Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MSE Not Functionining


  • Please log in to reply
4 replies to this topic

#1 Caitz

Caitz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 29 July 2012 - 06:28 AM

Hi,

I think I have a serious infection that somehow got past Micrsoft Security Essentials, stopped the program, and prevents all attempts to fix it. I'm running Windows 7 64 bit on an HP Pavilion g series.

A few days ago, my computer randomly shut down while I was browsing the internet- opening a lot of tabs at once, but otherwise not doing anything that should cause any problems. It started up again and everything seemed to be working okay, but I soon noticed that MSE was not functioning. When I tried to restart it, I got a message saying "Couldn't start the Security Essentials service. The specified service does not exist as an installed service." with an error code of 0x80070424. I tried various suggestions from help websites that related to the code, including running MalwareBytes. Both quick and full scans found issues, but upon restart, this problem remained unchanged.

Finally I decided to go ahead and uninstall and reinstall MSE. Everything went fine until the initial scan started. Very early on, I got a message saying my computer would have to restart to remove infections. Then I got a message from Windows saying that Windows had encountered a critical problem and would restart in one minute. On every restart, MSE would start finding issues and trying to restart the moment the computer started up and eventually that Windows message would come up, shutting me down again.

Finally I used f8 and tried to run a system restore. I got an error message on all available restore points, but when I let the computer shut down and restart, it restored itself to a point before I tried to fix MSE. MSE was still non-functioning, but my computer started up and ran all programs with little issue. The same thing happened when I tried to run an automatic Microsoft fix-it for MSE/Windows Update. Halfway through running, I got the critical problem warning and ran the same system restore process to be able to use my computer. But now I'm using it without protection.

The actual problems caused by this infection(?) aren't actually all that severe. Random pop-ups to spammy websites and issues with Google search where I can search just fine, but clicking on results will usually take me to another spammy site. But, of course, I can't use MSE and doubt I can run Windows updates, either.

I'm certainly hoping I don't have to completely restore the machine, although my important files and pictures are backed up and I can back up the rest fairly easily. I'm especially frustrated because this is a new-ish machine (Between 6 months and a year old) and I've been very careful not to do anything that could potentially be considered unsafe. Any help would be very much appreciated, as is just reading through my long explanation!


*Moderator Edit: Moved topic from Windows 7 to the more appropriate forum. ~ Queen-Evie*

Edited by Queen-Evie, 29 July 2012 - 06:50 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 29 July 2012 - 06:52 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Caitz

Caitz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 29 July 2012 - 07:21 AM

Thanks for the prompt reply!

TDSSkiller:

07:57:48.0560 1924 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
07:57:48.0921 1924 ============================================================
07:57:48.0921 1924 Current date / time: 2012/07/29 07:57:48.0921
07:57:48.0921 1924 SystemInfo:
07:57:48.0921 1924
07:57:48.0921 1924 OS Version: 6.1.7601 ServicePack: 1.0
07:57:48.0921 1924 Product type: Workstation
07:57:48.0921 1924 ComputerName: CAITLIN-HP
07:57:48.0921 1924 UserName: Caitlin
07:57:48.0921 1924 Windows directory: C:\Windows
07:57:48.0921 1924 System windows directory: C:\Windows
07:57:48.0921 1924 Running under WOW64
07:57:48.0921 1924 Processor architecture: Intel x64
07:57:48.0921 1924 Number of processors: 2
07:57:48.0921 1924 Page size: 0x1000
07:57:48.0921 1924 Boot type: Normal boot
07:57:48.0921 1924 ============================================================
07:57:49.0681 1924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:57:49.0711 1924 ============================================================
07:57:49.0711 1924 \Device\Harddisk0\DR0:
07:57:49.0711 1924 MBR partitions:
07:57:49.0711 1924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
07:57:49.0711 1924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38589000
07:57:49.0711 1924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x385ED000, BlocksNum 0x1D65000
07:57:49.0711 1924 ============================================================
07:57:49.0751 1924 C: <-> \Device\Harddisk0\DR0\Partition1
07:57:49.0801 1924 D: <-> \Device\Harddisk0\DR0\Partition2
07:57:49.0801 1924 ============================================================
07:57:49.0801 1924 Initialize success
07:57:49.0801 1924 ============================================================
07:58:20.0413 6708 ============================================================
07:58:20.0413 6708 Scan started
07:58:20.0413 6708 Mode: Manual; TDLFS;
07:58:20.0413 6708 ============================================================
07:58:23.0689 6708 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
07:58:23.0705 6708 1394ohci - ok
07:58:23.0783 6708 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
07:58:23.0798 6708 ACPI - ok
07:58:23.0861 6708 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
07:58:23.0861 6708 AcpiPmi - ok
07:58:23.0986 6708 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:58:23.0986 6708 AdobeARMservice - ok
07:58:24.0173 6708 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:58:24.0173 6708 AdobeFlashPlayerUpdateSvc - ok
07:58:24.0251 6708 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
07:58:24.0266 6708 adp94xx - ok
07:58:24.0344 6708 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
07:58:24.0344 6708 adpahci - ok
07:58:24.0376 6708 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
07:58:24.0376 6708 adpu320 - ok
07:58:24.0485 6708 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
07:58:24.0485 6708 ADVService - ok
07:58:24.0516 6708 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
07:58:24.0532 6708 AeLookupSvc - ok
07:58:24.0672 6708 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
07:58:24.0688 6708 AFD - ok
07:58:24.0766 6708 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
07:58:24.0766 6708 agp440 - ok
07:58:24.0844 6708 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
07:58:24.0844 6708 ALG - ok
07:58:24.0890 6708 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
07:58:24.0890 6708 aliide - ok
07:58:24.0937 6708 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe
07:58:24.0937 6708 AMD External Events Utility - ok
07:58:25.0031 6708 AMD FUEL Service - ok
07:58:25.0093 6708 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
07:58:25.0109 6708 amdide - ok
07:58:25.0140 6708 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
07:58:25.0140 6708 amdiox64 - ok
07:58:25.0202 6708 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
07:58:25.0202 6708 AmdK8 - ok
07:58:25.0967 6708 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys
07:58:26.0170 6708 amdkmdag - ok
07:58:26.0341 6708 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys
07:58:26.0357 6708 amdkmdap - ok
07:58:26.0388 6708 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
07:58:26.0388 6708 AmdPPM - ok
07:58:26.0435 6708 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
07:58:26.0435 6708 amdsata - ok
07:58:26.0482 6708 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
07:58:26.0482 6708 amdsbs - ok
07:58:26.0528 6708 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
07:58:26.0528 6708 amdxata - ok
07:58:26.0560 6708 amd_sata (f9d46b6b322708bd5afcc8767ebdc901) C:\Windows\system32\DRIVERS\amd_sata.sys
07:58:26.0560 6708 amd_sata - ok
07:58:26.0575 6708 amd_xata (329cc9c7e20deebcd4cd10816193ef14) C:\Windows\system32\DRIVERS\amd_xata.sys
07:58:26.0591 6708 amd_xata - ok
07:58:26.0638 6708 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
07:58:26.0638 6708 AppID - ok
07:58:26.0653 6708 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
07:58:26.0653 6708 AppIDSvc - ok
07:58:26.0700 6708 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
07:58:26.0700 6708 Appinfo - ok
07:58:26.0809 6708 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:58:26.0809 6708 Apple Mobile Device - ok
07:58:26.0856 6708 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
07:58:26.0856 6708 arc - ok
07:58:26.0887 6708 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
07:58:26.0887 6708 arcsas - ok
07:58:26.0918 6708 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
07:58:26.0918 6708 AsyncMac - ok
07:58:26.0965 6708 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
07:58:26.0965 6708 atapi - ok
07:58:27.0043 6708 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
07:58:27.0043 6708 AtiHDAudioService - ok
07:58:27.0090 6708 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys
07:58:27.0090 6708 AtiHdmiService - ok
07:58:27.0137 6708 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
07:58:27.0137 6708 AtiPcie - ok
07:58:27.0230 6708 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:58:27.0246 6708 AudioEndpointBuilder - ok
07:58:27.0262 6708 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
07:58:27.0262 6708 AudioSrv - ok
07:58:27.0324 6708 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
07:58:27.0324 6708 AxInstSV - ok
07:58:27.0386 6708 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
07:58:27.0402 6708 b06bdrv - ok
07:58:27.0464 6708 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
07:58:27.0464 6708 b57nd60a - ok
07:58:27.0558 6708 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
07:58:27.0558 6708 BBSvc - ok
07:58:27.0698 6708 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
07:58:27.0714 6708 BCM43XX - ok
07:58:27.0745 6708 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
07:58:27.0745 6708 BDESVC - ok
07:58:27.0792 6708 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
07:58:27.0792 6708 Beep - ok
07:58:27.0839 6708 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
07:58:27.0839 6708 blbdrive - ok
07:58:27.0917 6708 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
07:58:27.0932 6708 Bonjour Service - ok
07:58:27.0964 6708 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
07:58:27.0964 6708 bowser - ok
07:58:28.0026 6708 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
07:58:28.0026 6708 BrFiltLo - ok
07:58:28.0057 6708 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
07:58:28.0057 6708 BrFiltUp - ok
07:58:28.0104 6708 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
07:58:28.0104 6708 Browser - ok
07:58:28.0182 6708 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
07:58:28.0198 6708 Brserid - ok
07:58:28.0229 6708 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
07:58:28.0244 6708 BrSerWdm - ok
07:58:28.0260 6708 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
07:58:28.0260 6708 BrUsbMdm - ok
07:58:28.0260 6708 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
07:58:28.0276 6708 BrUsbSer - ok
07:58:28.0322 6708 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
07:58:28.0322 6708 BTHMODEM - ok
07:58:28.0369 6708 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
07:58:28.0369 6708 bthserv - ok
07:58:28.0400 6708 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
07:58:28.0400 6708 cdfs - ok
07:58:28.0447 6708 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
07:58:28.0447 6708 cdrom - ok
07:58:28.0494 6708 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
07:58:28.0494 6708 CertPropSvc - ok
07:58:28.0541 6708 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
07:58:28.0541 6708 circlass - ok
07:58:28.0588 6708 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
07:58:28.0588 6708 CLFS - ok
07:58:28.0650 6708 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:58:28.0650 6708 clr_optimization_v2.0.50727_32 - ok
07:58:28.0697 6708 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:58:28.0697 6708 clr_optimization_v2.0.50727_64 - ok
07:58:28.0759 6708 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:58:28.0790 6708 clr_optimization_v4.0.30319_32 - ok
07:58:28.0822 6708 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:58:28.0837 6708 clr_optimization_v4.0.30319_64 - ok
07:58:28.0868 6708 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
07:58:28.0868 6708 clwvd - ok
07:58:28.0915 6708 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
07:58:28.0931 6708 CmBatt - ok
07:58:28.0946 6708 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
07:58:28.0946 6708 cmdide - ok
07:58:29.0009 6708 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
07:58:29.0024 6708 CNG - ok
07:58:29.0056 6708 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
07:58:29.0071 6708 Compbatt - ok
07:58:29.0102 6708 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
07:58:29.0102 6708 CompositeBus - ok
07:58:29.0118 6708 COMSysApp - ok
07:58:29.0134 6708 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
07:58:29.0134 6708 crcdisk - ok
07:58:29.0243 6708 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
07:58:29.0243 6708 CryptSvc - ok
07:58:29.0243 6708 Scan interrupted by user!
07:58:29.0243 6708 Scan interrupted by user!
07:58:29.0243 6708 Scan interrupted by user!
07:58:29.0243 6708 ============================================================
07:58:29.0243 6708 Scan finished
07:58:29.0243 6708 ============================================================
07:58:29.0274 3828 Detected object count: 0
07:58:29.0274 3828 Actual detected object count: 0

aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-29 08:01:27
-----------------------------
08:01:27.088 OS Version: Windows x64 6.1.7601 Service Pack 1
08:01:27.088 Number of processors: 2 586 0x603
08:01:27.089 ComputerName: CAITLIN-HP UserName: Caitlin
08:01:30.933 Initialize success
08:02:23.188 AVAST engine defs: 12072900
08:02:37.819 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
08:02:37.821 Disk 0 Vendor: Hitachi_ JE3O Size: 476940MB BusType: 11
08:02:37.823 Device \Driver\amd_sata -> MajorFunction fffffa80048695e8
08:02:37.827 Disk 0 MBR read successfully
08:02:37.829 Disk 0 MBR scan
08:02:37.833 Disk 0 Windows 7 default MBR code
08:02:37.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
08:02:37.861 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461586 MB offset 409600
08:02:37.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15050 MB offset 945737728
08:02:37.911 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
08:02:37.939 Disk 0 scanning C:\Windows\system32\drivers
08:02:55.515 Service scanning
08:03:23.586 Modules scanning
08:03:23.931 Disk 0 trace - called modules:
08:03:23.938 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys >>UNKNOWN [0xfffffa80048695e8]<<
08:03:23.942 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004306060]
08:03:23.948 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa8004281a50]
08:03:23.953 5 amd_xata.sys[fffff880010f3a1d] -> nt!IofCallDriver -> \Device\00000057[0xfffffa800427d320]
08:03:23.960 \Driver\amd_sata[0xfffffa80047f3690] -> IRP_MJ_CREATE -> 0xfffffa80048695e8
08:03:26.607 AVAST engine scan C:\Windows
08:03:29.407 AVAST engine scan C:\Windows\system32
08:05:09.497 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:05:11.925 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
08:06:39.430 AVAST engine scan C:\Windows\system32\drivers
08:06:53.296 AVAST engine scan C:\Users\Caitlin
08:12:43.885 Disk 0 MBR has been saved successfully to "C:\Users\Caitlin\Documents\MBR.dat"
08:12:43.899 The log file has been saved successfully to "C:\Users\Caitlin\Documents\aswMBR.txt"

I got an "Unexpected Error 2002" upon trying to run the ESET online scanner. Should I try again, and if so, should I leave the box to remove threats checked?

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:00 PM

Posted 29 July 2012 - 07:30 AM

We need advanced tools to remove this one

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#5 rhianlopez

rhianlopez

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 30 July 2012 - 05:04 AM

hi there




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users