Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus blocking me from running any virus or malware removal EXE


  • This topic is locked This topic is locked
26 replies to this topic

#1 Ryno88

Ryno88

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 11:48 AM

This is my first post ever, so I am new to this. I will make this as plain as I know how.

My pc obviously took on a virus. All desktop icons disappeared, wallpaper gone, lots of popups, and when you search for something on the net, it sends you to nothing but virus removal pages wanting you to buy it, etc etc etc.

Here's what I have done so far:

I removed the hard drive, took it to another PC, and loaded as a secondary drive. I ran a McAfee virus scan, superantispyware scan, and spybot scan to try to weaken it.

I put the hard drive back in the original PC and now I have icons back, wallpaper, and things run somewhat smooth. However, it will NOT allow me to run my Microsoft essentials virus scan, superantispyware, or even combofix. It starts running, then disappears off the screen like it never existed. Wont even let me update my virus protection. It updates for a long way, then freezes, and have to restart.

I installed Hijackthis and Malwarebytes. They begin to run then they disappear too. Lots of times, but not every time I try to run one of these, I get the blue screen of death. The technical information it gives me on that screen is:
STOP: 0x000000D1 (0xF7AF7000, 0x00000002, 0x00000000, 0xab0dc747)
ldqgakb.sys - address AB0DC747 base at AB0D8000, datestamp 4cf44c8f

I have also typed MSCONFIG in my run command, went to startup, and didnt find anything suspicious. I did disable anything I know I did not need.

Something is running somewhere that is blocking everything I try to do to kill out this virus. I am stumped. Please help. Any info is appreciated!

BC AdBot (Login to Remove)

 


#2 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 01:30 PM

Oh, and also, I will say, I did see signs of "antivirus 2010". I removed in in add/remove programs, not knowing that's apparently a virus. I know that its not really removed, so could this be my issue?

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 PM

Posted 30 November 2010 - 03:05 PM

Please download Rkill by Grinler and save it to your desktop.Link 1
Link 2
Link 3Renamed versions if the above do not work:
iExplore.exe
eXplorer.exe
uSeRiNiT.exe
WiNlOgOn.exe
  • Double-click on the Rkill desktop icon to run the tool.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it still does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Note: You may have to make repeated attempts to use Rkill several times before it will run as some malware variants try to block it.
  • Do not reboot until instructed.
  • A log file will be created and saved to the root directory, C:\rkill.log
  • Copy and paste the contents of rkill.log in your next reply.
-- If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software which attempts to terminate tools that try to remove it. If you see such a warning, leave the warning on the screen and then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself so that Rkill can perform its routine.

Now try performing a Quick Scan in normal mode with Malwarebytes Anti-Malware and check all items found for removal. Don't forgot to check for database definition updates through the program's interface (preferable method) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

If you cannot run Malwarebytes Anti-Malware or complete a scan in normal mode, then try performing a Quick Scan in "safe mode".

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM but sometimes there is no alternative but to do a safe mode scan. If that is the case, after completing a safe mode scan, reboot normally, update the database definitions through the program's interface (preferable method) and try rescanning again.


Please follow these instructions: How to remove Google Redirects or the TDSS, TDL3, Alureon rootkit using TDSSKiller
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • When the program opens, click the Start Scan button.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure is selected, then click Continue > Reboot now to finish the cleaning process. <- Important!!
    Note: If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
-- For any files detected as 'Suspicious' (except those identified as Forged to be cured after reboot) get a second opinion by submitting to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.

IMPORTANT NOTE: No one should be using ComboFix unless specifically instructed to do so by a Malware Removal Expert who can interpret the logs. It is a powerful tool intended by its creator to be "used under the guidance and supervision of an expert. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again. When issues arise due to complex malware infections, possible false detections, problems running ComboFix or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment. Please read the pinned topic ComboFix usage, Questions, Help? - Look here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 05:00 PM

Quietman...I ran the Rkill from all 7 of your links. I've tried about 20 times. I get the same log file everytime. It is:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Debbie on 11/30/2010 at 16:43:52.


Services Stopped:


Processes terminated by Rkill or while it was running:


\\.\globalroot\Device\svchost.exe\svchost.exe
C:\Documents and Settings\Debbie\Desktop\rkill.com


Rkill completed on 11/30/2010 at 16:43:58.

#5 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 05:15 PM

I also meant to tell you, after running the Rkill, I attempted to run Malwarebytes. I have just installed this program, never used it. Once I open it, I start running updates, and as it get about half way thru the updates, I get the blue screen of death as I told about in my original post. Which obviously means I have to turn the PC off and start over again. Its a repeating process. I don't know what to do next. Maybe try to scan without running the updates?

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 PM

Posted 30 November 2010 - 05:37 PM

Looks like a rootkit infection so try running TDSKiller first.

BTW, Malwarebytes was just updated to v150. If you can download and install the most current version from here it will include a more current definition database.
You may have to reboot after updating in order to overwrite any "in use" protection module files.

After running TDSKiller and saving the log for my review, reboot, then try a scan with Malwarebytes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 05:37 PM

Quietman...I ran the TDSSKiller as well. It found 1 malicious entry and 3 suspicious ones. I done a cure and reboot before I remembered to copy the report for you. So I went back and ran it again. It didnt find any malicious ones this time, only 3 suspicious ones. And here is that report for you. I copied them to quarantine.


2010/11/30 17:32:41.0828 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/11/30 17:32:41.0828 ================================================================================
2010/11/30 17:32:41.0828 SystemInfo:
2010/11/30 17:32:41.0828
2010/11/30 17:32:41.0828 OS Version: 5.1.2600 ServicePack: 3.0
2010/11/30 17:32:41.0828 Product type: Workstation
2010/11/30 17:32:41.0828 ComputerName: PERKY
2010/11/30 17:32:41.0828 UserName: Debbie
2010/11/30 17:32:41.0828 Windows directory: C:\WINDOWS
2010/11/30 17:32:41.0828 System windows directory: C:\WINDOWS
2010/11/30 17:32:41.0828 Processor architecture: Intel x86
2010/11/30 17:32:41.0828 Number of processors: 1
2010/11/30 17:32:41.0828 Page size: 0x1000
2010/11/30 17:32:41.0828 Boot type: Normal boot
2010/11/30 17:32:41.0828 ================================================================================
2010/11/30 17:32:44.0343 Initialize success
2010/11/30 17:32:56.0968 ================================================================================
2010/11/30 17:32:56.0968 Scan started
2010/11/30 17:32:56.0968 Mode: Manual;
2010/11/30 17:32:56.0968 ================================================================================
2010/11/30 17:33:03.0828 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/11/30 17:33:04.0312 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/11/30 17:33:04.0656 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/11/30 17:33:05.0125 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/11/30 17:33:05.0343 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/11/30 17:33:05.0593 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/11/30 17:33:05.0781 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/11/30 17:33:06.0000 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/11/30 17:33:06.0218 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/11/30 17:33:06.0437 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/11/30 17:33:06.0640 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/11/30 17:33:06.0937 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/11/30 17:33:07.0328 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/11/30 17:33:07.0578 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/11/30 17:33:07.0984 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/11/30 17:33:08.0343 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/11/30 17:33:08.0671 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/11/30 17:33:09.0031 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/11/30 17:33:09.0390 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/11/30 17:33:09.0656 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/11/30 17:33:10.0046 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/11/30 17:33:10.0468 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/11/30 17:33:10.0812 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/11/30 17:33:11.0000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/11/30 17:33:11.0453 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/11/30 17:33:11.0687 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/11/30 17:33:11.0968 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/11/30 17:33:12.0406 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/11/30 17:33:12.0703 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/11/30 17:33:13.0078 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/11/30 17:33:13.0500 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/11/30 17:33:13.0875 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/11/30 17:33:14.0125 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/11/30 17:33:14.0328 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2010/11/30 17:33:14.0531 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/11/30 17:33:14.0718 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/11/30 17:33:14.0937 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/11/30 17:33:15.0171 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/11/30 17:33:15.0390 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/11/30 17:33:15.0593 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/11/30 17:33:15.0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/11/30 17:33:16.0031 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/11/30 17:33:16.0234 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/11/30 17:33:16.0406 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2010/11/30 17:33:16.0593 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2010/11/30 17:33:16.0812 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/11/30 17:33:17.0046 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/11/30 17:33:17.0281 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/11/30 17:33:17.0515 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/11/30 17:33:17.0765 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/11/30 17:33:18.0015 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/11/30 17:33:18.0281 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/11/30 17:33:18.0468 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/11/30 17:33:18.0687 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/11/30 17:33:18.0921 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/11/30 17:33:19.0125 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/11/30 17:33:19.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/11/30 17:33:19.0546 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/11/30 17:33:19.0750 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/11/30 17:33:20.0015 i8042prt (4770fd0f063c23f4698200b32e5d80d2) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/30 17:33:20.0015 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 4770fd0f063c23f4698200b32e5d80d2, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
2010/11/30 17:33:20.0031 i8042prt - detected Forged file (1)
2010/11/30 17:33:20.0281 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/11/30 17:33:20.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/11/30 17:33:20.0781 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/11/30 17:33:21.0015 IntelC51 (7509c548400f4c9e0211e3f6e66abbe6) C:\WINDOWS\system32\DRIVERS\IntelC51.sys
2010/11/30 17:33:21.0265 IntelC52 (9584ffdd41d37f2c239681d0dac2513e) C:\WINDOWS\system32\DRIVERS\IntelC52.sys
2010/11/30 17:33:21.0468 IntelC53 (cf0b937710cec6ef39416edecd803cbb) C:\WINDOWS\system32\DRIVERS\IntelC53.sys
2010/11/30 17:33:21.0687 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/11/30 17:33:21.0890 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/11/30 17:33:22.0078 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/11/30 17:33:22.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/11/30 17:33:22.0453 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/11/30 17:33:22.0656 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/11/30 17:33:22.0875 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/11/30 17:33:23.0093 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/11/30 17:33:23.0281 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/11/30 17:33:23.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/11/30 17:33:23.0687 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/11/30 17:33:23.0984 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/11/30 17:33:24.0203 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/11/30 17:33:24.0406 Suspicious service (NoAccess): ldqgakb
2010/11/30 17:33:24.0609 ldqgakb (b4dfeeffd1665e7d6e6da13ec3ce8ea3) C:\WINDOWS\system32\drivers\ldqgakb.sys
2010/11/30 17:33:24.0609 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\ldqgakb.sys. md5: b4dfeeffd1665e7d6e6da13ec3ce8ea3
2010/11/30 17:33:24.0625 ldqgakb - detected Locked service (1)
2010/11/30 17:33:24.0781 LHidKe (daf45f0a91a508e24f0df886618e2a80) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/11/30 17:33:25.0000 LHidUsbK (a0d6a7e4f95adc2472d3f53305874d55) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
2010/11/30 17:33:25.0203 LMouKE (695cad01ccdac6f8ddb80375ea80e4a6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/11/30 17:33:25.0343 LVPr2Mon (f96cfb47903854f228baaf3e2d41a0a3) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
2010/11/30 17:33:25.0484 LVUSBSta (5f987fc1aad215ec2c60cf07719b1cce) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/11/30 17:33:25.0656 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/11/30 17:33:25.0875 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/11/30 17:33:26.0078 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/11/30 17:33:26.0375 mohfilt (59b8b11ff70728eec60e72131c58b716) C:\WINDOWS\system32\DRIVERS\mohfilt.sys
2010/11/30 17:33:26.0546 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/11/30 17:33:26.0734 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/11/30 17:33:26.0968 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/11/30 17:33:27.0171 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/11/30 17:33:27.0390 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/11/30 17:33:27.0609 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/11/30 17:33:27.0843 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/11/30 17:33:28.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/11/30 17:33:28.0250 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/11/30 17:33:28.0468 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/11/30 17:33:28.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/11/30 17:33:28.0875 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/11/30 17:33:29.0109 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/11/30 17:33:29.0312 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/11/30 17:33:29.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/11/30 17:33:29.0718 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/11/30 17:33:29.0953 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/11/30 17:33:30.0187 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/11/30 17:33:30.0390 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/11/30 17:33:30.0609 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/11/30 17:33:30.0812 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/11/30 17:33:31.0015 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/11/30 17:33:31.0265 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/11/30 17:33:31.0484 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/11/30 17:33:31.0703 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/11/30 17:33:31.0968 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/11/30 17:33:32.0218 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/11/30 17:33:32.0421 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/11/30 17:33:32.0640 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2010/11/30 17:33:32.0828 P17 (3a7290f2c423b80ba95becae015b9b1b) C:\WINDOWS\system32\drivers\P17.sys
2010/11/30 17:33:33.0078 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/11/30 17:33:33.0234 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/11/30 17:33:33.0359 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/11/30 17:33:33.0578 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/11/30 17:33:33.0953 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/11/30 17:33:34.0093 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/11/30 17:33:34.0593 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/11/30 17:33:34.0718 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/11/30 17:33:34.0953 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2010/11/30 17:33:35.0968 PID_PEPI (4fc23dae30ef4f6a2952cd93104909e7) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/11/30 17:33:36.0281 ppsio2 (45b00b9a8d7c752352377bf10cf77d93) C:\WINDOWS\system32\drivers\ppsio2.sys
2010/11/30 17:33:36.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/11/30 17:33:37.0171 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/11/30 17:33:37.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/11/30 17:33:37.0437 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/11/30 17:33:37.0609 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/11/30 17:33:37.0765 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/11/30 17:33:37.0890 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/11/30 17:33:38.0093 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/11/30 17:33:38.0312 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/11/30 17:33:38.0484 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/11/30 17:33:38.0687 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/11/30 17:33:38.0921 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/11/30 17:33:39.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/11/30 17:33:39.0343 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/11/30 17:33:39.0500 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/11/30 17:33:39.0828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/11/30 17:33:40.0031 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/11/30 17:33:40.0250 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/11/30 17:33:41.0062 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/11/30 17:33:41.0296 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/11/30 17:33:41.0593 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/11/30 17:33:41.0843 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/11/30 17:33:42.0234 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/11/30 17:33:42.0437 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/11/30 17:33:42.0671 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/11/30 17:33:42.0953 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/11/30 17:33:43.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/11/30 17:33:43.0453 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/11/30 17:33:43.0734 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/11/30 17:33:44.0031 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/11/30 17:33:44.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/11/30 17:33:44.0562 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/11/30 17:33:45.0000 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/11/30 17:33:45.0218 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/11/30 17:33:45.0468 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/11/30 17:33:45.0671 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/11/30 17:33:45.0921 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/11/30 17:33:46.0203 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/11/30 17:33:46.0390 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/11/30 17:33:46.0609 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/11/30 17:33:46.0859 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/11/30 17:33:47.0171 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/11/30 17:33:47.0406 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/11/30 17:33:47.0609 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/11/30 17:33:47.0828 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/11/30 17:33:48.0125 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/11/30 17:33:48.0328 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/11/30 17:33:48.0531 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/11/30 17:33:48.0734 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/11/30 17:33:48.0953 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/11/30 17:33:49.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/11/30 17:33:49.0437 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2010/11/30 17:33:49.0515 Suspicious service (NoAccess): vbma584a
2010/11/30 17:33:49.0703 vbma584a (10a2eb305d04268c4ce82bbb05bde8ce) C:\WINDOWS\system32\drivers\vbma584a.sys
2010/11/30 17:33:49.0703 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma584a.sys. md5: 10a2eb305d04268c4ce82bbb05bde8ce
2010/11/30 17:33:49.0718 vbma584a - detected Locked service (1)
2010/11/30 17:33:49.0890 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/11/30 17:33:50.0156 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/11/30 17:33:50.0406 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/11/30 17:33:50.0656 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/11/30 17:33:51.0015 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/11/30 17:33:51.0500 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/11/30 17:33:51.0843 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/11/30 17:33:52.0062 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/11/30 17:33:52.0328 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/11/30 17:33:52.0531 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/11/30 17:33:52.0750 XIRLINK (57fa8fde401b35216e687d5c32d0632b) C:\WINDOWS\system32\DRIVERS\ucdnt.sys
2010/11/30 17:33:52.0859 ================================================================================
2010/11/30 17:33:52.0859 Scan finished
2010/11/30 17:33:52.0859 ================================================================================
2010/11/30 17:33:52.0875 Detected object count: 3
2010/11/30 17:34:30.0953 i8042prt (4770fd0f063c23f4698200b32e5d80d2) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/11/30 17:34:30.0953 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\i8042prt.sys. Real md5: 4770fd0f063c23f4698200b32e5d80d2, Fake md5: 4a0b06aa8943c1e332520f7440c0aa30
2010/11/30 17:34:30.0984 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
2010/11/30 17:34:30.0984 Forged file(i8042prt) - User select action: Quarantine
2010/11/30 17:34:31.0156 ldqgakb (b4dfeeffd1665e7d6e6da13ec3ce8ea3) C:\WINDOWS\system32\drivers\ldqgakb.sys
2010/11/30 17:34:31.0156 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\ldqgakb.sys. md5: b4dfeeffd1665e7d6e6da13ec3ce8ea3
2010/11/30 17:34:31.0187 C:\WINDOWS\system32\drivers\ldqgakb.sys - copied to quarantine
2010/11/30 17:34:31.0187 Locked service(ldqgakb) - User select action: Quarantine
2010/11/30 17:34:31.0359 vbma584a (10a2eb305d04268c4ce82bbb05bde8ce) C:\WINDOWS\system32\drivers\vbma584a.sys
2010/11/30 17:34:31.0359 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbma584a.sys. md5: 10a2eb305d04268c4ce82bbb05bde8ce
2010/11/30 17:34:31.0390 C:\WINDOWS\system32\drivers\vbma584a.sys - copied to quarantine
2010/11/30 17:34:31.0390 Locked service(vbma584a) - User select action: Quarantine

#8 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 05:50 PM

I used the link you gave me to get the newest malwarebytes. As it was installing, I got the blue screen of death again. (about the 10th time in the last hour) I rebooted up. Tried to run Malwarebytes. It started scanning, and 10 seconds into it, it flashed and left my screen. I will wait on your next instruction. Thank you so much for your help.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 PM

Posted 30 November 2010 - 05:53 PM

Just as I thought...locked services and no access to the drivers. Some infections are difficult to remove completely because of rootkits which protects malicious files and registry keys so they cannot be permanently deleted. Disinfection will require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a DDS log for further investigation.

Please read the pinned topic titled "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help". If you cannot complete a step, then skip it and continue with the next. In Step 7 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

When you have done that, post your log in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the Malware Response Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the Malware Response Team.

Please be patient. It may take a while to get a response because the Malware Response Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have posted your log and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the Malware Response Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Response Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 06:06 PM

Gosh, I hate receiving bad news. Thanks for all your help quietman...

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 PM

Posted 30 November 2010 - 06:24 PM

You're welcome and good luck.

P.S. When posting your logs per the Prep Guide, be sure to include the one from TDSSKiller or make a comment in your topic that it is available.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 06:28 PM

Even though I forgot to copy the one with the malicious entry in it?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:48 PM

Posted 30 November 2010 - 06:34 PM

Yes. The log you posted shows the locked services and suspicious drivers...not much you can do about not saving the first but every bit of information is helpful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 06:35 PM

ok, will do. Waiting on my system to backup as we speak so I can continue with the process.

#15 Ryno88

Ryno88
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:07:48 PM

Posted 30 November 2010 - 06:41 PM

Would you mind giving me what you think to be an appropriate "title" to my new post to the malware team? I don't know what virus I have, so I can't really put the name of it in there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users