Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system restore virus


  • Please log in to reply
16 replies to this topic

#1 magriff1

magriff1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 02 November 2011 - 06:40 PM

A system restore virus has taken over my computer and I cant seem to remove it. I downloaded rkill and TDSSkiller but the rkill log did not show any processes terminated and then i tried running tdsskiller (i renamed it several times) and it want run. I even tried downloading both from another computer onto a thumb drive but when connecting it says the drive hasnt been formatted which will then delete everything on it. I was in safe mode when doing this.

Thanks for any help

Edited by hamluis, 02 November 2011 - 06:56 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 02 November 2011 - 09:42 PM

Rerun RKILL.. then this ,followed by Malwarebytes

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 03 November 2011 - 07:21 PM

Thanks for the help.

I got the following message:

Backdoor.Tidserv has not been found on your computer

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 03 November 2011 - 08:20 PM

Ok. Will TDSSKiller run now?
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (2.6.11.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these[/color] instructions. [color=green]In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 04 November 2011 - 07:31 PM

Ok here is the log. It did give me the following warning before giving me the option to restart.
"Can't cure MBR. write standard boot code? If you have installed custom bootloader (eg Acronis, Grub, Lilo), you will need to reinstall them after the treatment."
there was a yes/no box below this warning and i chose yes. Not sure if this matters or not so I thought I would post it.

Thanks,



20:02:53.0156 2088 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
20:02:53.0718 2088 ============================================================
20:02:53.0718 2088 Current date / time: 2011/11/04 20:02:53.0718
20:02:53.0718 2088 SystemInfo:
20:02:53.0718 2088
20:02:53.0718 2088 OS Version: 5.1.2600 ServicePack: 3.0
20:02:53.0718 2088 Product type: Workstation
20:02:53.0718 2088 ComputerName: MIKEYG
20:02:53.0718 2088 UserName: Michael Griffin
20:02:53.0718 2088 Windows directory: C:\WINDOWS
20:02:53.0718 2088 System windows directory: C:\WINDOWS
20:02:53.0718 2088 Processor architecture: Intel x86
20:02:53.0718 2088 Number of processors: 1
20:02:53.0718 2088 Page size: 0x1000
20:02:53.0718 2088 Boot type: Normal boot
20:02:53.0718 2088 ============================================================
20:02:55.0625 2088 Initialize success
20:03:04.0109 0336 ============================================================
20:03:04.0125 0336 Scan started
20:03:04.0125 0336 Mode: Manual;
20:03:04.0125 0336 ============================================================
20:03:06.0031 0336 Abiosdsk - ok
20:03:06.0078 0336 abp480n5 - ok
20:03:06.0187 0336 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:03:06.0218 0336 ACPI - ok
20:03:06.0265 0336 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:03:06.0281 0336 ACPIEC - ok
20:03:06.0328 0336 adpu160m - ok
20:03:06.0437 0336 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:03:06.0468 0336 aec - ok
20:03:06.0546 0336 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:03:06.0578 0336 AFD - ok
20:03:06.0609 0336 Aha154x - ok
20:03:06.0640 0336 aic78u2 - ok
20:03:06.0656 0336 aic78xx - ok
20:03:06.0718 0336 AliIde - ok
20:03:06.0750 0336 amsint - ok
20:03:06.0828 0336 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:03:06.0828 0336 Arp1394 - ok
20:03:06.0859 0336 asc - ok
20:03:06.0890 0336 asc3350p - ok
20:03:06.0921 0336 asc3550 - ok
20:03:07.0140 0336 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:03:07.0156 0336 AsyncMac - ok
20:03:07.0296 0336 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:03:07.0296 0336 atapi - ok
20:03:07.0359 0336 Atdisk - ok
20:03:07.0421 0336 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:03:07.0437 0336 Atmarpc - ok
20:03:07.0546 0336 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:03:07.0562 0336 audstub - ok
20:03:07.0671 0336 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:03:07.0671 0336 Beep - ok
20:03:07.0828 0336 btaudio (08f3b44e7d1ff7015647ed6cfba7b219) C:\WINDOWS\system32\drivers\btaudio.sys
20:03:07.0875 0336 btaudio - ok
20:03:07.0968 0336 BTDriver (43bc77f8603df3a1875c3f56a9fc1fc2) C:\WINDOWS\system32\DRIVERS\btport.sys
20:03:07.0984 0336 BTDriver - ok
20:03:08.0250 0336 BTKRNL (ec083290c783afe5ff903cbd411c1ab1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
20:03:08.0328 0336 BTKRNL - ok
20:03:08.0437 0336 BTWDNDIS (ccf38f9f368f3686b4bbc7ef072e51d3) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
20:03:08.0453 0336 BTWDNDIS - ok
20:03:08.0531 0336 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
20:03:08.0562 0336 BTWUSB - ok
20:03:08.0640 0336 CAMCAUD (23913c28ac89875bbfa03bccdc3a41e5) C:\WINDOWS\system32\drivers\camc6aud.sys
20:03:08.0640 0336 CAMCAUD - ok
20:03:08.0718 0336 CAMCHALA (e6edb12a44dafcef05dbddf3ed652388) C:\WINDOWS\system32\drivers\camc6hal.sys
20:03:08.0750 0336 CAMCHALA - ok
20:03:08.0843 0336 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:03:08.0859 0336 cbidf2k - ok
20:03:08.0984 0336 cd20xrnt - ok
20:03:09.0078 0336 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:03:09.0078 0336 Cdaudio - ok
20:03:09.0250 0336 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:03:09.0250 0336 Cdfs - ok
20:03:09.0343 0336 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:03:09.0359 0336 Cdrom - ok
20:03:09.0406 0336 Changer - ok
20:03:09.0515 0336 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:03:09.0515 0336 CmBatt - ok
20:03:09.0562 0336 CmdIde - ok
20:03:09.0625 0336 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:03:09.0625 0336 Compbatt - ok
20:03:09.0750 0336 Cpqarray - ok
20:03:09.0812 0336 dac2w2k - ok
20:03:09.0859 0336 dac960nt - ok
20:03:09.0968 0336 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:03:09.0968 0336 Disk - ok
20:03:10.0062 0336 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:03:10.0484 0336 dmboot - ok
20:03:10.0796 0336 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:03:10.0812 0336 dmio - ok
20:03:11.0171 0336 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:03:11.0218 0336 dmload - ok
20:03:11.0484 0336 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:03:11.0484 0336 DMusic - ok
20:03:11.0546 0336 dpti2o - ok
20:03:11.0578 0336 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:03:11.0578 0336 drmkaud - ok
20:03:11.0640 0336 eabfiltr (81b7808d3b5892388f33273119c2dc31) C:\WINDOWS\system32\drivers\EABFiltr.sys
20:03:11.0640 0336 eabfiltr - ok
20:03:11.0718 0336 eabusb (1ba14da377b66278335d4b9e8824cd42) C:\WINDOWS\system32\drivers\eabusb.sys
20:03:11.0734 0336 eabusb - ok
20:03:11.0906 0336 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:03:11.0937 0336 eeCtrl - ok
20:03:12.0015 0336 EraserUtilDrv11113 (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys
20:03:12.0031 0336 EraserUtilDrv11113 - ok
20:03:12.0265 0336 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:03:12.0296 0336 Fastfat - ok
20:03:12.0390 0336 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:03:12.0390 0336 Fdc - ok
20:03:12.0468 0336 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:03:12.0468 0336 Fips - ok
20:03:12.0531 0336 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:03:12.0531 0336 Flpydisk - ok
20:03:12.0609 0336 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:03:12.0625 0336 FltMgr - ok
20:03:12.0718 0336 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:03:12.0734 0336 Fs_Rec - ok
20:03:12.0796 0336 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:03:12.0812 0336 Ftdisk - ok
20:03:12.0890 0336 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
20:03:12.0906 0336 GEARAspiWDM - ok
20:03:13.0000 0336 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:03:13.0000 0336 Gpc - ok
20:03:13.0234 0336 hpn - ok
20:03:13.0359 0336 HSFHWICH (a4877a17e87d6e6ab959b36b9ef3de8a) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
20:03:13.0375 0336 HSFHWICH - ok
20:03:13.0484 0336 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
20:03:13.0546 0336 HSF_DP - ok
20:03:13.0640 0336 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:03:13.0671 0336 HTTP - ok
20:03:13.0750 0336 i2omgmt - ok
20:03:13.0812 0336 i2omp - ok
20:03:13.0875 0336 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:03:13.0890 0336 i8042prt - ok
20:03:13.0984 0336 ialm (737da0be27652c4482ac5cde099bfce9) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:03:14.0046 0336 ialm - ok
20:03:14.0109 0336 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:03:14.0109 0336 Imapi - ok
20:03:14.0187 0336 ini910u - ok
20:03:14.0359 0336 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
20:03:14.0359 0336 IntelIde - ok
20:03:14.0421 0336 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:03:14.0421 0336 intelppm - ok
20:03:14.0468 0336 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:03:14.0484 0336 Ip6Fw - ok
20:03:14.0562 0336 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:03:14.0578 0336 IpFilterDriver - ok
20:03:14.0609 0336 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:03:14.0625 0336 IpInIp - ok
20:03:14.0687 0336 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:03:14.0687 0336 IpNat - ok
20:03:14.0796 0336 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:03:14.0796 0336 IPSec - ok
20:03:14.0843 0336 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:03:14.0843 0336 IRENUM - ok
20:03:14.0906 0336 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:03:14.0921 0336 isapnp - ok
20:03:14.0968 0336 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:03:14.0968 0336 Kbdclass - ok
20:03:15.0046 0336 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:03:15.0046 0336 kmixer - ok
20:03:15.0140 0336 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:03:15.0140 0336 KSecDD - ok
20:03:15.0343 0336 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
20:03:15.0359 0336 Lavasoft Kernexplorer - ok
20:03:15.0562 0336 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
20:03:15.0562 0336 Lbd - ok
20:03:15.0625 0336 lbrtfdc - ok
20:03:15.0750 0336 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:03:15.0750 0336 mdmxsdk - ok
20:03:15.0890 0336 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:03:15.0890 0336 mnmdd - ok
20:03:15.0984 0336 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:03:15.0984 0336 Modem - ok
20:03:16.0046 0336 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:03:16.0062 0336 Mouclass - ok
20:03:16.0109 0336 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:03:16.0125 0336 MountMgr - ok
20:03:16.0187 0336 mraid35x - ok
20:03:16.0250 0336 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:03:16.0265 0336 MRxDAV - ok
20:03:16.0406 0336 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:03:16.0437 0336 MRxSmb - ok
20:03:16.0546 0336 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:03:16.0562 0336 Msfs - ok
20:03:16.0656 0336 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:03:16.0687 0336 MSKSSRV - ok
20:03:16.0734 0336 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:03:16.0750 0336 MSPCLOCK - ok
20:03:16.0796 0336 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:03:16.0812 0336 MSPQM - ok
20:03:16.0859 0336 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:03:16.0859 0336 mssmbios - ok
20:03:16.0937 0336 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:03:16.0937 0336 Mup - ok
20:03:17.0125 0336 NAVENG (862f55824ac81295837b0ab63f91071f) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111006.003\naveng.sys
20:03:17.0140 0336 NAVENG - ok
20:03:17.0296 0336 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20111006.003\navex15.sys
20:03:17.0328 0336 NAVEX15 - ok
20:03:17.0484 0336 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:03:17.0500 0336 NDIS - ok
20:03:17.0625 0336 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:03:17.0625 0336 NdisTapi - ok
20:03:17.0687 0336 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:03:17.0687 0336 Ndisuio - ok
20:03:17.0750 0336 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:03:17.0765 0336 NdisWan - ok
20:03:17.0859 0336 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:03:17.0859 0336 NDProxy - ok
20:03:17.0953 0336 NEOFLTR_650_15991 (232c077b6d708dcf7ea52e3629102e07) C:\WINDOWS\system32\Drivers\NEOFLTR_650_15991.SYS
20:03:17.0953 0336 NEOFLTR_650_15991 - ok
20:03:18.0031 0336 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:03:18.0031 0336 NetBIOS - ok
20:03:18.0187 0336 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:03:18.0187 0336 NetBT - ok
20:03:18.0421 0336 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:03:18.0421 0336 NIC1394 - ok
20:03:18.0546 0336 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:03:18.0546 0336 Npfs - ok
20:03:18.0703 0336 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:03:18.0734 0336 Ntfs - ok
20:03:18.0843 0336 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:03:18.0843 0336 Null - ok
20:03:18.0921 0336 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:03:18.0937 0336 NwlnkFlt - ok
20:03:19.0031 0336 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:03:19.0062 0336 NwlnkFwd - ok
20:03:19.0156 0336 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:03:19.0156 0336 ohci1394 - ok
20:03:19.0406 0336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:03:19.0406 0336 Parport - ok
20:03:19.0468 0336 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:03:19.0484 0336 PartMgr - ok
20:03:19.0593 0336 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:03:19.0609 0336 ParVdm - ok
20:03:19.0703 0336 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:03:19.0703 0336 PCI - ok
20:03:19.0765 0336 PCIDump - ok
20:03:19.0859 0336 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
20:03:19.0859 0336 PCIIde - ok
20:03:19.0953 0336 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:03:19.0953 0336 Pcmcia - ok
20:03:20.0031 0336 PCTBD (3a0262b85b5bb4d4cfc096ea00ed610b) C:\WINDOWS\system32\Drivers\PCTBD.sys
20:03:20.0031 0336 PCTBD - ok
20:03:20.0203 0336 PCTCore (3a1efee38dcc8db0b0ee8bb98edd950d) C:\WINDOWS\system32\drivers\PCTCore.sys
20:03:20.0218 0336 PCTCore - ok
20:03:20.0328 0336 pctDS (af08ec0f2093867ab955e24121ee7002) C:\WINDOWS\system32\drivers\pctDS.sys
20:03:20.0343 0336 pctDS - ok
20:03:20.0453 0336 pctEFA (4b1b0cd45a047c0941f6b6151f6fb3c1) C:\WINDOWS\system32\drivers\pctEFA.sys
20:03:20.0484 0336 pctEFA - ok
20:03:20.0593 0336 PCTSD (6f8c66b756eccff3e75d362a8c66b21e) C:\WINDOWS\system32\Drivers\PCTSD.sys
20:03:20.0609 0336 PCTSD - ok
20:03:20.0640 0336 PDCOMP - ok
20:03:20.0687 0336 PDFRAME - ok
20:03:20.0734 0336 PDRELI - ok
20:03:20.0765 0336 PDRFRAME - ok
20:03:20.0812 0336 perc2 - ok
20:03:20.0843 0336 perc2hib - ok
20:03:21.0015 0336 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:03:21.0015 0336 PptpMiniport - ok
20:03:21.0046 0336 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:03:21.0062 0336 PSched - ok
20:03:21.0156 0336 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:03:21.0156 0336 Ptilink - ok
20:03:21.0218 0336 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:03:21.0218 0336 PxHelp20 - ok
20:03:21.0250 0336 ql1080 - ok
20:03:21.0281 0336 Ql10wnt - ok
20:03:21.0312 0336 ql12160 - ok
20:03:21.0343 0336 ql1240 - ok
20:03:21.0390 0336 ql1280 - ok
20:03:21.0421 0336 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:03:21.0421 0336 RasAcd - ok
20:03:21.0484 0336 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:03:21.0484 0336 Rasl2tp - ok
20:03:21.0640 0336 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:03:21.0656 0336 RasPppoe - ok
20:03:21.0890 0336 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:03:21.0937 0336 Raspti - ok
20:03:22.0140 0336 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:03:22.0171 0336 Rdbss - ok
20:03:22.0250 0336 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:03:22.0250 0336 RDPCDD - ok
20:03:22.0359 0336 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:03:22.0375 0336 rdpdr - ok
20:03:22.0484 0336 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:03:22.0484 0336 RDPWD - ok
20:03:22.0546 0336 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:03:22.0562 0336 redbook - ok
20:03:22.0734 0336 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
20:03:22.0734 0336 RTL8023xp - ok
20:03:22.0812 0336 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:03:22.0812 0336 rtl8139 - ok
20:03:22.0937 0336 SAVRT (a00d5aa4748a1002590f08aa00fc660d) C:\Program Files\Symantec AntiVirus\savrt.sys
20:03:22.0968 0336 SAVRT - ok
20:03:23.0046 0336 SAVRTPEL (1e805005583be1c1568a3fce259c81e3) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
20:03:23.0046 0336 SAVRTPEL - ok
20:03:23.0203 0336 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
20:03:23.0203 0336 sdbus - ok
20:03:23.0281 0336 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:03:23.0296 0336 Secdrv - ok
20:03:23.0625 0336 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:03:23.0625 0336 Serial - ok
20:03:23.0750 0336 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:03:23.0765 0336 Sfloppy - ok
20:03:23.0828 0336 Simbad - ok
20:03:23.0890 0336 Sparrow - ok
20:03:24.0015 0336 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
20:03:24.0046 0336 SPBBCDrv - ok
20:03:24.0125 0336 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:03:24.0125 0336 splitter - ok
20:03:24.0218 0336 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:03:24.0234 0336 sr - ok
20:03:24.0328 0336 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:03:24.0359 0336 Srv - ok
20:03:24.0421 0336 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:03:24.0421 0336 swenum - ok
20:03:24.0500 0336 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:03:24.0500 0336 swmidi - ok
20:03:24.0625 0336 symc810 - ok
20:03:24.0671 0336 symc8xx - ok
20:03:24.0718 0336 SymEvent (b3f8b9eab2ebe205c0fe053fba951d8c) C:\Program Files\Symantec\SYMEVENT.SYS
20:03:24.0718 0336 SymEvent - ok
20:03:24.0765 0336 SYMREDRV (7c73b65f1bdfab9052a5076c0ca622de) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
20:03:24.0781 0336 SYMREDRV - ok
20:03:24.0859 0336 SYMTDI (b4562798891dca27ed67ca07acbadbd9) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
20:03:24.0875 0336 SYMTDI - ok
20:03:24.0890 0336 sym_hi - ok
20:03:24.0921 0336 sym_u3 - ok
20:03:25.0015 0336 SynTP (23fe1f173996b8bad4b9ed74003676d8) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:03:25.0031 0336 SynTP - ok
20:03:25.0093 0336 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:03:25.0093 0336 sysaudio - ok
20:03:25.0218 0336 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:03:25.0234 0336 Tcpip - ok
20:03:25.0312 0336 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:03:25.0328 0336 TDPIPE - ok
20:03:25.0406 0336 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:03:25.0437 0336 TDTCP - ok
20:03:25.0500 0336 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:03:25.0515 0336 TermDD - ok
20:03:25.0656 0336 tifm21 (8778a553003a3d37a550a1f9cff6be28) C:\WINDOWS\system32\drivers\tifm21.sys
20:03:25.0671 0336 tifm21 - ok
20:03:25.0750 0336 TosIde - ok
20:03:25.0906 0336 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:03:25.0921 0336 Udfs - ok
20:03:25.0984 0336 ultra - ok
20:03:26.0109 0336 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:03:26.0140 0336 Update - ok
20:03:26.0406 0336 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
20:03:26.0421 0336 USBAAPL - ok
20:03:26.0593 0336 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:03:26.0609 0336 usbccgp - ok
20:03:26.0687 0336 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:03:26.0687 0336 usbehci - ok
20:03:26.0812 0336 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:03:26.0812 0336 usbhub - ok
20:03:26.0906 0336 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:03:26.0921 0336 usbprint - ok
20:03:27.0031 0336 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:03:27.0046 0336 usbscan - ok
20:03:27.0140 0336 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:03:27.0156 0336 USBSTOR - ok
20:03:27.0187 0336 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:03:27.0187 0336 usbuhci - ok
20:03:27.0234 0336 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:03:27.0234 0336 VgaSave - ok
20:03:27.0265 0336 ViaIde - ok
20:03:27.0296 0336 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:03:27.0296 0336 VolSnap - ok
20:03:27.0531 0336 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
20:03:27.0687 0336 w29n51 - ok
20:03:27.0828 0336 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:03:27.0843 0336 Wanarp - ok
20:03:27.0875 0336 WDICA - ok
20:03:28.0000 0336 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:03:28.0000 0336 wdmaud - ok
20:03:28.0156 0336 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:03:28.0203 0336 winachsf - ok
20:03:28.0390 0336 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
20:03:28.0406 0336 WmiAcpi - ok
20:03:28.0578 0336 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:03:28.0578 0336 WS2IFSL - ok
20:03:28.0718 0336 MBR (0x1B8) (aad7fbc2af1b07fe684e9f08cc4f560e) \Device\Harddisk0\DR0
20:03:28.0718 0336 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
20:03:28.0718 0336 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
20:03:28.0750 0336 Boot (0x1200) (ef444ba38f1b903210a1e8efc80fc164) \Device\Harddisk0\DR0\Partition0
20:03:28.0750 0336 \Device\Harddisk0\DR0\Partition0 - ok
20:03:28.0750 0336 ============================================================
20:03:28.0750 0336 Scan finished
20:03:28.0750 0336 ============================================================
20:03:28.0828 3724 Detected object count: 1
20:03:28.0828 3724 Actual detected object count: 1
20:04:09.0015 3724 \Device\Harddisk0\DR0 - processing error
20:08:02.0578 3724 \Device\Harddisk0\DR0 - will be restored on reboot
20:08:02.0578 3724 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure Restore
20:08:08.0203 3560 Deinitialize success

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 04 November 2011 - 08:42 PM

Hello, To check for and confirm the MBR (Master Boot Record) rootkit.


Please download mbr.exe and save it to the root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe >>"C:\mbr.log"
  • press Enter.
  • The process is automatic...a black DOS window will open and quickly disappear. This is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.
If you have a problem using the command prompt, you can just double-click on mbr.exe to run the tool.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 05 November 2011 - 08:23 PM

the mbr.log file is blank.
after typing c:\mbr.exe in the command prompt i never saw a dos screen pop up and if i tried to click anywhere else the computer would freeze and I would have to restart. The mbr.log file is there in the c:\ but its blank.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 05 November 2011 - 09:32 PM

How is running anyway as TDSS said ut removed it after Reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 06 November 2011 - 07:13 AM

seems to be running ok except i still cant see any of my files and there is a fake screen upon startup that says "welcome"

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 06 November 2011 - 12:35 PM

Ok, fix the screen,,,,
Go to Start > Control Panel > Display. Click on the "Desktop" tab, then the "Customize Desktop..." button.
Click on the "Web" tab, then under Web Pages, uncheck and delete everything you find (except "My Current Home page").
Also, make sure the Lock desktop items box is unchecked. Click "Ok", then "Apply" and "Ok".


For the files
To make your files visible again, please download the following program to your desktop:

Unhide.exe

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.



I suspect there is more so ....

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 06 November 2011 - 06:49 PM

C:\Documents and Settings\Michael Griffin\Application Data\Mozilla\Firefox\Profiles\jt187puj.default\extensions\{5f35feb5-4bd2-4a23-b122-7c347aa709db}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan cleaned by deleting - quarantined
C:\Documents and Settings\Michael Griffin\Application Data\Mozilla\Firefox\Profiles\jt187puj.default\extensions\{5f35feb5-4bd2-4a23-b122-7c347aa709db}\chrome\xulcache.jar JS/Agent.NDO trojan cleaned by deleting (after the next restart) - quarantined
C:\Documents and Settings\Michael Griffin\Application Data\Sun\Java\Deployment\cache\6.0\10\20859a4a-557d2e7f a variant of Java/Agent.DW trojan deleted - quarantined

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 06 November 2011 - 07:13 PM

How is it running now?

When a browser runs an applet, the Java Runtime Environment (JRE) stores the downloaded files into its cache folder (C:\Documents and Settings\username\Application Data\Sun\Java\Deployment\cache) for quick execution later and better performance. Malicious applets are also stored in the Java cache directory and your anti-virus may detect them and provide alerts. For more specific information about Java exploits, please refer to Virus found in the Java cache directory.

Notification of these files as a threat does not always mean that a machine has been infected; it indicates that a program included the viral class file but this does not mean that it used the malicious functionality. As a precaution, I recommend clearing the entire cache to ensure everything is cleaned out:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


I'll be back around 9 pm, eastern
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 06 November 2011 - 09:13 PM

MiniToolBox by Farbar
Ran by Michael Griffin (administrator) on 06-11-2011 at 21:09:31
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : mikeyg

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : carolina.rr.com



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-C0-9F-BE-C5-96



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . : carolina.rr.com

Description . . . . . . . . . . . : Intel® PRO/Wireless 2200BG Network Connection

Physical Address. . . . . . . . . : 00-12-F0-D9-8F-5A

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.103

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Sunday, November 06, 2011 6:01:54 PM

Lease Expires . . . . . . . . . . : Monday, November 07, 2011 6:01:54 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.47.104, 74.125.47.105, 74.125.47.106, 74.125.47.147
74.125.47.99, 74.125.47.103



Pinging google.com [74.125.47.105] with 32 bytes of data:



Reply from 74.125.47.105: bytes=32 time=22ms TTL=53

Reply from 74.125.47.105: bytes=32 time=42ms TTL=53



Ping statistics for 74.125.47.105:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 22ms, Maximum = 42ms, Average = 32ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 98.137.149.56, 98.139.180.149, 209.191.122.70, 67.195.160.76
72.30.2.43



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=57ms TTL=53

Reply from 209.191.122.70: bytes=32 time=52ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 52ms, Maximum = 57ms, Average = 54ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 9f be c5 96 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 12 f0 d9 8f 5a ...... Intel® PRO/Wireless 2200BG Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.103 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.103 192.168.1.103 20
192.168.1.0 255.255.255.0 192.168.1.103 192.168.1.103 25
192.168.1.103 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.103 192.168.1.103 25
224.0.0.0 240.0.0.0 192.168.1.103 192.168.1.103 25
255.255.255.255 255.255.255.255 192.168.1.103 2 1
255.255.255.255 255.255.255.255 192.168.1.103 192.168.1.103 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/06/2011 06:01:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43812

Error: (11/06/2011 06:01:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43812

Error: (11/06/2011 06:01:47 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:01:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6093

Error: (11/06/2011 06:01:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6093

Error: (11/06/2011 06:01:09 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:01:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2609

Error: (11/06/2011 06:01:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2609

Error: (11/06/2011 06:01:06 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2011 07:51:10 PM) (Source: LiveUpdate) (User: Michael Griffin)Michael Griffin
Description:


System errors:
=============
Error: (11/05/2011 08:16:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/05/2011 07:55:53 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/05/2011 07:48:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/05/2011 07:34:04 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/04/2011 07:22:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Lbd

Error: (11/04/2011 07:07:14 PM) (Source: Windows Update Agent) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (11/03/2011 09:16:27 PM) (Source: DCOM) (User: Michael Griffin)
Description: The server {0002DF01-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.

Error: (11/03/2011 07:07:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (11/03/2011 07:05:04 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/02/2011 06:23:36 PM) (Source: DCOM) (User: Administrator)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}


Microsoft Office Sessions:
=========================
Error: (11/06/2011 06:01:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43812

Error: (11/06/2011 06:01:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 43812

Error: (11/06/2011 06:01:47 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:01:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6093

Error: (11/06/2011 06:01:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6093

Error: (11/06/2011 06:01:09 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/06/2011 06:01:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2609

Error: (11/06/2011 06:01:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2609

Error: (11/06/2011 06:01:06 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/05/2011 07:51:10 PM) (Source: LiveUpdate)(User: Michael Griffin)Michael Griffin
Description:


=========================== Installed Programs ============================

Adobe AIR (Version: 2.0.2.12610)
Adobe Bridge 1.0 (Version: 001.000.000)
Adobe Common File Installer (Version: 1.00.0000)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Help Center 1.0 (Version: 001.000.000)
Adobe Photoshop CS2 (Version: 9.0)
Adobe Reader 9.4.6 (Version: 9.4.6)
Adobe Shockwave Player 11.5 (Version: 11.5.8.612)
Adobe Stock Photos 1.0 (Version: 001.000.000)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.96)
Apple Software Update (Version: 2.1.3.127)
ArcSoft MediaImpression Codec (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 2.1
Canon MX330 series MP Drivers
Canon MX330 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 3.00)
Conexant AC-Link Audio
CP_AtenaShokunin1Config (Version: 45.4.131.000)
cp_dwSharkTaleAlbums1 (Version: 45.4.157.000)
cp_dwSharkTaleCards1 (Version: 45.4.157.000)
cp_dwShrek2Albums1 (Version: 45.4.157.000)
cp_dwShrek2Cards1 (Version: 45.4.157.000)
CP_PLSBusinessFlyers (Version: 45.4.157.000)
CreativeProjects (Version: 45.4.157.000)
CreativeProjectsTemplates (Version: 45.4.157.000)
CueTour (Version: 45.4.157.000)
Destinations (Version: 45.4.157.000)
Director (Version: 45.4.157.000)
Doxillion Document Converter
DVD Shrink 3.2
ESET Online Scanner v3
Google SketchUp Viewer (Version: 9.9.999)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.79)
HP Help and Support (Version: 3.200.16.1)
HP Image Zone 4.8.5 (Version: 4.8.5)
HP Image Zone Plus 4.8.5 (Version: 4.8.5)
HP Integrated Module with Bluetooth wireless technology (Version: 4.0.1.2601)
HP Update (Version: 5.003.001.001)
HP User Guides 0001 (Version: 1.00.0003)
HP Wireless Assistant (Version: 1.0.0.31)
HPIZplus450 (Version: 48.2.5.0)
InstantShare (Version: 45.4.157.000)
InstantShareAlert (Version: 1.00.0000)
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD (Version: 5.0-B11.637)
iTunes (Version: 10.5.0.142)
Java Auto Updater (Version: 2.0.2.4)
Java™ 6 Update 23 (Version: 6.0.230)
Juniper Networks Secure Application Manager (Version: 6.5.0.15991)
KODAK Share Button App (Version: 3.01.0000.0000)
LiveUpdate 2.6 (Symantec Corporation) (Version: 2.6.18.0)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft IntelliPoint 4.1 (Version: 4.10.0851)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (Version: 9.0.21022.218)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox (3.6.13) (Version: 3.6.13 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 4.0 - SE (Version: 4.00.050)
PanoStandAlone (Version: 45.4.157.000)
PhotoGallery (Version: 45.4.157.000)
QFolder (Version: 1.00.0000)
Quick Launch Buttons 5.10 B2 (Version: 5.10 B2)
QuickTime (Version: 7.70.80.34)
REALTEK Gigabit and Fast Ethernet NIC Driver (Version: 1.60)
SkinsHP1 (Version: 45.4.157.000)
Soft Data Fax Modem with SmartCP
Sonic Audio Module (Version: 2.0.0)
Sonic Copy Module (Version: 2.0.0)
Sonic Data Module (Version: 2.0.0)
Sonic Express Labeler (Version: 2.0.0)
Sonic MyDVD Plus (Version: 6.1.0)
Sonic Update Manager (Version: 3.0.0)
Symantec AntiVirus (Version: 10.0.359.0)
Synaptics Pointing Device Driver (Version: 7.12.7.0)
Texas Instruments PCIxx21/x515 drivers. (Version: 1.08.0000)
TIxx21 (Version: 1.08.0000)
TrayApp (Version: 45.4.157.000)
Unload (Version: 4.5.0)
VideoPad Video Editor
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 45.4.157.000)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
Zone Deluxe Games (Version: 7.1.7412.1)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 2038.42 MB
Available physical RAM: 1374.62 MB
Total Pagefile: 3408.87 MB
Available Pagefile: 3039.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.57 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:55.68 GB) (Free:13.5 GB) NTFS

========================= Users: ========================================

User accounts for \\MIKEYG

Administrator ASPNET Guest
HelpAssistant Michael Griffin SUPPORT_388945a0

========================= Minidump Files ==================================

No minidump file found

**** End of log ****

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:02 PM

Posted 07 November 2011 - 02:21 PM

Are you still having issues here?

You need to update Java to 7 and Adobe Reader to X or 10

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


Similarly Update to Adobe Reader X (10.1.0)
Note UN check the box so you do not install the toolbar,unless you really want it..

Free! Google Toolbar search Google from any web page, block pop-ups

Yes, install Google Toolbar - optional

Edited by boopme, 07 November 2011 - 02:21 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 magriff1

magriff1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:02 AM

Posted 07 November 2011 - 04:47 PM

everything seems to running great right now. I will make sure to do the updates when i get back home so to prevent this from happening again. I appreciate all the help as at first I thought I had lost everything. Seems crazy that you can click on a website link from google and not say yes to any downloads and a frenzy of choas starts happening. Let me know if theres anything else I should do.

Thanks again, Mike




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users