Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2010 virus - cleaners won't run


  • This topic is locked This topic is locked
15 replies to this topic

#1 steelcat

steelcat

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 11 November 2010 - 11:48 AM

This is the first time I have posted here. I definitely appreciate any help!

My daughter's laptop was infected with Antivirus 2010. The laptop runs on the Windows XP system in a wireless environemnt.

I WAS able to remove the Antivirus 2010 "program" using the Add/Remove Programs in the Control Panel and bring a little stability to the computer, but it still is infected. It will not allow any anti-malware or anti-virus software to run, regardless of what I try (like
cacls c:/progams/malwarebytes/mwbm.ext /G everyone:F at command prompt - it allows me to run it and it actually starts with this, but it shuts down after a few seconds). I also tried running malwarebytes from a disk I downloaded using a different PC, but got the same results. It also changes the website to an adertising website when we attempt to go to one using a link vs. just typing it in manually.

Any ideas on how to get around this and "clean" the computer?

Thanks!!

BC AdBot (Login to Remove)

 


#2 Alvas Rawuther

Alvas Rawuther

  • Members
  • 356 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mumbai, India.
  • Local time:09:22 PM

Posted 11 November 2010 - 12:01 PM

Try doing the same in safe mode.
SYSTEM SPECS.
Windows 7 Ultimate SP1 | Intel Core 2 Duo E7500 @ 2.93GHz | 4.00 GB Dual-Channel DDR2 @ 333MHz RAM | 488 GB WD SATA HDD | 1024MB ATI Radeon HD 4350 | No real-time antivirus | MBAM on-demand | Windows 7's Built-in Firewall |

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,727 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:52 AM

Posted 11 November 2010 - 02:11 PM

Actually there are a couple more steps to do.

Please follow our Removal Guide here How to remove Antivirus 2010 .
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Edited by boopme, 11 November 2010 - 02:12 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 steelcat

steelcat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 12 November 2010 - 01:05 AM

Unfortunately, I am having the same results in safe mode with networking. Malwarebytes starts to run but is shut down after just a few seconds. This is a pretty aggressive virus. Any other thoughts?

#5 Alvas Rawuther

Alvas Rawuther

  • Members
  • 356 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mumbai, India.
  • Local time:09:22 PM

Posted 12 November 2010 - 01:31 AM

Try renaming mbam.exe to something else like game.exe or fifa.exe and then running it.
Alternatively, you can try http://www.superantispyware.com and perform a scan with it.

If that too does not help, you can download -
http://download.bleepingcomputer.com/grinler/rkill.com

And if that malware does not allow it to run, try these which are renamed copies of rkill.com -
http://download.bleepingcomputer.com/grinler/iExplore.exe
http://download.bleepingcomputer.com/grinler/eXplorer.exe

Download it and run it.

Edited by Alvas Rawuther, 12 November 2010 - 01:37 AM.

SYSTEM SPECS.
Windows 7 Ultimate SP1 | Intel Core 2 Duo E7500 @ 2.93GHz | 4.00 GB Dual-Channel DDR2 @ 333MHz RAM | 488 GB WD SATA HDD | 1024MB ATI Radeon HD 4350 | No real-time antivirus | MBAM on-demand | Windows 7's Built-in Firewall |

#6 steelcat

steelcat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 13 November 2010 - 12:09 AM

I attempted these but the virus shuts them down almost right as they begin to run and then changes the "rights" to the file and indicates you may not have permissions to the item.

#7 No0b

No0b

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 AM

Posted 13 November 2010 - 01:26 AM

Have you tried running RKill on Safe Mode? Try running the renamed version of RKill ( http://download.bleepingcomputer.com/grinler/iExplore.exe ) instead. :)

#8 steelcat

steelcat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 13 November 2010 - 02:31 AM

Man this is a bugger of a virus. I ran the RKill in safe mode using the link you provided. It ran,but ultimately, I am having the same results. Malwarebytes shuts down nearly right away.

#9 Alvas Rawuther

Alvas Rawuther

  • Members
  • 356 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mumbai, India.
  • Local time:09:22 PM

Posted 13 November 2010 - 02:41 AM

Hmm, that virus just doesn't want to go.
Try an online scanner like from ESET - http://www.eset.com/online-scanner
Also, use Internet Explorer to run that scan directly.

Edited by Alvas Rawuther, 13 November 2010 - 03:23 AM.

SYSTEM SPECS.
Windows 7 Ultimate SP1 | Intel Core 2 Duo E7500 @ 2.93GHz | 4.00 GB Dual-Channel DDR2 @ 333MHz RAM | 488 GB WD SATA HDD | 1024MB ATI Radeon HD 4350 | No real-time antivirus | MBAM on-demand | Windows 7's Built-in Firewall |

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,727 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:52 AM

Posted 13 November 2010 - 10:55 AM

Hello and welcome,this is a restricted tool. Please try ruuning it first from normal mode and then safe if needed.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 steelcat

steelcat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 13 November 2010 - 12:29 PM

Here is the file after running

2010/11/13 11:14:11.0562 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/13 11:14:11.0562 ================================================================================
2010/11/13 11:14:11.0562 SystemInfo:
2010/11/13 11:14:11.0562
2010/11/13 11:14:11.0562 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/13 11:14:11.0562 Product type: Workstation
2010/11/13 11:14:11.0562 ComputerName: TOSHIBA-USER
2010/11/13 11:14:11.0562 UserName: Beth DeMars
2010/11/13 11:14:11.0562 Windows directory: C:\WINDOWS
2010/11/13 11:14:11.0562 System windows directory: C:\WINDOWS
2010/11/13 11:14:11.0562 Processor architecture: Intel x86
2010/11/13 11:14:11.0562 Number of processors: 2
2010/11/13 11:14:11.0562 Page size: 0x1000
2010/11/13 11:14:11.0562 Boot type: Normal boot
2010/11/13 11:14:11.0562 ================================================================================
2010/11/13 11:14:11.0968 Initialize success
2010/11/13 11:14:20.0015 ================================================================================
2010/11/13 11:14:20.0015 Scan started
2010/11/13 11:14:20.0015 Mode: Manual;
2010/11/13 11:14:20.0015 ================================================================================
2010/11/13 11:14:21.0625 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/13 11:14:21.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/11/13 11:14:21.0750 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/13 11:14:21.0828 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2010/11/13 11:14:21.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/13 11:14:21.0968 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/11/13 11:14:22.0562 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/11/13 11:14:22.0703 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/13 11:14:22.0843 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/13 11:14:22.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/13 11:14:23.0046 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/13 11:14:23.0125 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/13 11:14:23.0203 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/13 11:14:23.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/13 11:14:23.0328 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/13 11:14:23.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/13 11:14:23.0421 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/11/13 11:14:23.0453 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/11/13 11:14:23.0578 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/13 11:14:23.0656 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2010/11/13 11:14:23.0796 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2010/11/13 11:14:23.0828 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2010/11/13 11:14:23.0843 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2010/11/13 11:14:23.0875 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2010/11/13 11:14:23.0921 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2010/11/13 11:14:24.0000 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2010/11/13 11:14:24.0046 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2010/11/13 11:14:24.0125 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2010/11/13 11:14:24.0218 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/13 11:14:24.0343 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/13 11:14:24.0359 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/13 11:14:24.0421 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/13 11:14:24.0468 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/11/13 11:14:24.0562 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/11/13 11:14:24.0687 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
2010/11/13 11:14:24.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/13 11:14:24.0906 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2010/11/13 11:14:24.0921 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2010/11/13 11:14:24.0984 E100B (2646883e6dd867cd872d5b51b6036710) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/13 11:14:25.0093 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2010/11/13 11:14:25.0171 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/13 11:14:25.0218 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/11/13 11:14:25.0250 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/13 11:14:25.0312 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/11/13 11:14:25.0468 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/13 11:14:25.0546 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2010/11/13 11:14:25.0625 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/13 11:14:25.0750 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/13 11:14:25.0812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/11/13 11:14:25.0890 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/13 11:14:25.0921 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/11/13 11:14:25.0968 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/13 11:14:26.0218 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/13 11:14:26.0390 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/13 11:14:26.0531 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/13 11:14:26.0703 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/13 11:14:27.0203 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/11/13 11:14:28.0609 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/13 11:14:28.0656 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/13 11:14:28.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/13 11:14:28.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/13 11:14:28.0953 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/13 11:14:29.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/13 11:14:29.0062 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/13 11:14:29.0218 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/13 11:14:29.0234 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2010/11/13 11:14:29.0265 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/13 11:14:29.0390 kl1 (ce3958f58547454884e97bda78cd7040) C:\WINDOWS\system32\drivers\kl1.sys
2010/11/13 11:14:29.0421 klbg (53eedab3f0511321ac3ae8bc968b158c) C:\WINDOWS\system32\drivers\klbg.sys
2010/11/13 11:14:29.0484 KLIF (439c778700fce23f2852535d6fa5996d) C:\WINDOWS\system32\DRIVERS\klif.sys
2010/11/13 11:14:29.0562 klim5 (fbdc2034b58d2135d25fe99eb8b747c3) C:\WINDOWS\system32\DRIVERS\klim5.sys
2010/11/13 11:14:29.0718 klmouflt (1f351c4ba53bfe58a1ca5fcdd11e1f81) C:\WINDOWS\system32\DRIVERS\klmouflt.sys
2010/11/13 11:14:29.0921 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/13 11:14:30.0000 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2010/11/13 11:14:30.0062 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/13 11:14:30.0156 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2010/11/13 11:14:30.0203 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/11/13 11:14:30.0234 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/13 11:14:30.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/13 11:14:30.0296 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/13 11:14:30.0375 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/13 11:14:30.0484 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/13 11:14:30.0562 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/13 11:14:30.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/13 11:14:30.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/13 11:14:30.0906 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/13 11:14:30.0937 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/13 11:14:30.0968 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/13 11:14:31.0000 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/13 11:14:31.0015 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/13 11:14:31.0062 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/13 11:14:31.0343 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/13 11:14:31.0421 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/13 11:14:31.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/13 11:14:31.0484 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/13 11:14:31.0531 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/13 11:14:31.0562 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/13 11:14:31.0671 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2010/11/13 11:14:31.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/11/13 11:14:31.0890 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/13 11:14:32.0000 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/13 11:14:32.0078 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/13 11:14:32.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/13 11:14:32.0187 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/13 11:14:32.0218 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/11/13 11:14:32.0265 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/11/13 11:14:32.0359 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/13 11:14:32.0421 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/13 11:14:32.0484 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2010/11/13 11:14:32.0515 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/13 11:14:32.0625 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/13 11:14:32.0703 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/11/13 11:14:32.0843 PCTCore (d9f8e37834eff27442e384d495ee5232) C:\WINDOWS\system32\drivers\PCTCore.sys
2010/11/13 11:14:33.0328 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2010/11/13 11:14:33.0421 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/13 11:14:33.0468 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/13 11:14:33.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/13 11:14:33.0578 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/13 11:14:33.0968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/13 11:14:34.0078 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/13 11:14:34.0171 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/13 11:14:34.0234 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/13 11:14:34.0296 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/13 11:14:34.0343 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/13 11:14:34.0437 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/13 11:14:34.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/13 11:14:34.0546 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/13 11:14:34.0718 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2010/11/13 11:14:34.0875 s616bus (ef4b5a8d53f15cb269469dd4e4bb0109) C:\WINDOWS\system32\DRIVERS\s616bus.sys
2010/11/13 11:14:34.0968 s616mdfl (96187731eefcf83e844bc1ce6617aaeb) C:\WINDOWS\system32\DRIVERS\s616mdfl.sys
2010/11/13 11:14:35.0031 s616mdm (d2dd87368bfecfa099e50dc120f3f513) C:\WINDOWS\system32\DRIVERS\s616mdm.sys
2010/11/13 11:14:35.0078 s616mgmt (5f0be24e4d4fa134b0b2fef35d3a9d90) C:\WINDOWS\system32\DRIVERS\s616mgmt.sys
2010/11/13 11:14:35.0140 s616nd5 (b9b507fcc67e204ef38e05ffd4176345) C:\WINDOWS\system32\DRIVERS\s616nd5.sys
2010/11/13 11:14:35.0187 s616obex (f123a1f2a04a0e8dba80b64f0072475a) C:\WINDOWS\system32\DRIVERS\s616obex.sys
2010/11/13 11:14:35.0296 s616unic (e7e55048ebd5c17bfa791b4a6ec3d54b) C:\WINDOWS\system32\DRIVERS\s616unic.sys
2010/11/13 11:14:35.0593 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\DOCUME~1\BETHDE~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS
2010/11/13 11:14:35.0703 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\DOCUME~1\BETHDE~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS
2010/11/13 11:14:35.0984 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/11/13 11:14:36.0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/13 11:14:36.0250 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/11/13 11:14:36.0343 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/11/13 11:14:36.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/13 11:14:36.0859 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/13 11:14:36.0953 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/13 11:14:37.0031 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2010/11/13 11:14:37.0328 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2010/11/13 11:14:37.0406 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2010/11/13 11:14:37.0484 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/13 11:14:37.0515 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/13 11:14:37.0640 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
2010/11/13 11:14:37.0781 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/11/13 11:14:37.0890 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/13 11:14:37.0984 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2010/11/13 11:14:38.0078 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/13 11:14:38.0125 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/13 11:14:38.0171 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/13 11:14:38.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/13 11:14:38.0250 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2010/11/13 11:14:38.0343 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2010/11/13 11:14:38.0390 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2010/11/13 11:14:38.0500 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2010/11/13 11:14:38.0546 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/13 11:14:38.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/13 11:14:38.0906 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/11/13 11:14:38.0968 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/13 11:14:39.0062 usbhub (95bdd498e92cf8a49d1cb68b530b6a38) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/13 11:14:39.0203 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/11/13 11:14:39.0234 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/11/13 11:14:39.0375 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/13 11:14:39.0437 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/13 11:14:39.0484 vbmade66 (b64620a06054bab1df957ca12f79900e) C:\WINDOWS\system32\drivers\vbmade66.sys
2010/11/13 11:14:39.0484 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmade66.sys. md5: b64620a06054bab1df957ca12f79900e
2010/11/13 11:14:39.0500 vbmade66 - detected Locked file (1)
2010/11/13 11:14:39.0562 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/13 11:14:39.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/13 11:14:39.0796 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/11/13 11:14:40.0062 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/13 11:14:40.0156 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/11/13 11:14:40.0265 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/13 11:14:40.0421 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2010/11/13 11:14:40.0531 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/13 11:14:40.0687 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/13 11:14:40.0750 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/11/13 11:14:40.0765 ================================================================================
2010/11/13 11:14:40.0765 Scan finished
2010/11/13 11:14:40.0765 ================================================================================
2010/11/13 11:14:40.0781 Detected object count: 2
2010/11/13 11:16:38.0062 vbmade66 (b64620a06054bab1df957ca12f79900e) C:\WINDOWS\system32\drivers\vbmade66.sys
2010/11/13 11:16:38.0062 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmade66.sys. md5: b64620a06054bab1df957ca12f79900e
2010/11/13 11:16:38.0078 C:\WINDOWS\system32\drivers\vbmade66.sys - quarantined
2010/11/13 11:16:38.0078 Locked file(vbmade66) - User select action: Quarantine
2010/11/13 11:16:38.0187 \HardDisk0 - will be cured after reboot
2010/11/13 11:16:38.0187 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/11/13 11:16:52.0125 Deinitialize success

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,727 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:52 AM

Posted 13 November 2010 - 08:51 PM

Excellent. things should be a lot better now. Now run that ESET scan and let us know how it running after.

Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 steelcat

steelcat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 14 November 2010 - 08:41 AM

It did take a long time to run but I let it run overnight and it finished. It found 13 files and quarantined 12. Here is the resulting file:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=60af82a217c6ab43b1c7a3b29445b2f3
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-14 07:44:41
# local_time=2010-11-14 01:44:41 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 5897985 5897985 0 0
# compatibility_mode=1280 16777175 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=151247
# found=13
# cleaned=12
# scan_time=13091
C:\Documents and Settings\All Users\Application Data\cCjMf00904\cCjMf00904.exe a variant of Win32/Kryptik.HVX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\yellowmiffed.jar-35ba2004-4b470032.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\NetworkService\Local Settings\Application Data\syssvc.exe a variant of Win32/Injector.DNG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\13.11.2010_11.14.11\susp0000\svc0000\tsk0000.dta a variant of Win32/Olmarik.AGN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\relonut.dll a variant of Win32/Cimag.DY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\6to4v32.dll Win32/Wimpixo.AA trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JR9BXIWV\script_card[2] Win32/Adware.Antivirus2010 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\N0000I03\uninstall[1] Win32/Adware.Antivirus2010 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\usbhub.sys Win32/Rootkit.Agent.NSF trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Temp\cwxyln.exe a variant of Win32/Cimag.DY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\jar_cache14906.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\pdfupd.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\Temp\htdkuvghg\trepndhtsbl.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,727 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:52 AM

Posted 14 November 2010 - 06:01 PM

You have n infection that will require stronger tools to clean.
C:\WINDOWS\system32\drivers\usbhub.sys Win32/Rootkit.Agent.NSF trojan (unable to clean) .


Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 steelcat

steelcat
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 14 November 2010 - 11:24 PM

I completed the steps and posted the DDS log as instructed with a Topic Title "Infected with Antivirus 2010"and Topic Description of "super virus-hard to fully remove."

I was able to do everything, but when I attempted to run GMER, it would bring up the screen to check/uncheck items for a few seconds, then my screen would go blank and I had to "force" the system to shut down.

Thanks for your help so far.

I have CD emulation programs still disabled, per instructions.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users