Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Repair Virus


  • This topic is locked This topic is locked
11 replies to this topic

#1 hvdcman

hvdcman

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 July 2011 - 08:14 PM

Hello. I have been trying to clean off the "Windows XP Repair" virus to no avail. I have tried running TDSSKiller but nothing I do makes it run. I have also ran MalewareByte and there was no infection found. My regular SpySweep doesn't find anything either. The symptons I am seeing are the continual redirects to pages that have no connection when trying to search in Google. I have been able to get the computer to go online, but it wont go online when in safe mode. I have read 3 different topics that cover what appears to be same issue I am having but alot of the downloaded programs don't run. I have been following the forums start to finish by downloading prgrams to thumb drive then using on infected computer. It sounds like even if I do a hard drive format and recovery that the issue would still be there. Any assistance leant would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 hvdcman

hvdcman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 July 2011 - 08:16 PM

Also, I have read and followed the Uninstall guide for the Windows XP Repair virus and still am having issues.

#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 AM

Posted 03 July 2011 - 08:29 PM

Welcome aboard Posted Image

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 hvdcman

hvdcman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 July 2011 - 08:52 PM

Here is the Unhooker report:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6528000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xAA5FB000 C:\WINDOWS\system32\drivers\sthda.sys 1576960 bytes (IDT, Inc., IDT PC Audio)
0xF6398000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1392640 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF2913000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xA6086000 C:\WINDOWS\system32\drivers\hardlock.sys 696320 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0xF72DE000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5EBC000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA6A0A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF286A000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA6B15000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA5DD7000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA5753000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5F2D000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 241664 bytes (Synaptics Incorporated, Synaptics Touchpad Driver)
0xF7418000 SSIDRV.SYS 196608 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Interdiction Driver)
0xF7459000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA65FD000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF73EB000 C:\WINDOWS\SYSTEM32\Drivers\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA515D000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA6A7A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF64EC000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA6AED000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA480000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xA6AC7000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA69C8000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA5D7000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5F68000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF28C8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA6AA5000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7394000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73CC000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xA5F1F000 C:\WINDOWS\System32\drivers\hlemu.SYS 126976 bytes (T0r0, DongleEmulator for HASP, Sentinel, etc)
0xA69EC000 C:\WINDOWS\System32\Drivers\usbvideo.sys 122880 bytes (Microsoft Corporation, USB Video Class Driver)
0xAA5BB000 C:\WINDOWS\system32\drivers\AESTAud.sys 114688 bytes (Andrea Electronics Corporation, Andrea Audio Driver)
0xF72C4000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF73B4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA69B0000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF736B000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF28FC000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA6520000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6514000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA6B6E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7382000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7448000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF28EB000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF2C30000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xA65C5000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF2C60000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF77A8000 C:\WINDOWS\SYSTEM32\Drivers\SSFMONM.SYS 57344 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0xF76B8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF75D8000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76A8000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF6ACE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75B8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF7798000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xA765F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF75A8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7778000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7588000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF3A4B000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75E8000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7598000 SSHRMD.SYS 40960 bytes (Webroot Software, Inc. (www.webroot.com), Spy Sweeper Mini Driver)
0xF3A7B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA53A3000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF75C8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA6CA9000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF77B8000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA6C99000 C:\WINDOWS\System32\Drivers\LEqdUsb.Sys 36864 bytes (Logitech, Inc., Logitech Equad USB Driver.)
0xF3A8B000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xA769F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA767F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7960000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xA7163000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xA715B000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xA718B000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xA7B59000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7938000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7908000 C:\WINDOWS\system32\DRIVERS\WinUSB.sys 32768 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0xA7B49000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7810000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xA716B000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7940000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7918000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xA717B000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2146F87A-BEA6-4CD0-91F6-49050F50A56B}\MpKsl5943ae7c.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xA7183000 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2146F87A-BEA6-4CD0-91F6-49050F50A56B}\MpKsl8ed8e61a.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF7930000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xA719B000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA7193000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7818000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7920000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7948000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7808000 C:\WINDOWS\SYSTEM32\Drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA7153000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF79A0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7264000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA7C77000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF2A72000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA6990000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA5657000 C:\WINDOWS\system32\DRIVERS\pneteth.sys 16384 bytes (June Fabrics Technology Inc., PdaNet Broadband Adapter Driver)
0xF79A4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7998000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF799C000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA7105000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA7C83000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7129000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF2A7E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA81A5000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF2A82000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7A88000 00000098 8192 bytes
0xF7ACE000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7ABA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AB4000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A8C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7A88000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AD0000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AD2000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B2A000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AC8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A8A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF367C000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C33000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF35A7000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xF7C92000 C:\WINDOWS\System32\Drivers\LHidEqd.Sys 4096 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xF2C97000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B51000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7B50000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x85F810A8 unknown_irp_handler 3928 bytes
0x85D130A8 unknown_irp_handler 3928 bytes
0x85F0A0A8 unknown_irp_handler 3928 bytes
0x85F090A8 unknown_irp_handler 3928 bytes
0x85D1F0A8 unknown_irp_handler 3928 bytes
0x85D1D0A8 unknown_irp_handler 3928 bytes
0x85D340A8 unknown_irp_handler 3928 bytes
0x85D320A8 unknown_irp_handler 3928 bytes
0x85D310A8 unknown_irp_handler 3928 bytes
0x85D0D0A8 unknown_irp_handler 3928 bytes
0x85E300C0 unknown_irp_handler 3904 bytes
0x863BD0C0 unknown_irp_handler 3904 bytes
0x85E8B0C0 unknown_irp_handler 3904 bytes
0x85EFB0C0 unknown_irp_handler 3904 bytes
0x863A40C0 unknown_irp_handler 3904 bytes
0x863680E0 unknown_irp_handler 3872 bytes
0x863B0110 unknown_irp_handler 3824 bytes
0x85F75120 unknown_irp_handler 3808 bytes
0x85ED0218 unknown_irp_handler 3560 bytes
0x8643A370 unknown_irp_handler 3216 bytes
0x86372680 unknown_irp_handler 2432 bytes
0x8644E7C0 unknown_irp_handler 2112 bytes
0x864358B0 unknown_irp_handler 1872 bytes
0x8650A8F8 unknown_irp_handler 1800 bytes
0x85D2CC88 unknown_irp_handler 888 bytes
0x85ECECB0 unknown_irp_handler 848 bytes
0x8653DF10 unknown_irp_handler 240 bytes
!!!!!!!!!!!Hidden driver: 0x86579F38 00000214 0 bytes
==============================================
>Stealth
==============================================
0x8652F4A5 Unknown page with executable code, 2907 bytes
0x8652F0B3 Unknown thread object [ ETHREAD 0x86563020 ] TID: 108, 600 bytes
0x865307FB Unknown thread object [ ETHREAD 0x865638B8 ] TID: 120, 600 bytes
0x8652CFB5 Unknown page with executable code, 75 bytes

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 AM

Posted 03 July 2011 - 09:28 PM

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#6 hvdcman

hvdcman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 July 2011 - 09:58 PM

The scan is complete. Message says: ***Infected MBR detected

I have not done anything with the "Repair" option yet, however, System Restore has been enabled again.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 AM

Posted 03 July 2011 - 10:11 PM

OK, we don't have an authority to go as far as fixing MBR in this forum, but at least we know where one of the issues are.

With the information you have provided I believe you will need help from the malware removal team. I would like you to start a new thread and post a DDS log HERE and include a link to this thread. Please make sure that you read the information about getting started before you start your thread.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 hvdcman

hvdcman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 July 2011 - 10:24 PM

Thank you for all the help so far. I need to know, what is the DDS log?
OOPS, I found the DDS download.

Edited by hvdcman, 03 July 2011 - 10:28 PM.


#9 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 AM

Posted 03 July 2011 - 10:37 PM

OK. Good luck!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#10 hvdcman

hvdcman
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 03 July 2011 - 10:58 PM

I have started a new topic and attached the 2 files requested in Maleware Removal. Again, thank you for all the help....

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:45 AM

Posted 03 July 2011 - 10:59 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 AM

Posted 03 July 2011 - 11:19 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic407554.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Please do not bump your topic. Do not worry about being forgotten; we have mechanisms in place to ensure that you are not overlooked.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

~Blade
Forum Global Moderator

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users