Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDL4@MBR / random popup tabs / rogue AVs / qttask.exe autoplay


  • This topic is locked This topic is locked
6 replies to this topic

#1 fellow human

fellow human

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 20 June 2011 - 05:30 PM

Hello... I am using Windows XP Home & Firefox 4.0.1. Here is a description of what i've experienced during this affliction. Once I became infected, the first sign was the appearance of various rogue AV software applications (XP security 2012, security shield, etc). An application called PageRage was automatically installed on my computer, and Yontoo Layers became activated. I uninstalled PageRage & deactivated Yontoo, and they have not come back as far as i can tell. I successfully stopped instances of the rogue AVs using the RKILL & registry fix.

But while browsing the internet, every so often a new tab pops up loading something from www.cpvtgt.com, www.theadhandler.com, and others, which would then almost instantaneously redirect to a multitude of other sites (making it difficult for me to see the original address), both pure advertisements and others such as the-consumer-report.com (or something like that). I have been unable to figure out how to stop this. I'd also like to emphasize that this is NOT the "google redirect" thing, as I don't use google to search, nor does this happen in conjunction with searches. It seems to happen as if on a timer.

Though it hasn't happened now for a small period of time, after the rkill/reg fix, new rogue AVs would initialize right after the popup tabs happened. I continued to rkill them. Then a new thing started happening. I use GLARY Utilities Startup Monitor, and I receive a notification that "qttask.exe" is trying to register something to run at startup, which I deny. Then I hear audio automatically playing in the background.. not even advertisements but some random audio that sounds like from TV shows or something. I have to quit Firefox entirely for this to stop. This happens every so often..

Other issues I've noticed are now when I start my computer up, a blue error screen appears for only a fraction of a second & i cannot read it, and then my computer goes back to starting up again. The 2nd time it works, though with the notification that windows failed to start correctly the first time & the option to enter safe mode. This also happens when i shut down my computer, and instead of shutting down, it restarts the same way as I described happens when starting up. I use a BIOS password, so it just goes to that screen, I press ESC and the computer shuts down. Additionally, my wireless network connection acts strangely: when i disable it, it often does not display that it was disabled even though it actually is. Same as when I re-enable it.. the icon will not reappear, in the tray & i will not have the option to look at detected networks, it only says "enable", but it has already automatically connected to my home network and i can browse the internet.

There may be a thing or two besides this which i have forgotten at the moment..... but in any case here are the logs :::

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Run by dbt at 13:47:05 on 2011-06-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.162 [GMT -7:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\dbt\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
uInternet Settings,ProxyOverride = *.local
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{AD8C7D24-CBD0-4098-891E-DF1B816DCF6C} : DhcpNameServer = 192.168.1.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: tropeln - c:\documents and settings\networkservice\local settings\application data\tropeln.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 184.95.59.211 www.google.com
Hosts: 184.95.59.212 search.yahoo.com
Hosts: 184.95.59.212 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\dbt\application data\mozilla\firefox\profiles\8bezqngq.default\
FF - prefs.js: browser.search.selectedEngine - Scroogle SSL search
FF - prefs.js: browser.startup.homepage - hxxp://www.scroogle.org/cgi-bin/scraper.htm
FF - component: c:\documents and settings\dbt\application data\mozilla\firefox\profiles\8bezqngq.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashGetXPI.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\documents and settings\dbt\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\dbt\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\dbt\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\dbt\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2010-9-17 8576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-17 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\ad-aware\AAWService.exe [2011-5-25 2151128]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\ad-aware\kernexplorer.sys [2011-5-25 15232]
S3 MAUSBMOBILEPRE;Service for M-Audio MobilePre;c:\windows\system32\drivers\MAudioMobilePre.sys [2010-7-22 158344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-17 22:22:12 -------- d-----w- c:\documents and settings\dbt\application data\GlarySoft
2011-06-17 22:05:47 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-06-17 21:40:30 8877376 ----a-w- c:\program files\gusetup.exe
2011-06-17 04:58:08 -------- d-----w- c:\windows\pss
2011-06-17 04:45:51 -------- d-----w- c:\documents and settings\dbt\application data\SUPERAntiSpyware.com
2011-06-17 04:45:51 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-06-17 04:44:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-17 04:41:36 11434544 ----a-w- c:\program files\SUPERAntiSpyware.exe
2011-06-15 22:12:30 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-06-15 22:00:27 190384 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-06-15 22:00:26 196608 ----a-w- c:\windows\system32\SynCtrl.dll
2011-06-15 22:00:26 147456 ----a-w- c:\windows\system32\SynTPAPI.dll
2011-06-15 22:00:26 110592 ----a-w- c:\windows\system32\SynTPCo4.dll
2011-06-15 22:00:26 1060424 ----a-w- c:\windows\system32\WdfCoInstaller01000.dll
2011-06-15 22:00:25 163840 ----a-w- c:\windows\system32\SynCOM.dll
2011-06-15 21:00:15 -------- d-----w- c:\documents and settings\dbt\application data\WinBatch
2011-06-15 20:46:25 5004572 ----a-w- c:\program files\synaptics_10.0.11.exe
2011-06-15 20:20:55 58064040 ----a-w- c:\program files\setup_av_free.exe
2011-06-15 06:57:13 -------- d-----w- c:\documents and settings\dbt\application data\Steinberg
2011-06-15 06:42:34 -------- d-----w- c:\program files\asiomulti (vidance)
2011-06-15 06:30:30 4815872 ----a-w- c:\program files\asiomulti.msi
2011-06-13 18:18:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-13 18:18:59 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-13 18:15:39 16409960 ----a-w- c:\program files\spybotsd162.exe
2011-06-13 18:14:33 -------- d-s---w- c:\documents and settings\dbt\UserData
2011-06-13 17:37:36 -------- d-----w- c:\program files\CheckPoint
2011-06-13 17:37:17 -------- d-----w- c:\program files\ZoneAlarm Firewall
2011-06-13 17:35:01 2003056 ----a-w- c:\program files\zaSuiteSetupWeb_100_240_000_en.exe
2011-06-13 17:34:10 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-13 17:29:56 -------- d-----w- c:\program files\Ad-Aware
2011-06-13 17:25:47 10080256 ----a-w- c:\program files\Ad-Aware90Install.msi
2011-06-13 05:58:41 -------- d-----w- c:\documents and settings\all users\application data\cI28621NnPjK28621
2011-06-13 05:57:52 -------- d-----w- c:\documents and settings\dbt\application data\Malwarebytes
2011-06-13 05:57:36 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-13 05:57:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-13 05:57:32 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-13 05:57:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-13 05:46:24 9435312 ----a-w- c:\program files\mbam-setup-1.51.0.1200.exe
2011-06-13 05:16:59 -------- d-----w- c:\program files\PageRage
2011-06-13 05:16:58 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-06-13 05:15:35 -------- d-----w- c:\windows\system32\LogFiles
2011-06-13 04:55:54 4780600 ----a-w- c:\program files\DivXWebPlayerInstallerv15.exe
2011-06-10 20:43:05 5015880 ----a-w- c:\program files\cdbxp_setup_4.3.8.2568.exe
2011-06-09 21:00:04 -------- d-----w- c:\program files\CDex
2011-06-09 20:59:19 8697544 ----a-w- c:\program files\CDex-win32-1.70-b4-2009.exe
2011-05-27 02:39:41 427046 ----a-w- c:\program files\Lame_v3.98.3_for_Audacity_on_Windows.exe
2011-05-25 05:31:26 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2011-05-24 11:14:54 3239406 ----a-w- c:\program files\foobar2000_v1.1.6.exe
2011-05-24 10:55:03 10770728 ----a-w- c:\program files\FreeSoundRecorder.exe
.
==================== Find3M ====================
.
2011-05-16 21:57:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-11 01:53:29 915296 ----a-w- c:\program files\DivXInstaller.exe
2011-05-05 08:43:41 20533281 ----a-w- c:\program files\vlc-1.1.9-win32.exe
2011-04-29 21:45:57 12521992 ----a-w- c:\program files\Firefox Setup 4.0.1.exe
2011-04-21 04:30:25 32742184 ----a-w- c:\program files\install_virtualdj_home_v7.0.3.msi
2011-04-17 03:08:12 14521008 ----a-w- c:\program files\audacity-win-unicode-1.3.13.exe
2011-04-05 02:50:07 12799290 ----a-w- c:\program files\mixxx-1.9.0-win32.exe
2011-03-01 01:40:10 2618520 ----a-w- c:\program files\ie_ja.exe
2011-02-11 01:03:13 6968192 ----a-w- c:\program files\gamebooster22.exe
2011-02-06 09:46:34 4640840 ----a-w- c:\program files\R128346.EXE
2010-12-09 06:47:39 652333 ----a-w- c:\program files\Xvid.exe
2010-12-09 06:38:19 1566576 ----a-w- c:\program files\SetupVirtualCloneDrive5440.exe
2010-11-27 20:22:47 629821 ----a-w- c:\program files\bpsetup_1_03_1.exe
2010-10-03 21:50:17 889416 ----a-w- c:\program files\dotNetFx40_Full_setup.exe
2010-10-03 21:49:09 4882487 ----a-w- c:\program files\cdbxp_setup_4.3.7.2423.exe
2010-10-03 21:42:34 2125249 ----a-w- c:\program files\burrrn_package.exe
2010-09-20 19:01:19 34662316 ----a-w- c:\program files\Inkscape-0.48.0-1.exe
2010-09-18 04:47:09 61064 ----a-w- c:\program files\winxpvirtualcdcontrolpanel_21.exe
2010-09-18 04:20:15 9294336 ----a-w- c:\program files\epson11750.exe
2010-08-26 23:46:04 567640 ----a-w- c:\program files\GoogleVoiceAndVideoSetup.exe
2010-08-12 04:48:25 4998707 ----a-w- c:\program files\flvplayer_setup.exe
2010-07-22 17:27:13 8055304 ----a-w- c:\program files\MobilePre_6_0_1_5_10_0_5131.exe
2010-07-22 17:21:11 3469043 ----a-w- c:\program files\MP_WDM_5_10_00_3516.exe
2010-07-12 18:07:13 1235950 ----a-w- c:\program files\cuesplitter_setup.exe
2010-06-25 21:52:19 421346 ----a-w- c:\program files\Lame_v3.98.2_for_Audacity_on_Windows.exe
2010-06-08 22:06:14 18234256 ----a-w- c:\program files\gimp-2.6.8-i686-setup.exe
2010-06-05 01:53:33 5992216 ----a-w- c:\program files\flashget3.5.0.1126en.exe
2010-06-04 01:22:18 1742211 ----a-w- c:\program files\SumatraPDF-1.1-install.exe
2010-06-04 01:03:32 3137633 ----a-w- c:\program files\foobar2000_v1.0.3.exe
2010-06-04 01:01:41 2228534 ----a-w- c:\program files\audacity-win-1.2.6.exe
2005-08-26 18:37:46 106955705 ----a-r- c:\program files\Install Reason.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS548060M9AT00 rev.MGBOA5EA -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82F0E4D0]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x82f147f0]; MOV EAX, [0x82f1486c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x82F6AAB8]
3 CLASSPNP[0xF7716FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x82EAA030]
\Driver\atapi[0x82F57A48] -> IRP_MJ_CREATE -> 0x82F0E4D0
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x82F0E31B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:49:49.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:36 PM

Posted 20 June 2011 - 05:44 PM

Hello fellow human ,

Posted Image

Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 fellow human

fellow human
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 20 June 2011 - 05:55 PM

2011/06/20 15:48:27.0031 1736 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/20 15:48:27.0609 1736 ================================================================================
2011/06/20 15:48:27.0609 1736 SystemInfo:
2011/06/20 15:48:27.0609 1736
2011/06/20 15:48:27.0609 1736 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/20 15:48:27.0609 1736 Product type: Workstation
2011/06/20 15:48:27.0609 1736 ComputerName: BETWEEN-CFB4A98
2011/06/20 15:48:27.0609 1736 UserName: dbt
2011/06/20 15:48:27.0609 1736 Windows directory: C:\WINDOWS
2011/06/20 15:48:27.0609 1736 System windows directory: C:\WINDOWS
2011/06/20 15:48:27.0609 1736 Processor architecture: Intel x86
2011/06/20 15:48:27.0609 1736 Number of processors: 1
2011/06/20 15:48:27.0609 1736 Page size: 0x1000
2011/06/20 15:48:27.0609 1736 Boot type: Normal boot
2011/06/20 15:48:27.0609 1736 ================================================================================
2011/06/20 15:48:31.0078 1736 Initialize success
2011/06/20 15:48:51.0312 3496 ================================================================================
2011/06/20 15:48:51.0312 3496 Scan started
2011/06/20 15:48:51.0312 3496 Mode: Manual;
2011/06/20 15:48:51.0312 3496 ================================================================================
2011/06/20 15:48:55.0109 3496 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/20 15:48:55.0218 3496 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/20 15:48:55.0406 3496 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/20 15:48:55.0750 3496 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/20 15:48:56.0421 3496 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/20 15:48:56.0468 3496 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/20 15:48:56.0593 3496 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/20 15:48:56.0656 3496 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/20 15:48:56.0796 3496 BCM43XX (30d20fc98bcfd52e1da778cf19b223d4) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/06/20 15:48:57.0031 3496 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/20 15:48:57.0234 3496 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/20 15:48:57.0500 3496 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/20 15:48:57.0656 3496 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/20 15:48:57.0703 3496 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/20 15:48:57.0921 3496 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/20 15:48:58.0109 3496 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/20 15:48:58.0500 3496 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/20 15:48:58.0671 3496 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/20 15:48:58.0875 3496 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/20 15:48:58.0968 3496 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/20 15:48:59.0062 3496 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/20 15:48:59.0281 3496 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/20 15:49:00.0265 3496 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
2011/06/20 15:49:00.0375 3496 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/20 15:49:00.0468 3496 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/20 15:49:00.0625 3496 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/20 15:49:00.0718 3496 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/20 15:49:00.0812 3496 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/20 15:49:00.0921 3496 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/20 15:49:00.0984 3496 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/20 15:49:01.0140 3496 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/20 15:49:01.0453 3496 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/20 15:49:01.0656 3496 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/20 15:49:01.0968 3496 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/20 15:49:02.0203 3496 ialm (d705558b6a678e894c5c67430eef67a2) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/20 15:49:02.0484 3496 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/20 15:49:02.0734 3496 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/20 15:49:02.0828 3496 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/20 15:49:02.0906 3496 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/20 15:49:03.0062 3496 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/20 15:49:03.0140 3496 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/20 15:49:03.0312 3496 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/20 15:49:03.0390 3496 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/20 15:49:03.0562 3496 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/20 15:49:03.0640 3496 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/20 15:49:03.0796 3496 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/20 15:49:03.0890 3496 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/20 15:49:03.0984 3496 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/20 15:49:04.0125 3496 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Ad-Aware\KernExplorer.sys
2011/06/20 15:49:04.0468 3496 ma763004 (f0bc9e9d3e52c721fd4d5fb59167318e) C:\WINDOWS\system32\drivers\MA763004.sys
2011/06/20 15:49:04.0671 3496 MAUSBMOBILEPRE (9905de84749e28ebda8eb2de377681eb) C:\WINDOWS\system32\DRIVERS\MAudioMobilePre.sys
2011/06/20 15:49:04.0812 3496 MA_CMIDI (6b5d093711eadd77c789b0150dc4879c) C:\WINDOWS\system32\drivers\ma_cmidi.sys
2011/06/20 15:49:04.0953 3496 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/20 15:49:05.0140 3496 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/20 15:49:05.0203 3496 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/20 15:49:05.0296 3496 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/20 15:49:05.0421 3496 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/20 15:49:05.0531 3496 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/20 15:49:05.0750 3496 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/20 15:49:05.0937 3496 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/20 15:49:06.0015 3496 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/20 15:49:06.0062 3496 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/20 15:49:06.0171 3496 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/20 15:49:06.0234 3496 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/20 15:49:06.0359 3496 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/20 15:49:06.0468 3496 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/20 15:49:06.0578 3496 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/20 15:49:06.0703 3496 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/20 15:49:06.0812 3496 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/20 15:49:06.0875 3496 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/20 15:49:06.0937 3496 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/20 15:49:07.0250 3496 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/20 15:49:07.0375 3496 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/20 15:49:07.0500 3496 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/20 15:49:07.0625 3496 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/20 15:49:07.0687 3496 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/20 15:49:07.0781 3496 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/20 15:49:07.0843 3496 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/20 15:49:07.0921 3496 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/20 15:49:07.0984 3496 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/20 15:49:08.0156 3496 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/06/20 15:49:08.0218 3496 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/20 15:49:08.0843 3496 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/20 15:49:08.0953 3496 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/20 15:49:09.0031 3496 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/20 15:49:09.0109 3496 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/20 15:49:09.0515 3496 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/20 15:49:09.0625 3496 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/20 15:49:09.0687 3496 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/20 15:49:09.0750 3496 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/20 15:49:09.0875 3496 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/20 15:49:09.0921 3496 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/20 15:49:10.0046 3496 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/20 15:49:10.0156 3496 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/20 15:49:10.0437 3496 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/06/20 15:49:10.0531 3496 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/06/20 15:49:10.0671 3496 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/20 15:49:10.0812 3496 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/20 15:49:10.0921 3496 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/20 15:49:11.0234 3496 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/20 15:49:11.0359 3496 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/20 15:49:11.0500 3496 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/20 15:49:11.0656 3496 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2011/06/20 15:49:11.0796 3496 StarOpen (e57b778208c783d8debab320c16a1b82) C:\WINDOWS\system32\drivers\StarOpen.sys
2011/06/20 15:49:11.0875 3496 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/20 15:49:11.0984 3496 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/20 15:49:12.0437 3496 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/20 15:49:12.0656 3496 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/20 15:49:12.0890 3496 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/20 15:49:13.0015 3496 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/20 15:49:13.0140 3496 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/20 15:49:13.0234 3496 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/20 15:49:13.0437 3496 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/20 15:49:13.0687 3496 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/20 15:49:13.0843 3496 USB11LDR (57af81fbaa297c254541cddfbe8d2cb4) C:\WINDOWS\system32\drivers\usb11ldr.sys
2011/06/20 15:49:13.0937 3496 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/20 15:49:14.0062 3496 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/20 15:49:14.0218 3496 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/20 15:49:14.0343 3496 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/20 15:49:14.0453 3496 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/20 15:49:14.0578 3496 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/20 15:49:14.0656 3496 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/20 15:49:14.0718 3496 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/20 15:49:14.0859 3496 vcdrom (bfa4ae30b3ac10e9223830bf103f5a3f) C:\WINDOWS\system32\drivers\VCdRom.sys
2011/06/20 15:49:15.0000 3496 VClone (94d73b62e458fb56c9ce60aa96d914f9) C:\WINDOWS\system32\DRIVERS\VClone.sys
2011/06/20 15:49:15.0125 3496 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/20 15:49:15.0281 3496 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/20 15:49:15.0453 3496 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/20 15:49:15.0562 3496 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
2011/06/20 15:49:15.0812 3496 Wdf01000 (60d2787958b46595d62237ed15b91e94) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/20 15:49:16.0000 3496 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/20 15:49:16.0343 3496 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/20 15:49:16.0359 3496 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/20 15:49:16.0421 3496 ================================================================================
2011/06/20 15:49:16.0421 3496 Scan finished
2011/06/20 15:49:16.0421 3496 ================================================================================
2011/06/20 15:49:16.0468 3456 Detected object count: 1
2011/06/20 15:49:16.0468 3456 Actual detected object count: 1
2011/06/20 15:49:23.0828 3456 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/20 15:49:23.0828 3456 \Device\Harddisk0\DR0 - ok
2011/06/20 15:49:23.0828 3456 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/06/20 15:49:28.0453 2260 Deinitialize success

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:36 PM

Posted 20 June 2011 - 07:07 PM

Excellent :thumbup2:

How is it running now? Please tell me what symptoms remain, if any, and we'll go on from there. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 fellow human

fellow human
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 21 June 2011 - 06:02 PM

Wow, that was much easier than expected. I'd come across that program while researching the issue but couldn't determine whether I should use it on my own or not. Everything seems to be running fine today, hope it continues! Thank you!

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:36 PM

Posted 21 June 2011 - 07:41 PM

Hi there,

Glad all is well. :wink: All other scans are coming up clean now? If they are, then I'll leave this thread open for a couple of days, just in case, then close it as solved. :)

Take care,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:36 PM

Posted 07 August 2011 - 01:03 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users