Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scour Redirect Virus Removal


  • Please log in to reply
7 replies to this topic

#1 pipibess

pipibess

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Saint Louis, Mo
  • Local time:04:48 PM

Posted 13 September 2011 - 05:32 PM

Hello all... I'm new here, but I come for help.

I'm not entirely sure what information you need from me... I think giving me a dummy's walkthrough is the best way for me to get rid of this thing.

Basically, my husband and I know we have it... and would like to be done with it.

We have a Dell Inspiron 1545 laptop with Windows Vista Home Premium (Service Pack 2).

We've used SuperAntiSpyware and MalwareBytes' - but neither seems to rectify the problem.

I don't recall when the virus sprouted up - but it's been a while.

Thanks in advance for your help!

Edited by hamluis, 13 September 2011 - 06:22 PM.
Moved from Vista to Am I Infected.

"... and seemingly as winter had become spring, confusion had become insight..." - andrew mcmahon

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 13 September 2011 - 09:13 PM

Hello and welcome. This virus attaches to existing system drivers so that is why you are not having success with those.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.5.9.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.


Then I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


[color="#8B0000"]NOTE: In some instances if no malware is found there will be no log produced.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 pipibess

pipibess
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Saint Louis, Mo
  • Local time:04:48 PM

Posted 15 September 2011 - 09:44 AM

Thank you so much for your speedy reply. I followed your instructions... (both sets) and I've included the results below:

RESULTS FROM TDSS ROOTKIT REMOVING TOOL:

2011/09/14 22:27:53.0670 2312 TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/14 22:27:53.0922 2312 ================================================================================
2011/09/14 22:27:53.0922 2312 SystemInfo:
2011/09/14 22:27:53.0923 2312
2011/09/14 22:27:53.0923 2312 OS Version: 6.0.6002 ServicePack: 2.0
2011/09/14 22:27:53.0923 2312 Product type: Workstation
2011/09/14 22:27:53.0923 2312 ComputerName: ELISE-PC
2011/09/14 22:27:53.0923 2312 UserName: Elise
2011/09/14 22:27:53.0923 2312 Windows directory: C:\Windows
2011/09/14 22:27:53.0923 2312 System windows directory: C:\Windows
2011/09/14 22:27:53.0923 2312 Processor architecture: Intel x86
2011/09/14 22:27:53.0923 2312 Number of processors: 2
2011/09/14 22:27:53.0923 2312 Page size: 0x1000
2011/09/14 22:27:53.0923 2312 Boot type: Normal boot
2011/09/14 22:27:53.0923 2312 ================================================================================
2011/09/14 22:27:55.0466 2312 Initialize success
2011/09/14 22:28:05.0891 2288 ================================================================================
2011/09/14 22:28:05.0891 2288 Scan started
2011/09/14 22:28:05.0891 2288 Mode: Manual;
2011/09/14 22:28:05.0891 2288 ================================================================================
2011/09/14 22:28:06.0995 2288 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/14 22:28:07.0089 2288 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/14 22:28:07.0145 2288 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/14 22:28:07.0183 2288 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/14 22:28:07.0220 2288 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/14 22:28:07.0347 2288 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/14 22:28:07.0403 2288 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/14 22:28:07.0460 2288 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/14 22:28:07.0510 2288 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/14 22:28:07.0549 2288 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/14 22:28:07.0586 2288 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/14 22:28:07.0640 2288 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/14 22:28:07.0683 2288 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/14 22:28:07.0745 2288 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/09/14 22:28:07.0826 2288 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/14 22:28:07.0871 2288 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/14 22:28:07.0934 2288 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/14 22:28:07.0980 2288 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/09/14 22:28:08.0101 2288 AVGIDSDriver (97824e8c95d9717777abd46a7b632310) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
2011/09/14 22:28:08.0137 2288 AVGIDSEH (c59c9bc3f0612bd207ccdc5d8cb9ce39) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
2011/09/14 22:28:08.0167 2288 AVGIDSFilter (c5559de2ec66cede15a1664f6d183d8e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
2011/09/14 22:28:08.0194 2288 AVGIDSShim (ae5e9667fa40206796d1bd5bd0427a8a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
2011/09/14 22:28:08.0248 2288 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys
2011/09/14 22:28:08.0274 2288 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys
2011/09/14 22:28:08.0316 2288 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys
2011/09/14 22:28:08.0350 2288 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys
2011/09/14 22:28:08.0428 2288 BCM42RLY (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
2011/09/14 22:28:08.0490 2288 BCM43XX (41a70777e892c3dea606758366566a77) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/09/14 22:28:08.0572 2288 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/14 22:28:08.0635 2288 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/14 22:28:08.0736 2288 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/14 22:28:08.0788 2288 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/14 22:28:08.0817 2288 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/14 22:28:09.0012 2288 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/14 22:28:09.0051 2288 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/14 22:28:09.0096 2288 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/14 22:28:09.0121 2288 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/14 22:28:09.0147 2288 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/14 22:28:09.0192 2288 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/14 22:28:09.0240 2288 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/14 22:28:09.0293 2288 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/09/14 22:28:09.0356 2288 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/14 22:28:09.0437 2288 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/09/14 22:28:09.0462 2288 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/14 22:28:09.0497 2288 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/09/14 22:28:09.0531 2288 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/14 22:28:09.0601 2288 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/14 22:28:09.0739 2288 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/14 22:28:09.0829 2288 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/14 22:28:09.0912 2288 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/14 22:28:10.0003 2288 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/14 22:28:10.0070 2288 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/14 22:28:10.0145 2288 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/14 22:28:10.0229 2288 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/14 22:28:10.0298 2288 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/14 22:28:10.0391 2288 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/14 22:28:10.0436 2288 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/14 22:28:10.0480 2288 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/14 22:28:10.0537 2288 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/14 22:28:10.0587 2288 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/14 22:28:10.0638 2288 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/14 22:28:10.0691 2288 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/14 22:28:10.0729 2288 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/14 22:28:10.0758 2288 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/14 22:28:10.0802 2288 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/14 22:28:10.0876 2288 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/14 22:28:10.0948 2288 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/14 22:28:10.0999 2288 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/14 22:28:11.0033 2288 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/14 22:28:11.0103 2288 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/14 22:28:11.0144 2288 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/14 22:28:11.0199 2288 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/14 22:28:11.0252 2288 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/14 22:28:11.0303 2288 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/14 22:28:11.0366 2288 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/14 22:28:11.0510 2288 igfx (8dad27dd28a4274866767c89c0bf154f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/09/14 22:28:11.0616 2288 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/14 22:28:11.0685 2288 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/14 22:28:11.0723 2288 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/14 22:28:11.0789 2288 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/14 22:28:11.0858 2288 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/14 22:28:11.0906 2288 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/14 22:28:11.0984 2288 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/14 22:28:12.0015 2288 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/14 22:28:12.0072 2288 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/14 22:28:12.0102 2288 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/14 22:28:12.0145 2288 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/14 22:28:12.0183 2288 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/14 22:28:12.0216 2288 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/09/14 22:28:12.0277 2288 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/14 22:28:12.0341 2288 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/14 22:28:12.0408 2288 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/14 22:28:12.0460 2288 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/14 22:28:12.0505 2288 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/14 22:28:12.0533 2288 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/14 22:28:12.0629 2288 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/14 22:28:12.0716 2288 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/14 22:28:12.0766 2288 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/14 22:28:12.0788 2288 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/14 22:28:12.0816 2288 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/14 22:28:12.0844 2288 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/14 22:28:12.0872 2288 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/14 22:28:12.0943 2288 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/14 22:28:12.0979 2288 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/14 22:28:13.0029 2288 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/14 22:28:13.0075 2288 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/14 22:28:13.0145 2288 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/14 22:28:13.0192 2288 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/14 22:28:13.0217 2288 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/14 22:28:13.0272 2288 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/09/14 22:28:13.0316 2288 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/14 22:28:13.0378 2288 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/14 22:28:13.0430 2288 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/14 22:28:13.0499 2288 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/14 22:28:13.0532 2288 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/14 22:28:13.0561 2288 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/14 22:28:13.0639 2288 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/14 22:28:13.0676 2288 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/14 22:28:13.0718 2288 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/14 22:28:13.0764 2288 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/14 22:28:13.0835 2288 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/14 22:28:13.0908 2288 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/14 22:28:13.0960 2288 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/14 22:28:14.0009 2288 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/14 22:28:14.0162 2288 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/14 22:28:14.0200 2288 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/14 22:28:14.0224 2288 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/14 22:28:14.0280 2288 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/14 22:28:14.0358 2288 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/14 22:28:14.0405 2288 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/14 22:28:14.0440 2288 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/14 22:28:14.0511 2288 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/14 22:28:14.0573 2288 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/14 22:28:14.0594 2288 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/14 22:28:14.0646 2288 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/14 22:28:14.0691 2288 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/14 22:28:14.0725 2288 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/14 22:28:14.0836 2288 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/09/14 22:28:14.0879 2288 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/14 22:28:14.0928 2288 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/14 22:28:14.0957 2288 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/14 22:28:14.0998 2288 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/14 22:28:15.0035 2288 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/14 22:28:15.0085 2288 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/14 22:28:15.0156 2288 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/14 22:28:15.0265 2288 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/14 22:28:15.0307 2288 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/14 22:28:15.0376 2288 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/14 22:28:15.0444 2288 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/14 22:28:15.0489 2288 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/14 22:28:15.0531 2288 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/14 22:28:15.0552 2288 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/14 22:28:15.0589 2288 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/14 22:28:15.0641 2288 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/14 22:28:15.0693 2288 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/14 22:28:15.0735 2288 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/14 22:28:15.0772 2288 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/14 22:28:15.0823 2288 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/14 22:28:15.0847 2288 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/14 22:28:15.0890 2288 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/14 22:28:15.0965 2288 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2011/09/14 22:28:16.0050 2288 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
2011/09/14 22:28:16.0081 2288 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
2011/09/14 22:28:16.0132 2288 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/14 22:28:16.0176 2288 RTSTOR (9b09f336de36a7a6ca871de8a7847b65) C:\Windows\system32\drivers\RTSTOR.SYS
2011/09/14 22:28:16.0357 2288 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Users\Elise\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS
2011/09/14 22:28:16.0433 2288 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Users\Elise\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS
2011/09/14 22:28:16.0487 2288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/14 22:28:16.0537 2288 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/14 22:28:16.0584 2288 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/09/14 22:28:16.0640 2288 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/09/14 22:28:16.0677 2288 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/14 22:28:16.0776 2288 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/14 22:28:16.0823 2288 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/14 22:28:16.0851 2288 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/14 22:28:16.0882 2288 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/14 22:28:16.0929 2288 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/14 22:28:16.0978 2288 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/14 22:28:17.0040 2288 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/14 22:28:17.0107 2288 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/14 22:28:17.0170 2288 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/14 22:28:17.0248 2288 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/14 22:28:17.0295 2288 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/14 22:28:17.0363 2288 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/14 22:28:17.0453 2288 STHDA (14a9ad287fda70a06463e09c4328c1f2) C:\Windows\system32\DRIVERS\stwrt.sys
2011/09/14 22:28:17.0510 2288 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/14 22:28:17.0560 2288 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/14 22:28:17.0626 2288 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/14 22:28:17.0671 2288 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/14 22:28:17.0804 2288 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/14 22:28:17.0885 2288 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/14 22:28:17.0947 2288 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/14 22:28:17.0984 2288 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/14 22:28:18.0032 2288 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/14 22:28:18.0083 2288 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/14 22:28:18.0132 2288 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/14 22:28:18.0225 2288 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/14 22:28:18.0272 2288 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/14 22:28:18.0312 2288 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/14 22:28:18.0344 2288 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/14 22:28:18.0404 2288 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/14 22:28:18.0472 2288 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/14 22:28:18.0521 2288 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/14 22:28:18.0581 2288 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/14 22:28:18.0644 2288 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/14 22:28:18.0696 2288 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/14 22:28:18.0756 2288 UnlockerDriver5 (f365fa561c3ab455d8685770d208691a) C:\Program Files\Unlocker\UnlockerDriver5.sys
2011/09/14 22:28:18.0826 2288 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2011/09/14 22:28:18.0891 2288 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/14 22:28:18.0936 2288 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/14 22:28:18.0981 2288 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/14 22:28:19.0008 2288 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/14 22:28:19.0048 2288 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/14 22:28:19.0077 2288 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/09/14 22:28:19.0138 2288 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/14 22:28:19.0235 2288 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/14 22:28:19.0346 2288 uts_bus (df8bb0e93518f74d943046a1162bbcdd) C:\Windows\system32\DRIVERS\uts_bus.sys
2011/09/14 22:28:19.0421 2288 uts_mdfl (3427fe9a31e50d0dac3e062f8dd3be41) C:\Windows\system32\DRIVERS\uts_mdfl.sys
2011/09/14 22:28:19.0495 2288 uts_mdm (8fa13cd6a1cf2612ddbc056d23c5c0ad) C:\Windows\system32\DRIVERS\uts_mdm.sys
2011/09/14 22:28:19.0563 2288 uts_serd (edd4d6275289014457e84ecb60ad5c2d) C:\Windows\system32\DRIVERS\uts_serd.sys
2011/09/14 22:28:19.0650 2288 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/14 22:28:19.0687 2288 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/14 22:28:19.0725 2288 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/14 22:28:19.0764 2288 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/14 22:28:19.0794 2288 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/14 22:28:19.0824 2288 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/14 22:28:19.0875 2288 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/14 22:28:19.0917 2288 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/14 22:28:19.0951 2288 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/14 22:28:20.0017 2288 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/14 22:28:20.0065 2288 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/14 22:28:20.0085 2288 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/14 22:28:20.0142 2288 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/14 22:28:20.0191 2288 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
2011/09/14 22:28:20.0278 2288 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/14 22:28:20.0461 2288 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/09/14 22:28:20.0563 2288 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/14 22:28:20.0622 2288 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/14 22:28:20.0691 2288 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/14 22:28:20.0769 2288 xusb21 (a640c90b007762939507c28a021be3b3) C:\Windows\system32\DRIVERS\xusb21.sys
2011/09/14 22:28:20.0857 2288 yukonwlh (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/09/14 22:28:20.0906 2288 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/09/14 22:28:20.0912 2288 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/09/14 22:28:20.0922 2288 Boot (0x1200) (6652223e40ec10dfc57d95d2084a32df) \Device\Harddisk0\DR0\Partition0
2011/09/14 22:28:20.0953 2288 Boot (0x1200) (6cd61c58db72a28acdc82de03a11535a) \Device\Harddisk0\DR0\Partition1
2011/09/14 22:28:20.0983 2288 Boot (0x1200) (7d61b69209e38a8ca0c4ca4eeb5d3473) \Device\Harddisk0\DR0\Partition2
2011/09/14 22:28:20.0988 2288 ================================================================================
2011/09/14 22:28:20.0988 2288 Scan finished
2011/09/14 22:28:20.0988 2288 ================================================================================
2011/09/14 22:28:21.0003 5520 Detected object count: 1
2011/09/14 22:28:21.0003 5520 Actual detected object count: 1
2011/09/14 22:29:34.0357 5520 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/09/14 22:29:34.0358 5520 \Device\Harddisk0\DR0 - ok
2011/09/14 22:29:34.0409 5520 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/09/14 22:29:41.0889 2648 Deinitialize success



RESULTS FROM ESET ONLINE SCAN:

C:\Users\Elise\.frostwire5\updates\frostwire-5.1.4.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Elise\AppData\Local\Temp\OpenCandy\OCSetupHlp.dll Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Elise\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26\3545009a-6ecd0cb4 Java/TrojanDownloader.Agent.JX trojan deleted - quarantined
C:\Users\Elise\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-5.0.8.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Elise\Downloads\frostwire-4.21.1.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Elise\Downloads\frostwire-4.21.5.windows.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Elise\Downloads\mp3mymp3install.exe multiple threats deleted - quarantined
C:\Users\Elise\Downloads\OrbitSetup4.1.01.exe Win32/OpenCandy application deleted - quarantined
C:\Users\Elise\Downloads\winamp5621_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined


I'll wait to hear back from you! Thanks again.
"... and seemingly as winter had become spring, confusion had become insight..." - andrew mcmahon

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 15 September 2011 - 10:57 PM

Sorry,wasn't as speedy today. The Tdss kill should have done it how is it now?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 pipibess

pipibess
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Saint Louis, Mo
  • Local time:04:48 PM

Posted 16 September 2011 - 12:37 AM

Okay - next step accomplished. Please, don't worry about your speed in replying - I'm just grateful for your help!

I'm including the results of the scan here:

Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
AVG avgrsx.exe
Windows Defender MSASCui.exe
``````````End of Log````````````



Thanks again!
"... and seemingly as winter had become spring, confusion had become insight..." - andrew mcmahon

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 16 September 2011 - 09:56 AM

No problem,I take the redirects have stopped now.

your Java is one back.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 pipibess

pipibess
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Saint Louis, Mo
  • Local time:04:48 PM

Posted 20 September 2011 - 05:44 PM

Everything seems to be back in working order now. Thank you so much for your help! Is there anything else we need to do?

Thank you again.
"... and seemingly as winter had become spring, confusion had become insight..." - andrew mcmahon

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:48 PM

Posted 20 September 2011 - 08:23 PM

You're welcome and glad to hear it's all good.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users