================================================================
2010/11/10 21:07:26.0968 Initialize success
2010/11/10 21:07:33.0203 ================================================================================
2010/11/10 21:07:33.0203 Scan started
2010/11/10 21:07:33.0203 Mode: Manual;
2010/11/10 21:07:33.0203 ================================================================================
2010/11/10 21:07:33.0765 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/11/10 21:07:33.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/10 21:07:34.0000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/10 21:07:34.0171 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/10 21:07:34.0265 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/10 21:07:34.0500 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/11/10 21:07:34.0531 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/11/10 21:07:34.0562 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/11/10 21:07:34.0609 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/11/10 21:07:34.0703 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/11/10 21:07:34.0781 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/10 21:07:34.0828 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/10 21:07:34.0984 ati2mtag (f0d0b0cdec0be32d775f404cac2604bf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/11/10 21:07:35.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/10 21:07:35.0937 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/10 21:07:36.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/10 21:07:36.0218 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/10 21:07:36.0375 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/10 21:07:36.0531 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/10 21:07:36.0609 Cdr4_xp (297acc7d7c66ec86ee0b4eb5af9a8fd3) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/11/10 21:07:36.0687 Cdralw2k (5e31abf467a6fd857710c0927c88ee4c) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/11/10 21:07:36.0781 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010/11/10 21:07:36.0859 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/10 21:07:37.0390 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/11/10 21:07:37.0500 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/11/10 21:07:37.0687 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/11/10 21:07:37.0828 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/10 21:07:38.0031 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/10 21:07:38.0109 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/10 21:07:38.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/10 21:07:38.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/10 21:07:38.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/10 21:07:38.0437 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/11/10 21:07:38.0500 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/10 21:07:38.0609 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/10 21:07:38.0671 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/10 21:07:38.0703 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/10 21:07:39.0187 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/10 21:07:39.0265 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/10 21:07:39.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/10 21:07:39.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/10 21:07:39.0500 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/10 21:07:39.0593 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/10 21:07:39.0734 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/11/10 21:07:39.0906 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2010/11/10 21:07:40.0093 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/10 21:07:40.0187 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/10 21:07:40.0281 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/10 21:07:40.0406 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/10 21:07:40.0468 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/10 21:07:40.0546 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/10 21:07:40.0843 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/10 21:07:41.0078 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/10 21:07:41.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/10 21:07:41.0312 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/10 21:07:41.0359 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/10 21:07:41.0406 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/10 21:07:41.0468 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/10 21:07:41.0562 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/10 21:07:41.0687 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/10 21:07:41.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/10 21:07:42.0046 Lavasoft Kernexplorer (0bd6d3f477df86420de942a741dabe37) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
2010/11/10 21:07:42.0390 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
2010/11/10 21:07:42.0593 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/11/10 21:07:42.0687 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/11/10 21:07:42.0781 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/10 21:07:42.0843 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/10 21:07:42.0890 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/10 21:07:42.0937 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/10 21:07:43.0015 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/10 21:07:43.0125 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/10 21:07:43.0250 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/10 21:07:43.0437 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/10 21:07:43.0500 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/10 21:07:43.0546 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/10 21:07:43.0593 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/10 21:07:43.0609 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/10 21:07:43.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/10 21:07:43.0750 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/10 21:07:44.0093 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/10 21:07:44.0406 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/10 21:07:44.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/10 21:07:44.0625 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/10 21:07:44.0750 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/10 21:07:44.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/10 21:07:44.0906 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/10 21:07:45.0000 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/10 21:07:45.0031 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/10 21:07:45.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/10 21:07:45.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/10 21:07:45.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/10 21:07:45.0250 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
2010/11/10 21:07:45.0281 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
2010/11/10 21:07:45.0312 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
2010/11/10 21:07:45.0390 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
2010/11/10 21:07:45.0484 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/11/10 21:07:45.0656 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/11/10 21:07:45.0968 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
2010/11/10 21:07:46.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/10 21:07:46.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/10 21:07:46.0515 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/10 21:07:46.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/10 21:07:46.0703 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/10 21:07:46.0765 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/10 21:07:47.0250 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/11/10 21:07:47.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/10 21:07:47.0531 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/10 21:07:47.0578 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/10 21:07:47.0750 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys
2010/11/10 21:07:48.0078 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/10 21:07:48.0125 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/10 21:07:48.0390 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/10 21:07:48.0421 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/10 21:07:48.0484 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/10 21:07:48.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/10 21:07:48.0546 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/10 21:07:48.0593 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/10 21:07:48.0656 redbook (8cb1d6c35c90ed2cc68c5cf49e9b8dff) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/10 21:07:48.0656 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8cb1d6c35c90ed2cc68c5cf49e9b8dff, Fake md5: f828dd7e1419b6653894a8f97a0094c5
2010/11/10 21:07:48.0656 redbook - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/11/10 21:07:49.0000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/10 21:07:49.0156 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2010/11/10 21:07:49.0468 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/10 21:07:49.0500 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/10 21:07:49.0578 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/10 21:07:49.0812 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2010/11/10 21:07:49.0906 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/10 21:07:50.0031 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/10 21:07:50.0109 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/10 21:07:50.0234 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/10 21:07:50.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/10 21:07:50.0359 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/10 21:07:50.0531 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/11/10 21:07:50.0671 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/10 21:07:51.0093 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/10 21:07:51.0234 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/10 21:07:51.0281 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/10 21:07:51.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/10 21:07:51.0546 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/11/10 21:07:51.0562 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/10 21:07:51.0687 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/10 21:07:51.0796 usbbus (d9f3bb7c292f194f3b053ce295754eb8) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/11/10 21:07:51.0921 UsbDiag (c4f77da649f99fad116ea585376fc164) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/11/10 21:07:51.0984 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/10 21:07:52.0015 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/10 21:07:52.0062 USBModem (c0613ce45e617bc671de8ebb1b30d175) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/11/10 21:07:52.0109 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/10 21:07:52.0218 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/10 21:07:52.0281 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/10 21:07:52.0359 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/10 21:07:52.0406 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/10 21:07:52.0531 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/10 21:07:52.0625 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/10 21:07:52.0703 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2010/11/10 21:07:52.0812 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/10 21:07:53.0046 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/11/10 21:07:53.0375 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/10 21:07:53.0406 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/10 21:07:53.0984 ================================================================================
2010/11/10 21:07:53.0984 Scan finished
2010/11/10 21:07:53.0984 ================================================================================
2010/11/10 21:07:54.0000 Detected object count: 1
2010/11/10 21:08:05.0015 redbook (8cb1d6c35c90ed2cc68c5cf49e9b8dff) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/10 21:08:05.0015 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8cb1d6c35c90ed2cc68c5cf49e9b8dff, Fake md5: f828dd7e1419b6653894a8f97a0094c5
2010/11/10 21:08:09.0765 Backup copy found, using it..
2010/11/10 21:08:09.0906 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2010/11/10 21:08:09.0906 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure

And here is the Norman Malware Log

Norman Malware Cleaner
Version 1.8.3
Copyright © 1990 - 2010, Norman ASA. Built 2010/11/10 06:28:38

Norman Scanner Engine Version: 6.06.07
Nvcbin.def Version: 6.06.00, Date: 2010/11/10 06:28:38, Variants: 8008004

Scan started: 2010/11/10 22:41:39

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600 Service Pack 3
Logged on user: TRACY-A6B60ACD5\Tracy Sutherland

Removed registry value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000
Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableTaskMgr = 0x00000000

Scanning kernel...

Kernel scan complete


Scanning bootsectors...

Number of sectors found: 1
Number of sectors scanned: 1
Number of sectors not scanned: 0
Number of infections found: 0
Number of infections removed: 0
Total scanning time: 0s 157ms


Scanning running processes and process memory...

Number of processes/threads found: 3962
Number of processes/threads scanned: 3962
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 4m 1s


Scanning file system...

Scanning: prescan

Scanning: C:\*.*

C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.res/beta.dfm.miaf (Error whilst scanning file: I/O Error (0x00220005))

C:\Program Files\alot\alotUninst.exe (Infected with W32/Obfuscated.AK!genr)
Removed registry key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall -> alotToolbar
Deleted file

C:\Program Files\Fast Browser Search\IE\SearchGuardPlus.exe (Infected with W32/SearchGuardPlus.A)
Deleted file

C:\Program Files\Fast Browser Search\IE\sgpUpdater.exe (Infected with W32/SearchGuardPlus.A)
Deleted file

C:\Program Files\Fast Browser Search\IE\SGPUpdaterS.exe (Infected with W32/SearchGuardPlus.A)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP635\A0046501.dll (Infected with TXT/JunkFile.BE)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0047622.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0047623.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0047624.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0048372.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0048375.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0048376.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0048377.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0048378.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP639\A0048379.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP643\A0048501.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP643\A0048502.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP643\A0048503.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP643\A0049391.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP643\A0049392.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP643\A0049393.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP651\A0050404.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP651\A0050405.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP651\A0050406.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP655\A0050478.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP655\A0050479.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP655\A0050480.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP656\A0050497.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP656\A0050498.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP656\A0050499.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP656\A0050520.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP656\A0050521.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP656\A0050522.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP671\A0050679.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP671\A0050680.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP671\A0050681.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP673\A0051908.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP673\A0051909.lnk (Infected with LNK/Redir.I)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP673\A0051910.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP673\A0051911.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP673\A0051915.lnk (Infected with LNK/Redir.G)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP673\A0051916.lnk (Infected with LNK/Redir.H)
Deleted file

C:\System Volume Information\_restore{E00D33A3-F1EA-41C1-9E68-5AB20581947C}\RP674\A0054940.ocx (Infected with W32/Suspicious_Gen.CZDW)
Deleted file

C:\WINDOWS\system32\UACpyrohufo.dat (Infected with TdssConf.C)
Deleted file

Scanning: C:\System Volume Information\*.*

Scanning: postscan


Running post-scan cleanup routine:

Number of files found: 224217
Number of archives unpacked: 964
Number of files scanned: 224214
Number of files not scanned: 3
Number of files skipped due to exclude list: 0
Number of infected files found: 43
Number of infected files repaired/deleted: 43
Number of infections removed: 43
Total scanning time: 1h 51m 46s

Still cannot connect to the internet via http

Edited by M12 130013S, 11 November 2010 - 03:57 AM.


#5 M12 130013S

M12 130013S
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:02:47 AM

Posted 11 November 2010 - 05:16 AM

I restarted the computer after I posted that the internet did not work and tried the internet...turns out it works
thank you very much for all the help in helping me getting this to work :thumbsup:
but avast cannot connect to servers to update

Edited by M12 130013S, 11 November 2010 - 05:37 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 AM

Posted 11 November 2010 - 07:26 AM

This is the pertinent section of the log which indicates a TDSS, TDL3/TDL4 rootkit infection. The forged file was identified and will be cured after reboot.

2010/11/10 21:07:54.0000 Detected object count: 1
2010/11/10 21:08:05.0015 redbook (8cb1d6c35c90ed2cc68c5cf49e9b8dff) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/10 21:08:05.0015 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\redbook.sys. Real md5: 8cb1d6c35c90ed2cc68c5cf49e9b8dff, Fake md5: f828dd7e1419b6653894a8f97a0094c5
2010/11/10 21:08:09.0765 Backup copy found, using it..
2010/11/10 21:08:09.0906 C:\WINDOWS\system32\DRIVERS\redbook.sys - will be cured after reboot
2010/11/10 21:08:09.0906 Rootkit.Win32.TDSS.tdl3(redbook) - User select action: Cure


Try doing an online scan to see if it finds anything else (i.e. remnants) that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • This scan requires Internet Explorer to work. If using a different browser, you will be given the option to download and use the ESET Smart Installer.
  • Vista/Windows 7 users need to run Internet Explorer as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 M12 130013S

M12 130013S
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:02:47 AM

Posted 11 November 2010 - 09:25 AM

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=4cd842e1e1caa842a7c2b84593034a6c
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-11 02:21:46
# local_time=2010-11-11 06:21:46 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 150399 150399 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66405
# found=0
# cleaned=0
# scan_time=2005

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 AM

Posted 11 November 2010 - 10:23 AM

How is your computer running now? Are there any more signs of infection, strange audio ads, unwanted pop-ups, security alerts, or browser redirects?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 M12 130013S

M12 130013S
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:America
  • Local time:02:47 AM

Posted 11 November 2010 - 05:24 PM

Nope, the only thing that i can see is that it is running a little slow. But I had only ever used the comp while it was infected so I don't know how it ran before it got infected. But everything seems to be running smoothly and I appriciate all your assistance with helping me fix this computer

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:47 AM

Posted 11 November 2010 - 06:34 PM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
If your computer still seems to be slow you may want to try some of the suggestions provided in Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness and poor performance besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, too many browser Add-ons/toolbars, failure to clear browser cache, not enough RAM, dirty hardware components, etc. As you use your system it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential. Incompatible browser extensions and add-ons can impact system performance and cause compatibility issues such as application hangs (freezing).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users