Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Repair Virus


  • Please log in to reply
10 replies to this topic

#1 captspalding

captspalding

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 18 June 2011 - 07:47 PM

Hi Everyone,
I am new to the forums and have searched around concerning my problem. I have tried some things which I will relate here in hopes that someone can assit me.
First I have a Toshiba Satellite Laptop running Windows XP Media Center Edition Version 2002 Service Pack 2. I recently had my computer infected with the Windows XP Repair virus. I did not install any new hw or sw. I had Firefox opened and had my Hotmail account open and another page with my Groupon page open. I had sat the computer down and when I picked it up about 30 minutes later it had the Windows XP Repair window opened and said my HDD had failed. I tried to restart and when it came up there were no icons on the desktop and I got the Windows XP Repair window again sayingmy HDD had failed. When I clicked on the Start button everything was empty and it could not find anything under My Computer. I began searching on a non-infected computer and found some sites that discussed removing some Registry entries. I finally did this and it allowed me to see that everything was still there when I went through My Computer and C drive but most files were still indicated as hidden and there were still no icons on the desktop. I than downloaded and ran Norton Power Eraser. This found some problems which I fixed and this allowed some of the icons to now be visible on the desktop. If I go to Start and All Programs everything is still empty. At this time, I founf out that I also had a Google redirect problem in both Mozilla and IE and had audio coming from somewhere.
After find your site, I tried installig Malwarebytes but I get all the way to the end and it says Setup Denied,when I try to reinstall it says I have to Restart the compute first, when I do I still get the Setup Denied message. I have also tried RKill and using a renamed file it showed that it was running but came back and said there was nothing changed, no processes stopped. When I tried to run it again the screen went completely black, I turned off the computer and turned it back on and the icons came back up and I am back to where I wa but I did not want to continue to proceed on my own and make things worse.
Any help from this point wold be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:37 PM

Posted 20 June 2011 - 12:00 AM

Hello.

Please try this.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


~Blade


In your next reply, please include the following:
TDSSKiller Log

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#3 captspalding

captspalding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 20 June 2011 - 11:11 AM

Thanks Blade. It took me a few tries to get it to run, but it finally did. It came back and said it found a malicious file that I could cure but there also was a suspicious file that it said was locked and would not let me cure. Of course, you may be able to tell all of that from the attached log. I appreciate your help and look forward to your reply.

2011/06/20 11:52:34.0703 1796 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/20 11:52:35.0281 1796 ================================================================================
2011/06/20 11:52:35.0281 1796 SystemInfo:
2011/06/20 11:52:35.0281 1796
2011/06/20 11:52:35.0281 1796 OS Version: 5.1.2600 ServicePack: 2.0
2011/06/20 11:52:35.0281 1796 Product type: Workstation
2011/06/20 11:52:35.0281 1796 ComputerName: JEFF-MOBILE
2011/06/20 11:52:35.0281 1796 UserName: Jeff Raines
2011/06/20 11:52:35.0281 1796 Windows directory: C:\WINDOWS
2011/06/20 11:52:35.0281 1796 System windows directory: C:\WINDOWS
2011/06/20 11:52:35.0281 1796 Processor architecture: Intel x86
2011/06/20 11:52:35.0281 1796 Number of processors: 2
2011/06/20 11:52:35.0281 1796 Page size: 0x1000
2011/06/20 11:52:35.0281 1796 Boot type: Normal boot
2011/06/20 11:52:35.0281 1796 ================================================================================
2011/06/20 11:52:42.0531 1796 Initialize success
2011/06/20 11:53:01.0796 4260 ================================================================================
2011/06/20 11:53:01.0796 4260 Scan started
2011/06/20 11:53:01.0796 4260 Mode: Manual;
2011/06/20 11:53:01.0796 4260 ================================================================================
2011/06/20 11:53:03.0015 4260 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/20 11:53:03.0046 4260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/20 11:53:03.0125 4260 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/06/20 11:53:03.0203 4260 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/20 11:53:03.0250 4260 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/06/20 11:53:03.0312 4260 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/06/20 11:53:03.0609 4260 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/20 11:53:03.0718 4260 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/20 11:53:03.0750 4260 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/20 11:53:03.0828 4260 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/20 11:53:03.0875 4260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/20 11:53:03.0953 4260 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/06/20 11:53:04.0062 4260 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/06/20 11:53:04.0125 4260 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/06/20 11:53:04.0203 4260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/20 11:53:04.0250 4260 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/20 11:53:04.0312 4260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/20 11:53:04.0343 4260 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/20 11:53:04.0375 4260 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/20 11:53:04.0546 4260 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/20 11:53:04.0593 4260 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/20 11:53:04.0718 4260 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/20 11:53:04.0781 4260 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/06/20 11:53:04.0796 4260 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/06/20 11:53:04.0828 4260 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/06/20 11:53:04.0859 4260 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/06/20 11:53:04.0875 4260 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/06/20 11:53:04.0890 4260 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/06/20 11:53:04.0937 4260 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/06/20 11:53:05.0062 4260 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/06/20 11:53:05.0140 4260 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/06/20 11:53:05.0203 4260 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/20 11:53:05.0296 4260 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/20 11:53:05.0390 4260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/20 11:53:05.0437 4260 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/20 11:53:05.0484 4260 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/20 11:53:05.0515 4260 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/06/20 11:53:05.0531 4260 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/06/20 11:53:05.0625 4260 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
2011/06/20 11:53:05.0671 4260 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/20 11:53:05.0718 4260 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/20 11:53:05.0812 4260 FdRedir (8affa5814b135417494e48eb9c0b6c5e) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys
2011/06/20 11:53:05.0828 4260 FileDisk2 (6ed5c6a25174118036e978b42f0974d1) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys
2011/06/20 11:53:06.0000 4260 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/20 11:53:06.0031 4260 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/20 11:53:06.0093 4260 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/06/20 11:53:06.0140 4260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/20 11:53:06.0171 4260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/20 11:53:06.0187 4260 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/20 11:53:06.0343 4260 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/20 11:53:06.0375 4260 HidIr (1f695c5e013ba11a1901d8b845111b7e) C:\WINDOWS\system32\DRIVERS\hidir.sys
2011/06/20 11:53:06.0437 4260 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/20 11:53:06.0500 4260 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/20 11:53:06.0625 4260 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/20 11:53:06.0953 4260 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/06/20 11:53:07.0234 4260 iComp (eedb017a8cc2e8dc9825d1a1b3e4f034) C:\WINDOWS\system32\DRIVERS\HCWUSB2.sys
2011/06/20 11:53:07.0312 4260 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/20 11:53:07.0656 4260 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/20 11:53:07.0859 4260 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/20 11:53:07.0906 4260 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/06/20 11:53:07.0984 4260 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/20 11:53:08.0015 4260 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/20 11:53:08.0046 4260 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/20 11:53:08.0078 4260 IrBus (3dcdb9480fc39b5f3bd6298296213c26) C:\WINDOWS\system32\DRIVERS\IrBus.sys
2011/06/20 11:53:08.0125 4260 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/20 11:53:08.0187 4260 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/20 11:53:08.0328 4260 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
2011/06/20 11:53:08.0359 4260 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/20 11:53:08.0421 4260 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/20 11:53:08.0484 4260 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/20 11:53:08.0546 4260 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys
2011/06/20 11:53:08.0609 4260 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/20 11:53:08.0843 4260 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
2011/06/20 11:53:08.0875 4260 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/06/20 11:53:08.0921 4260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/20 11:53:08.0953 4260 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/20 11:53:08.0984 4260 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/20 11:53:09.0031 4260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/20 11:53:09.0109 4260 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/20 11:53:09.0250 4260 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/20 11:53:09.0312 4260 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/20 11:53:09.0375 4260 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/20 11:53:09.0406 4260 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/20 11:53:09.0437 4260 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/20 11:53:09.0609 4260 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/20 11:53:09.0656 4260 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/20 11:53:09.0718 4260 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/20 11:53:09.0750 4260 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/20 11:53:09.0812 4260 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/20 11:53:09.0859 4260 NaiAvFilter1 (affd46144d763d9046673dd2d012cff9) C:\WINDOWS\system32\drivers\naiavf5x.sys
2011/06/20 11:53:10.0015 4260 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/20 11:53:10.0078 4260 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/20 11:53:10.0109 4260 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/20 11:53:10.0140 4260 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/20 11:53:10.0171 4260 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/20 11:53:10.0203 4260 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/20 11:53:10.0234 4260 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/20 11:53:10.0406 4260 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/20 11:53:10.0453 4260 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/06/20 11:53:10.0500 4260 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/20 11:53:10.0531 4260 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/20 11:53:10.0640 4260 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/20 11:53:10.0687 4260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/20 11:53:10.0718 4260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/20 11:53:10.0750 4260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/20 11:53:10.0890 4260 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/20 11:53:10.0937 4260 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/20 11:53:10.0968 4260 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/20 11:53:11.0000 4260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/20 11:53:11.0031 4260 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/20 11:53:11.0078 4260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/20 11:53:11.0093 4260 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/20 11:53:11.0156 4260 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/06/20 11:53:11.0328 4260 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/20 11:53:11.0375 4260 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/20 11:53:11.0390 4260 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/20 11:53:11.0421 4260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/20 11:53:11.0609 4260 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/20 11:53:11.0765 4260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/20 11:53:11.0796 4260 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/20 11:53:11.0828 4260 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/20 11:53:11.0843 4260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/20 11:53:11.0906 4260 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/20 11:53:11.0937 4260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/20 11:53:12.0078 4260 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/20 11:53:12.0125 4260 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/20 11:53:12.0203 4260 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/20 11:53:12.0265 4260 RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/06/20 11:53:12.0328 4260 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/06/20 11:53:12.0437 4260 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/20 11:53:12.0578 4260 RxFilter (0501074a2f29250932e34ca4a844a0f5) C:\WINDOWS\system32\DRIVERS\RxFilter.sys
2011/06/20 11:53:12.0656 4260 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/20 11:53:12.0781 4260 SahdIa32 (aaa04ca9a0b26127fc6b7f46a4df9059) C:\WINDOWS\system32\Drivers\SahdIa32.sys
2011/06/20 11:53:12.0937 4260 SaibIa32 (22828c861c0b738af83235c7603cd1ad) C:\WINDOWS\system32\Drivers\SaibIa32.sys
2011/06/20 11:53:12.0968 4260 SaibVd32 (d65272ab772dbd18832704a79f102fef) C:\WINDOWS\system32\Drivers\SaibVd32.sys
2011/06/20 11:53:13.0046 4260 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/20 11:53:13.0093 4260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/20 11:53:13.0140 4260 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/20 11:53:13.0203 4260 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/20 11:53:13.0390 4260 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/20 11:53:13.0484 4260 smihlp (aef89571c4e567575db8bdf120765b6c) C:\Program Files\Protector Suite QL\smihlp.sys
2011/06/20 11:53:13.0531 4260 SMR200 (718a5f664bd78cf727f5d662eba4b2da) C:\WINDOWS\system32\drivers\SMR200.SYS
2011/06/20 11:53:13.0625 4260 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys
2011/06/20 11:53:13.0812 4260 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/20 11:53:13.0875 4260 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/06/20 11:53:13.0875 4260 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/06/20 11:53:13.0890 4260 sptd - detected LockedFile.Multi.Generic (1)
2011/06/20 11:53:13.0921 4260 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/20 11:53:13.0984 4260 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/20 11:53:14.0171 4260 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/20 11:53:14.0203 4260 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/20 11:53:14.0218 4260 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/20 11:53:14.0375 4260 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/20 11:53:14.0421 4260 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/20 11:53:14.0718 4260 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys
2011/06/20 11:53:14.0843 4260 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/20 11:53:15.0062 4260 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys
2011/06/20 11:53:15.0156 4260 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/20 11:53:15.0328 4260 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys
2011/06/20 11:53:15.0578 4260 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/20 11:53:15.0640 4260 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/20 11:53:15.0781 4260 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/20 11:53:16.0000 4260 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
2011/06/20 11:53:16.0078 4260 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys
2011/06/20 11:53:16.0359 4260 tosrfec (cc42fdbe9760ca1639e23158ab995f98) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/06/20 11:53:16.0468 4260 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys
2011/06/20 11:53:16.0859 4260 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys
2011/06/20 11:53:16.0968 4260 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/20 11:53:17.0234 4260 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/20 11:53:17.0437 4260 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/20 11:53:17.0593 4260 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/20 11:53:17.0796 4260 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/20 11:53:17.0875 4260 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/20 11:53:17.0921 4260 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/20 11:53:17.0968 4260 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/20 11:53:18.0031 4260 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/20 11:53:18.0078 4260 usb_rndisx (ae4df3b7d1db9373b08db4ed224e26b6) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
2011/06/20 11:53:18.0187 4260 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/06/20 11:53:18.0250 4260 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/20 11:53:18.0250 4260 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/06/20 11:53:18.0390 4260 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/20 11:53:18.0515 4260 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/20 11:53:18.0687 4260 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/06/20 11:53:18.0750 4260 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2011/06/20 11:53:18.0828 4260 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/20 11:53:18.0921 4260 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/20 11:53:19.0062 4260 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
2011/06/20 11:53:19.0156 4260 ================================================================================
2011/06/20 11:53:19.0156 4260 Scan finished
2011/06/20 11:53:19.0156 4260 ================================================================================
2011/06/20 11:53:19.0171 1348 Detected object count: 2
2011/06/20 11:53:19.0171 1348 Actual detected object count: 2
2011/06/20 11:59:19.0578 1348 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/06/20 11:59:19.0781 1348 VolSnap (e33edbb864a22f7474d2b297e44ee0b6) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/20 11:59:20.0171 1348 Backup copy not found, trying to cure infected file..
2011/06/20 11:59:20.0171 1348 Cure success, using it..
2011/06/20 11:59:20.0187 1348 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/06/20 11:59:20.0187 1348 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/06/20 12:01:22.0531 0560 Deinitialize success

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:37 PM

Posted 20 June 2011 - 11:11 AM

Hello.

How's the computer running now?

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#5 captspalding

captspalding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 20 June 2011 - 06:24 PM

Well, things are looking much better today than they did over the weekend. I don't seem to have the Google Redirect problem anymore. I haven't seen any problems with the Windows XP Repair virus although many of my folders/files are still hidden. I went to the CMD prompt and ran the attrib -r -s -h *.* and it helped some. I have been going through and unhiding some manually but still when I go into Start->All Programs many of the folders still show as empty. I have tried unhiding Program Files and I have gone into Documents and Settings under my name and StartUp and cleared those but still most of these items in All Programs are showing as empty. I can access them by going through C drive and program file or where ever they are located, I just can't get to them through the All Programs area. I know there is a program Unhide.exe but I read that it just does the same thing as using the attrib in the CMD prompt.
I am wondering--when all of this started I tried to just run System Restore but I guess the virus was stopping me. It would let me pick a date but it wouldn't run and sometimes a message would pop up that said "System Restore can not protect your computer". Do you think I could run System Restore now? Also, I am wondering if I should run Norton Power Eraser again at this point to see what it finds?
Thanks again for all of your help.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:37 PM

Posted 21 June 2011 - 01:06 PM

Hello.

Do not run System Restore. Doing so will probably cause the problem to return. System Restore was never designed to combat malware infection.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#7 ITnavMan

ITnavMan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 PM

Posted 21 June 2011 - 01:52 PM

Great recommendations Blade!

I also encourage people to keep their Adobe products fully patched. There are a growing number of attacks that are based on Flash, Reader, and Shockwave.

Java has to be current as well.

Edited by ITnavMan, 21 June 2011 - 01:52 PM.

Dave K Purscell

#8 captspalding

captspalding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 June 2011 - 03:49 PM

Thanks Blade.
Unfortunately when I go to Start->All Programs-> Accessories->System Tools that folder than says "empty". Is there a way to get that back or is there another way to access System Restore?
Also, the last post mentioned Java and that is another problem I am having--I use Scottrade and they have a Streaming Quotes application that is Java based, ever since this started I have not been able to access that application it comes up with an error message saying "Unable to Launch Application". I have gone directly to the Java site to download the most current version (I have ver 18 and I believe the most current is 26). It goes through like it is going to run and than an error message pops up that says "Unable to download" and it lists the .xml site. Any suggestions?
Thanks again.

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:37 PM

Posted 21 June 2011 - 04:28 PM

Hello captspalding.

You can restore the defaults for the Start Menu, Accessories and Administrative Tools as follows:
Posted Image
  • Then click on the Restore button.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#10 captspalding

captspalding
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:37 PM

Posted 21 June 2011 - 08:54 PM

Thanks Blade. I got System Restore back and followed the steps to create a current system point and clean up the older ones. Really appreciate all the help and the advice and information.

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,729 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:01:37 PM

Posted 21 June 2011 - 09:29 PM

Glad I could help. :)

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users