Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Generic host process for win32 services has encountered a problem and needs to close


  • This topic is locked This topic is locked
18 replies to this topic

#1 bernie-mac

bernie-mac

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 December 2010 - 01:32 PM

There have been aggravating pop-ups as well as audio trouble plaguing my computer for several months now. I just recently backed up my computer and am ready to begin fixing the problem. My computer info: Windows XP-version 2002, (Service Pack 3, v.3244), Intel®, Pentium® D CPU 2.80 GHZ, 2.79 GHz, 3.25 GB of RAM

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 PM

Posted 25 December 2010 - 10:10 PM

Hi bernie,let's eun these and let me know how it is after.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.


Next run MBAM (MalwareBytes):

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Troubleshoot Malwarebytes' Anti-Malware
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 December 2010 - 04:34 PM

2010/12/26 16:23:00.0571 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/26 16:23:00.0571 ================================================================================
2010/12/26 16:23:00.0571 SystemInfo:
2010/12/26 16:23:00.0571
2010/12/26 16:23:00.0571 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/26 16:23:00.0571 Product type: Workstation
2010/12/26 16:23:00.0571 ComputerName: DELL9100
2010/12/26 16:23:00.0571 UserName: OWNER
2010/12/26 16:23:00.0571 Windows directory: C:\WINDOWS
2010/12/26 16:23:00.0571 System windows directory: C:\WINDOWS
2010/12/26 16:23:00.0571 Processor architecture: Intel x86
2010/12/26 16:23:00.0571 Number of processors: 2
2010/12/26 16:23:00.0571 Page size: 0x1000
2010/12/26 16:23:00.0571 Boot type: Normal boot
2010/12/26 16:23:00.0571 ================================================================================
2010/12/26 16:23:00.0837 Initialize success
2010/12/26 16:23:59.0030 ================================================================================
2010/12/26 16:23:59.0030 Scan started
2010/12/26 16:23:59.0030 Mode: Manual;
2010/12/26 16:23:59.0030 ================================================================================
2010/12/26 16:23:59.0467 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/12/26 16:23:59.0577 ACPI (e06f740a33041bd0f425d49b3a20a0e3) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/26 16:23:59.0686 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/26 16:23:59.0780 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/26 16:23:59.0827 AFD (0eb5627161b17b3f474d03a6d8c3657b) C:\WINDOWS\System32\drivers\afd.sys
2010/12/26 16:24:00.0155 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/12/26 16:24:00.0202 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/12/26 16:24:00.0264 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/12/26 16:24:00.0295 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/12/26 16:24:00.0373 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/12/26 16:24:00.0420 AsyncMac (cf23e39fb35af9ed2bedfd4d1afdae4a) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/26 16:24:00.0483 atapi (7baced62b5ec373a60a05c43c6d50ecc) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/26 16:24:00.0608 Atmarpc (81e6368a76fa97b161f4c576d077ab46) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/26 16:24:00.0764 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/26 16:24:00.0858 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/26 16:24:00.0920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/26 16:24:01.0045 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/26 16:24:01.0076 Cdfs (0b0395bd30cacfe10a3a767cb8fd7830) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/26 16:24:01.0123 Cdrom (f2605c6359820eea4c961e9e95957ffc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/26 16:24:01.0295 cmpci (fd40439bb258b9aa9ad314bf5948ef46) C:\WINDOWS\system32\drivers\cmaudio.sys
2010/12/26 16:24:01.0451 Disk (cb777a07b76daa553efd4fcd6df8b640) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/26 16:24:01.0576 dmboot (3633db0cab96196e0a7595c46c033a1d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/26 16:24:01.0748 dmio (73a4ea1b6b64fedd793d72edba1d61c4) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/26 16:24:01.0873 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/26 16:24:02.0061 DMusic (56b8ce8acad4b3141a659d59a522b137) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/26 16:24:02.0201 DNINDIS5 (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
2010/12/26 16:24:02.0373 drmkaud (b007c60fadbfeee3fee868c5efa24423) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/26 16:24:02.0451 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/26 16:24:02.0498 Fastfat (b7e60a3573fb9a4723197d1b892193a9) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/26 16:24:02.0545 Fdc (c2241d0dfbf001e7c58a28a9632b76d2) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/26 16:24:02.0607 Fips (9c1a63445a8da3e9e14849ea08946eb5) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/26 16:24:02.0717 Flpydisk (ecb1be464f91492b832167feed8ddbaf) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/26 16:24:02.0779 FltMgr (6cfa2e0c5f795b15e48a4352c36d3802) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/26 16:24:02.0826 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/26 16:24:02.0873 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/26 16:24:02.0889 gameenum (f39c02882992f84c79c8443e12e6481d) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2010/12/26 16:24:02.0920 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/26 16:24:02.0967 Gpc (5f2473cd74edee7c3ce073a609dfc924) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/26 16:24:02.0998 hidusb (990c5870ff4af41c7372830b40ab77b6) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/26 16:24:03.0060 HTTP (2ee8883063eb331bcdf70a43610c53ba) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/26 16:24:03.0123 i8042prt (0554520ed8285ca53d264498a872bfd0) C:\WINDOWS\system32\drivers\i8042prt.sys
2010/12/26 16:24:03.0170 iaStor (d593517879e65167df35f6015814ac59) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/26 16:24:03.0201 Imapi (af5b74f67fafa0abc0f6df48c1ce9a7a) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/26 16:24:03.0279 intelppm (da4c6dfb5c6788ff0660686ecfdce1bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/26 16:24:03.0310 Ip6Fw (01101d3c7934ac2318a3880e33ae60a0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/26 16:24:03.0342 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/26 16:24:03.0389 IpInIp (947c940629d583898cbc24090a39a4d4) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/26 16:24:03.0420 IpNat (2a60289ae3bc4ce8a395955207a80693) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/26 16:24:03.0451 IPSec (5f16db090d2eab8850d139b592120063) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/26 16:24:03.0482 IRENUM (44b8f10c8a4aca788a16d64a53e3a22e) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/26 16:24:03.0513 isapnp (aff62db264717c951d53abd7bbfede57) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/26 16:24:03.0576 JSWSCIMD (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
2010/12/26 16:24:03.0670 Kbdclass (7e30612b356c7aa4a19527354c0eb11d) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/26 16:24:03.0685 kbdhid (04f41355ba68511301591c226e0d9a66) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/26 16:24:03.0732 kmixer (b5588ef7b6387d8e6a88dca05ad73097) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/26 16:24:03.0763 KSecDD (ad0f67ac312a0f205d9a25e43da72d08) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/26 16:24:03.0842 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/26 16:24:03.0873 Modem (129f74e2e542e471e99288ba6b7690ed) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/26 16:24:03.0888 Mouclass (fdb5fc84329bc0bdfdcfa3c88dd14db1) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/26 16:24:03.0935 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/26 16:24:03.0951 MountMgr (049af2f17edb44793b47f38fd16d856e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/26 16:24:03.0998 MRxDAV (cb7ed3ab3c02ff6e3407a2a731ed0f57) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/26 16:24:04.0029 MRxSmb (d22115d10f8b4adc3ac7a846d69395ef) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/26 16:24:04.0076 Msfs (2716e6cae453a41f50cd1bef8ef53b69) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/26 16:24:04.0123 MSKSSRV (f6a19546ddfa921942d60b721901007b) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/26 16:24:04.0138 MSPCLOCK (74951676d9f45421ccbaf0636a0033fa) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/26 16:24:04.0170 MSPQM (9e1a019f732f643e4ccbdfb9f7a6df56) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/26 16:24:04.0185 mssmbios (14a5f7bc73813353f9ec3279c8aa9476) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/26 16:24:04.0216 Mup (013b2d20ec3d0e43525abbcf7eb78083) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/26 16:24:04.0263 NDIS (f2bc1026931be54ef3134f7586b7ef8c) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/26 16:24:04.0279 NdisTapi (7ab3d297c3badeb895a792be97c7acb0) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/26 16:24:04.0310 Ndisuio (5ce3669d7a97c12a28f519efb5f78cea) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/26 16:24:04.0326 NdisWan (3b65a6924ee061e115332dc2c882b683) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/26 16:24:04.0341 NDProxy (1569dc53796c4d8cc4c15c530552753b) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/26 16:24:04.0357 NetBIOS (da7021b0972115ec125bf32beaa69b4c) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/26 16:24:04.0388 NetBT (e6cef8e72c7603a901f7e23f7e16880d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/26 16:24:04.0435 Npfs (f02fce9638fba4b7e9242f1674c6188a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/26 16:24:04.0482 Ntfs (ec290e32082ff96654d0feaa05d097ad) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/26 16:24:04.0545 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/26 16:24:04.0873 nv (4c3696c1ed1a36629ebb348bf745a328) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/26 16:24:05.0388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/26 16:24:05.0435 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/26 16:24:05.0513 Parport (f989cc5ffc8c5746ac33b6bba2d6a05f) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/26 16:24:05.0544 PartMgr (5bdd72dcf28a7a94e5d4a69c9e392d39) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/26 16:24:05.0591 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/26 16:24:05.0685 PCI (66cbb6cb961dfb7ff303784e2a9290c5) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/26 16:24:05.0763 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/26 16:24:05.0826 Pcmcia (6813305770980c2e9e06d177add5bcde) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/26 16:24:06.0076 PptpMiniport (61db620b623ce3236210b391f191abc8) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/26 16:24:06.0122 PSched (9169df9c7d048f2dee5217ef4386b916) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/26 16:24:06.0169 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/26 16:24:06.0388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/26 16:24:06.0435 Rasl2tp (4cdcf1d96b2cd3632679ff0f13b4efa8) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/26 16:24:06.0466 RasPppoe (01bb5729fa831c55de43b11248d34f29) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/26 16:24:06.0575 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/26 16:24:06.0716 Rdbss (655c6b3e1824abe5cc30a7bb093dbcef) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/26 16:24:06.0747 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/26 16:24:06.0794 rdpdr (e8569d7550a8bf7bd8b89a151c0b5de5) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/26 16:24:06.0841 RDPWD (504aa04fc2a5d99510d2e26533efcb92) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/26 16:24:06.0919 redbook (13cdf4cef30d6d76550eeaa556e59ff9) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/26 16:24:07.0013 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/26 16:24:07.0107 Serial (0a97fa9fc0e62d40414f7fd9b3a2a5fd) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/26 16:24:07.0169 Sfloppy (5cf1d29d0a214669673484e7333d6025) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/26 16:24:07.0294 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/12/26 16:24:07.0403 splitter (f910ecb570cf7cb20449646db4c05a23) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/26 16:24:07.0466 sr (eb57f3fd832d0dd58896179ed6db25d0) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/26 16:24:07.0528 Srv (31b858feb7f7eaa1906e2540f8192c16) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/26 16:24:07.0607 swenum (387b9ce38ecc4ef136f93668fda14cc4) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/26 16:24:07.0653 swmidi (d5bb27a820282a2ad752324a263ad98b) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/26 16:24:07.0841 sysaudio (3251e557b1e935a60a3c332d69f16f36) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/26 16:24:07.0919 Tcpip (ac6ecc5cb4c7e9db72273489ecb94cff) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/26 16:24:07.0981 TDPIPE (9a01eaad769c22d8926fa6b720720b17) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/26 16:24:07.0997 TDTCP (31f78e1ac01354bdea8efbe9e6b1d8f4) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/26 16:24:08.0044 TermDD (c47ff645ded6771e60bd43fc85821d42) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/26 16:24:08.0122 Udfs (00c8ad61f31a0c87646121d3fe0f9781) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/26 16:24:08.0185 Update (136e1e6e8974d4bdf123e8c68789380d) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/26 16:24:08.0263 usbaudio (1a918ac933d153d2e4bd56d515c6f838) C:\WINDOWS\system32\drivers\usbaudio.sys
2010/12/26 16:24:08.0310 usbccgp (092f372f3fb639771d34821e56367320) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/26 16:24:08.0356 usbehci (65b0e46c2855041a560ab76a5f267d6d) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/26 16:24:08.0372 usbhub (8aa63098057eb850e702aaaf89ef6f35) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/26 16:24:08.0403 usbprint (542ec384bbf7e547f4436b5c65328ef6) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/26 16:24:08.0419 usbscan (c77f386d9587dcbd7e6635557aeecccf) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/26 16:24:08.0466 usbstor (0ea51974f3f309cebebd5733d8d10386) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/26 16:24:08.0513 usbuhci (074fd59063568d3dbc57225265fb0c50) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/26 16:24:08.0544 VgaSave (f53e723ec7457b569adefd897c630e67) C:\WINDOWS\System32\drivers\vga.sys
2010/12/26 16:24:08.0591 VolSnap (eb14a215c12721eb02e936653ed6c0d4) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/26 16:24:08.0653 Wanarp (12b227f66f782400f7af63cb88195a7c) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/26 16:24:08.0700 wdmaud (c0630c2eae777416667a7b21fc11522b) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/26 16:24:08.0794 WN111v2 (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
2010/12/26 16:24:08.0856 WSIMD (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
2010/12/26 16:24:08.0934 ZD1211U(ZyXEL) (adf52208702b6cb497dcce95a16f1e32) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2010/12/26 16:24:09.0028 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/26 16:24:09.0044 ================================================================================
2010/12/26 16:24:09.0044 Scan finished
2010/12/26 16:24:09.0044 ================================================================================
2010/12/26 16:24:09.0059 Detected object count: 1
2010/12/26 16:24:40.0648 \HardDisk0 - will be cured after reboot
2010/12/26 16:24:40.0648 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/26 16:25:47.0324 Deinitialize success

#4 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 26 December 2010 - 04:48 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5400

Windows 5.1.2600 Service Pack 3, v.3244
Internet Explorer 6.0.2900.3244

12/26/2010 4:47:47 PM
mbam-log-2010-12-26 (16-47-47).txt

Scan type: Quick scan
Objects scanned: 140909
Time elapsed: 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AppDataLow\gvtl (Adware.GameVance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\documents and settings\OWNER\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.
c:\documents and settings\OWNER\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com\components (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\OWNER\my documents\downloads\regalivesetup.exe (Rogue.RegAlive) -> Quarantined and deleted successfully.
c:\documents and settings\OWNER\application data\asdsada.bat (Malware.Trace) -> Quarantined and deleted successfully.

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 PM

Posted 26 December 2010 - 06:52 PM

Hi, this was perfect. lets see if there is anything left.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 December 2010 - 06:08 AM

C:\Documents and Settings\LocalService\Application Data\Sun\Java\Deployment\cache\6.0\26\5e0959da-6f4ae822 multiple threats deleted - quarantined
C:\Documents and Settings\OWNER\Application Data\AVG\Rescue\PC Tuneup 2011\101019141248203.rsc multiple threats deleted - quarantined

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 PM

Posted 27 December 2010 - 08:57 PM

This looks good now.
If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 December 2010 - 10:16 PM

I actually disabled system restore a while ago to prevent possibly infected restore points from reinfecting my computer after I cleaned it. Should I enable it and create new restore points at this point?

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 PM

Posted 27 December 2010 - 11:45 PM

I would create this one and name it Clean. it's always good to have one. That is why i did this step last in case we needed one during the repairs. Though I did not know we didn't have one. In fact during removal it's better to have an infected one than none. You can do the proceedure every month so that you free up the wasted space.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 28 December 2010 - 09:56 AM

I have a simple question... if you visit a website with filesharing like youtube, in order to upload a video of your own, and don't click on any files to view, is your computer still at risk for malware?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 PM

Posted 28 December 2010 - 12:39 PM

Upload is Ok. Downloaded files should be scanned before opening.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 01 January 2011 - 03:16 AM

When i open windows tast manager, i have a ton of processes running...... exe stuff. is that normal?

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,166 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:40 PM

Posted 01 January 2011 - 02:26 PM

They probably are,but wihout knowing exactly I cannot say for certain.
If we rerun/update Mbam it may show if something has emerged.
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Do you use IE as your browser??

here's a sample of an XP task manager that is healthy
http://www.google.com/imgres?imgurl=http://www.bajagringo.com/images/WindowsTaskManager.jpg&imgrefurl=http://www.bajagringo.com/HowtoFixProblemsHighCPUsvchostWindowsXP.htm&usg=__nLAe0fYppLbcgeifEhCD-82vsIQ=&h=454&w=476&sz=59&hl=en&start=23&zoom=1&tbnid=CO8wOKb5ki0NAM:&tbnh=129&tbnw=135&prev=/images%3Fq%3Dxp%2Btask%2Bmanager%26um%3D1%26hl%3Den%26sa%3DN%26biw%3D1185%26bih%3D589%26tbs%3Disch:10%2C331&um=1&itbs=1&iact=hc&vpx=777&vpy=165&dur=780&hovh=219&hovw=230&tx=174&ty=136&ei=pending&oei=FH8fTbmTF8T58AalypTLDQ&esq=2&page=2&ndsp=19&ved=1t:429,r:5,s:23&biw=1185&bih=589

To post an image of yours... see Inserting An Image Within A Post

Edited by boopme, 01 January 2011 - 02:27 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2011 - 02:38 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5449

Windows 5.1.2600 Service Pack 3, v.3244
Internet Explorer 6.0.2900.3244

1/3/2011 2:37:37 PM
mbam-log-2011-01-03 (14-37-37).txt

Scan type: Quick scan
Objects scanned: 142251
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\OWNER\application data\Mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@gamevance.com (Adware.GamesVance) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

#15 bernie-mac

bernie-mac
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 03 January 2011 - 02:40 PM

I do not use IE, I use firefox. And I'm having trouble saving the image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users