I need helping removing this in xp

June 22, 2011 at 15:43:48
Specs: N/A
My computer is redirecting me like crazy I am using windows xp service pack 3. I am running Avg and Malaware megabytes for spyware. I ran a Microsoft Malicious Removal Tool and keep comingup with this Trojan:DOS/Alureon.A. Confusing as my virus and spyware are not picking it up. I do not have the original windows xp install as I have had this computer a long time. I also am not able to update to windows seven can anyone help?


See More: I need helping removing this in xp

Report •


#1
June 22, 2011 at 16:21:41
val82,

Welcome to the forum!

Try the following:

Please download TDSSKiller
http://support.kaspersky.com/downlo...
Save it to the Desktop.

Double-click* on TDSSKiller.exe to run the program.

Click the 'Start Scan' button.

Do not use the computer during the scan

If the scan completes with nothing found, click Close to exit.

When the scan finishes it displays a Scan results screen stating whether or not an infection was found on your computer.

To remove the infection, click on the Continue button.
If it does not say Cure on the results screen, leave it at the default action of Skip, and press the Continue button.

Do not change to Delete or Quarantine as it may delete infected files that are required for Windows to operate properly.

Reboot to finish the cleaning process.

If no reboot is requested, click on: Report.

A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) is created and saved to the root directory (usually Local Disk C:).

>>Please provide the contents of TDSSKiller in your reply.<<


Now, re-start your computer.
Tap the F8 key before Windows starts, to bring up the Windows Advanced Options menu

Use the arrow keys to select Safe Mode with Networking

Press: Enter

In Safe Mode with Networking, download iExplore.exe, which is a renamed copy of RKill:
http://www.bleepingcomputer.com/dow...

[If the file does not download, paste the following, >without the brackets<, in the address bar of your browser:
[http://www.bleepingcomputer.com/download/anti-virus/rkill]

Save the file to the Desktop, and double-click on it.
Ignore any messages, and allow the file to run until the command window closes.


Without a reboot, download Malwarebytes’ Anti-Malware (black button with green and white icon) Save to the Desktop:
http://download.cnet.com/Malwarebyt...

Double-click mbam-setup.exe and follow the prompts to install the program.

Run Malwarfebytes’ AntiMalware and update the program.
Once updated, select Perform Full Scan and click the scan button.

When the scan finishes, click OK in the message box, and you will see the results of the scan.

Click the Remove Selected button to get rid of the malware.

When Malwarebytes finishes, you may be prompted to reboot. If so, reboot.


>>Please post the >Malwarebytes log< in your reply.<< so we can see where we are at, and plan any additional removal strategy.<<

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#2
June 22, 2011 at 17:02:54
My computer will not allow me to download. I clicked on the link to download and my computer blocks it. I have tried allowing it but it just brings it to a blank page.Help!!!

Report •

#3
June 22, 2011 at 18:26:08
val82,

If you cannot download the file, the malware may be blocking the attempt.

Do you have access to another computer that is not infected, and to a clean flash drive?

If so, in a computer that is not infected, download TDSSKiller from the following:

http://support.kaspersky.com/downlo...

Save TDSSKiller to the flash drive, and hold on to it.

Now, plug in the flash drive in the infected computer.

Open the drive letter associated with the flash drive.

Double-click on TDSSKiller.exe to run the program...

If it still does not work, we will try something else.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

Related Solutions

#4
June 22, 2011 at 18:48:43
Ok...Through lots of tries I have finished all the steps. Now How can I make sure this Trojan is gone?The safe mood found no malaware.I did cure the Trojan:DOS/Alureon. their was another that showed bad file. I did not delete it as It did not say cure or quarantine. Am I fixed?
Val

Report •

#5
June 22, 2011 at 19:08:27
Ok... I tried TDSSKILLER Again
Here's what I get
forged file (skip)
service name viaagp1
service type Kernel driver (0x1)
service start Boot (0x0)
File C:Windows/system32/Drivers/viaap1.sys
MDS.2f17dbabe5aa3932bed156b0d12b013a
MDS (forged) 6626df072d3021ecd394d559c5e086fa

What is this?If it keeps coming up with the scan is that okay? It does say skip next to it.


Report •

#6
June 22, 2011 at 20:56:24
"I did cure the Trojan:DOS/Alureon. their was another that showed bad file. I did not delete it as It did not say cure or quarantine."

Did you use TDSSKiller for this?

On the forged file notice, press 'Skip', and run TDSSKiller.

Then, post its entire report.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#7
June 23, 2011 at 05:04:27
I did use the Tdsskiller. This is what showed up forged file (skip)
service name viaagp1
service type Kernel driver (0x1)
service start Boot (0x0)
File C:Windows/system32/Drivers/viaap1.sys
MDS.2f17dbabe5aa3932bed156b0d12b013a
MDS (forged) 6626df072d3021ecd394d559c5e086fa

I did skip it...

Here is the log.Please help and tell me what to do next.
2011/06/23 07:50:20.0921 1980 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 07:50:21.0359 1980 ================================================================================
2011/06/23 07:50:21.0359 1980 SystemInfo:
2011/06/23 07:50:21.0359 1980
2011/06/23 07:50:21.0359 1980 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/23 07:50:21.0359 1980 Product type: Workstation
2011/06/23 07:50:21.0359 1980 ComputerName: VAL
2011/06/23 07:50:21.0359 1980 UserName: Owner
2011/06/23 07:50:21.0359 1980 Windows directory: C:\WINDOWS
2011/06/23 07:50:21.0359 1980 System windows directory: C:\WINDOWS
2011/06/23 07:50:21.0359 1980 Processor architecture: Intel x86
2011/06/23 07:50:21.0359 1980 Number of processors: 1
2011/06/23 07:50:21.0359 1980 Page size: 0x1000
2011/06/23 07:50:21.0359 1980 Boot type: Normal boot
2011/06/23 07:50:21.0359 1980 ================================================================================
2011/06/23 07:50:23.0843 1980 Initialize success
2011/06/23 07:50:27.0406 2800 ================================================================================
2011/06/23 07:50:27.0406 2800 Scan started
2011/06/23 07:50:27.0406 2800 Mode: Manual;
2011/06/23 07:50:27.0406 2800 ================================================================================
2011/06/23 07:50:33.0187 2800 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/23 07:50:33.0859 2800 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/23 07:50:34.0437 2800 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/23 07:50:34.0734 2800 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/23 07:50:36.0046 2800 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/23 07:50:36.0609 2800 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/06/23 07:50:39.0312 2800 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/23 07:50:39.0875 2800 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/23 07:50:40.0812 2800 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/23 07:50:41.0296 2800 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/23 07:50:41.0921 2800 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/23 07:50:42.0859 2800 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/23 07:50:43.0484 2800 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/23 07:50:44.0203 2800 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/23 07:50:44.0734 2800 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/23 07:50:45.0328 2800 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/23 07:50:45.0796 2800 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/23 07:50:46.0375 2800 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/23 07:50:47.0156 2800 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/23 07:50:47.0843 2800 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/06/23 07:50:48.0640 2800 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/23 07:50:49.0328 2800 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/23 07:50:50.0609 2800 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/23 07:50:51.0234 2800 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/23 07:50:51.0812 2800 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/23 07:50:55.0250 2800 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/23 07:50:56.0578 2800 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/23 07:50:57.0953 2800 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/23 07:50:58.0546 2800 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/23 07:50:59.0234 2800 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/23 07:50:59.0859 2800 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/23 07:51:00.0546 2800 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/23 07:51:00.0984 2800 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/23 07:51:01.0343 2800 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/23 07:51:01.0750 2800 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/23 07:51:02.0218 2800 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/23 07:51:02.0750 2800 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/23 07:51:03.0187 2800 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/23 07:51:03.0656 2800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/23 07:51:03.0984 2800 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/23 07:51:04.0531 2800 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/23 07:51:05.0218 2800 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/23 07:51:05.0640 2800 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/23 07:51:06.0375 2800 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/23 07:51:07.0046 2800 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/23 07:51:08.0625 2800 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/23 07:51:09.0062 2800 ialm (3046f83c8a6acebb9eaa834c2cd7105c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/23 07:51:09.0468 2800 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/23 07:51:10.0796 2800 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/23 07:51:11.0640 2800 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/23 07:51:12.0234 2800 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/23 07:51:12.0765 2800 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/23 07:51:13.0468 2800 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/23 07:51:13.0890 2800 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/23 07:51:14.0296 2800 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/23 07:51:14.0687 2800 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/23 07:51:15.0187 2800 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/23 07:51:15.0687 2800 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/23 07:51:16.0250 2800 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/23 07:51:16.0750 2800 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/23 07:51:17.0828 2800 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/06/23 07:51:18.0625 2800 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/23 07:51:19.0625 2800 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/06/23 07:51:20.0828 2800 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/23 07:51:21.0609 2800 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/23 07:51:22.0046 2800 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/23 07:51:22.0734 2800 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/23 07:51:23.0421 2800 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/23 07:51:24.0562 2800 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/23 07:51:25.0375 2800 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/23 07:51:26.0718 2800 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/23 07:51:27.0437 2800 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/23 07:51:27.0984 2800 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/23 07:51:28.0546 2800 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/23 07:51:29.0125 2800 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/23 07:51:29.0750 2800 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/23 07:51:30.0578 2800 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/23 07:51:31.0140 2800 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/23 07:51:31.0671 2800 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/23 07:51:32.0375 2800 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/23 07:51:32.0968 2800 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/23 07:51:33.0453 2800 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/23 07:51:34.0171 2800 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/23 07:51:34.0546 2800 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/23 07:51:34.0921 2800 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/23 07:51:35.0656 2800 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/23 07:51:36.0312 2800 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/23 07:51:36.0953 2800 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/23 07:51:37.0406 2800 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/23 07:51:38.0203 2800 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/23 07:51:39.0515 2800 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/23 07:51:39.0953 2800 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/23 07:51:40.0375 2800 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/23 07:51:40.0859 2800 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/23 07:51:41.0406 2800 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/23 07:51:41.0859 2800 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/23 07:51:42.0625 2800 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/06/23 07:51:42.0953 2800 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/23 07:51:45.0468 2800 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/23 07:51:46.0062 2800 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/23 07:51:46.0562 2800 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/23 07:51:46.0968 2800 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/23 07:51:47.0312 2800 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/23 07:51:47.0812 2800 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/23 07:51:48.0296 2800 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/23 07:51:48.0812 2800 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys
2011/06/23 07:51:51.0046 2800 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/23 07:51:51.0468 2800 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/23 07:51:51.0984 2800 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/23 07:51:52.0484 2800 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/23 07:51:53.0046 2800 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/23 07:51:53.0468 2800 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/23 07:51:53.0890 2800 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/23 07:51:54.0265 2800 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/23 07:51:54.0796 2800 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/23 07:51:55.0328 2800 S3Psddr (f5c5903c601a193e659485cd8258fcb3) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/06/23 07:51:56.0000 2800 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/23 07:51:56.0515 2800 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/23 07:51:56.0828 2800 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/23 07:51:57.0359 2800 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/23 07:51:57.0984 2800 SISAGP (99d5140d748ba27576a4c883e536e6d6) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
2011/06/23 07:51:58.0312 2800 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/23 07:51:59.0046 2800 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/23 07:51:59.0281 2800 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/23 07:51:59.0656 2800 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/23 07:52:00.0078 2800 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/23 07:52:00.0328 2800 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/23 07:52:00.0578 2800 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/23 07:52:01.0890 2800 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/23 07:52:02.0234 2800 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/23 07:52:02.0531 2800 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/23 07:52:02.0812 2800 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/23 07:52:03.0140 2800 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/23 07:52:03.0812 2800 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/23 07:52:04.0281 2800 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/23 07:52:04.0640 2800 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/23 07:52:04.0968 2800 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/23 07:52:05.0218 2800 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/23 07:52:05.0515 2800 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/23 07:52:05.0796 2800 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/23 07:52:06.0046 2800 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/23 07:52:06.0343 2800 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/23 07:52:06.0609 2800 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/23 07:52:06.0859 2800 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/23 07:52:07.0156 2800 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/23 07:52:07.0406 2800 viaagp1 (2f17dbabe5aa3932bed156b0d12b013a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/06/23 07:52:07.0421 2800 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaagp1.sys. Real md5: 2f17dbabe5aa3932bed156b0d12b013a, Fake md5: 6626df072d3021ecb394d559c5e086fa
2011/06/23 07:52:07.0453 2800 viaagp1 - detected ForgedFile.Multi.Generic (1)
2011/06/23 07:52:07.0718 2800 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/23 07:52:08.0046 2800 VIAudio (a6fcca426660d3fc5a5cb7c0623a257b) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/06/23 07:52:08.0312 2800 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/23 07:52:08.0656 2800 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/23 07:52:09.0187 2800 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/23 07:52:09.0781 2800 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/23 07:52:10.0125 2800 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/23 07:52:10.0390 2800 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/23 07:52:10.0671 2800 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/23 07:52:11.0156 2800 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/23 07:52:11.0421 2800 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/23 07:52:11.0531 2800 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
2011/06/23 07:52:11.0562 2800 ================================================================================
2011/06/23 07:52:11.0562 2800 Scan finished
2011/06/23 07:52:11.0562 2800 ================================================================================
2011/06/23 07:52:11.0640 1708 Detected object count: 1
2011/06/23 07:52:11.0640 1708 Actual detected object count: 1
2011/06/23 07:52:25.0250 1708 ForgedFile.Multi.Generic(viaagp1) - User select action: Skip



Report •

#8
June 23, 2011 at 09:30:54
val82,

Let's see if we can locate a replacement copy for the forged file.

Please download SystemLook from one of these websites:
http://jpshortstuff.247fixes.com/Sy...
http://images.malwareremoval.com/jp...

Save it to the Desktop

Double-click SystemLook.exe to run it.

Next, copy the following, and paste into the main textfield:
:filefind
viaagp1.sys

Click the Look button to start the scan.
The log is also found on your Desktop entitled: SystemLook.txt
When finished, a Notepad window opens with the results of the scan.
>>Please post SystemLook.txt in your reply.<<

Were you able to boot into Safe Mode, and continue with the steps in Post #1?
If so, please post the Malwarebytes' log.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#9
June 23, 2011 at 13:41:04
I cannot download either file or even get to the websites.(thttp://jpshortstuff.247fixes.com/Sy...
http://images.malwareremoval.com/jp...

.


Report •

#10
June 23, 2011 at 13:55:51
I did download malwareremoval did it on mozilla ie would not allow it to come up. here is the log
SystemLook 04.09.10 by jpshortstuff
Log created at 16:50 on 23/06/2011 by Owner
Administrator - Elevation successful

No Context: SystemLook.exe

========== filefind ==========

Searching for "viaagp1.sys"
C:\hp\drivers\chipset\VIA\VIAAGP1.SYS --a--c- 27648 bytes [18:33 28/10/2002] [19:10 04/03/2002] 099F10C7B9D4C7A2BF48D4C6ECA1E7F1
C:\WINDOWS\system32\drivers\VIAAGP1.SYS --a--c- 27648 bytes [18:33 28/10/2002] [19:10 04/03/2002] 6626DF072D3021ECB394D559C5E086FA

-= EOF =-


Report •

#11
June 23, 2011 at 14:56:46
the safe mood log for melaware said nothing was found.

Report •

#12
June 23, 2011 at 19:42:15
Need to do some checking to replace this file:
C:\WINDOWS\system32\drivers\VIAAGP1.SYS

Not sure that this one will work:
C:\hp\drivers\chipset\VIA\VIAAGP1.SYS

Do you have the Windows XP installation CD? Also, what kind of computer (name/model) is this?

Thanks for your patience.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#13
June 24, 2011 at 05:15:17
No I had the xp installed and it was a very long time ago.I don't have any disk anymore. How would I use this file?
(C:\hp\drivers\chipset\VIA\VIAAGP1.SYS ) Where would I find it?
Here is my computer info
Hp 304W
xp version 2002
amp athlon xp 200+
1.67 ghz 992 mb of ram
Thanks again for all the help

Report •

#14
June 24, 2011 at 08:29:28
This file is in your system:
C:\hp\drivers\chipset\VIA\VIAAGP1.SYS

However, we have to make sure it is something we can use to replace the forged file:
C:\WINDOWS\system32\drivers\VIAAGP1.SYS

I need to do some more checking.

Thanks for your patience!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#15
June 24, 2011 at 19:34:05
val82,

Let’s give the following a whirl to replace the forged file:


Open Notepad (Start - Run, type: notepad then, press: Enter)

Copy/paste all of the text below to Notepad:

@ECHO OFF
cd c:\windows
ren lastgood lastgood-old >nul 2>&1
ren lastgood.temp lastgood-old2 >nul 2>&1
md C:\windows\lastgood\system32\drivers
copy C:\hp\drivers\chipset\VIA\VIAAGP1.SYS C:\windows\lastgood\system32\drivers\VIAAGP1.SYS


Save the file to your Desktop as (File name): “replace.bat”

Be sure to include the quotes in the name.

On your Desktop, double-click on replace.bat
A window should open briefly, but nothing more...


Now, restart the computer.
As it boots, tap the F8 key about once per half-second, to access the startup menu.
From the menu select the following:

Last Known Good Configuration

The computer should reboot, and that ought to do the replacement.


Now, run TDSSKiller once again, and post its new report.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#16
June 24, 2011 at 20:17:06
Same report.Nothings is different..
2011/06/24 23:16:12.0234 2076 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/24 23:16:12.0703 2076 ================================================================================
2011/06/24 23:16:12.0703 2076 SystemInfo:
2011/06/24 23:16:12.0703 2076
2011/06/24 23:16:12.0703 2076 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/24 23:16:12.0703 2076 Product type: Workstation
2011/06/24 23:16:12.0703 2076 ComputerName: VAL
2011/06/24 23:16:12.0703 2076 UserName: Owner
2011/06/24 23:16:12.0703 2076 Windows directory: C:\WINDOWS
2011/06/24 23:16:12.0703 2076 System windows directory: C:\WINDOWS
2011/06/24 23:16:12.0703 2076 Processor architecture: Intel x86
2011/06/24 23:16:12.0703 2076 Number of processors: 1
2011/06/24 23:16:12.0703 2076 Page size: 0x1000
2011/06/24 23:16:12.0703 2076 Boot type: Normal boot
2011/06/24 23:16:12.0703 2076 ================================================================================
2011/06/24 23:16:14.0718 2076 Initialize success

Report •

#17
June 24, 2011 at 20:27:33
val82,

Please post the entire TDSSKiller report, the above is just the begining of it, the rest did not take...

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#18
June 25, 2011 at 06:52:17
I rescanned Tdsskiller killer
2011/06/25 09:42:10.0015 0252 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/25 09:42:10.0640 0252 ================================================================================
2011/06/25 09:42:10.0640 0252 SystemInfo:
2011/06/25 09:42:10.0640 0252
2011/06/25 09:42:10.0640 0252 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/25 09:42:10.0640 0252 Product type: Workstation
2011/06/25 09:42:10.0640 0252 ComputerName: VAL
2011/06/25 09:42:10.0750 0252 UserName: Owner
2011/06/25 09:42:10.0750 0252 Windows directory: C:\WINDOWS
2011/06/25 09:42:10.0750 0252 System windows directory: C:\WINDOWS
2011/06/25 09:42:10.0750 0252 Processor architecture: Intel x86
2011/06/25 09:42:10.0750 0252 Number of processors: 1
2011/06/25 09:42:10.0750 0252 Page size: 0x1000
2011/06/25 09:42:10.0750 0252 Boot type: Normal boot
2011/06/25 09:42:10.0750 0252 ================================================================================
2011/06/25 09:42:18.0796 0252 Initialize success
2011/06/25 09:42:22.0484 2788 ================================================================================
2011/06/25 09:42:22.0484 2788 Scan started
2011/06/25 09:42:22.0484 2788 Mode: Manual;
2011/06/25 09:42:22.0484 2788 ================================================================================
2011/06/25 09:42:31.0031 2788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/25 09:42:31.0343 2788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/25 09:42:32.0125 2788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/25 09:42:32.0390 2788 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/06/25 09:42:33.0625 2788 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/06/25 09:42:34.0343 2788 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/06/25 09:42:35.0812 2788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/25 09:42:36.0156 2788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/25 09:42:36.0953 2788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/25 09:42:37.0265 2788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/25 09:42:37.0625 2788 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/06/25 09:42:37.0890 2788 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/06/25 09:42:38.0203 2788 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/06/25 09:42:38.0484 2788 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/06/25 09:42:38.0781 2788 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/06/25 09:42:39.0062 2788 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/06/25 09:42:39.0359 2788 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/06/25 09:42:39.0656 2788 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/06/25 09:42:40.0000 2788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/25 09:42:40.0359 2788 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/06/25 09:42:40.0890 2788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/25 09:42:41.0156 2788 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/25 09:42:41.0656 2788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/25 09:42:41.0937 2788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/25 09:42:42.0265 2788 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/25 09:42:45.0062 2788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/25 09:42:45.0859 2788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/25 09:42:46.0703 2788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/25 09:42:47.0375 2788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/25 09:42:48.0046 2788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/25 09:42:48.0953 2788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/25 09:42:49.0437 2788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/25 09:42:49.0812 2788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/25 09:42:50.0109 2788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/25 09:42:50.0640 2788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/25 09:42:51.0093 2788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/25 09:42:51.0578 2788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/25 09:42:52.0140 2788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/25 09:42:52.0687 2788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/25 09:42:53.0218 2788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/25 09:42:54.0015 2788 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/25 09:42:55.0156 2788 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/06/25 09:42:55.0687 2788 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/06/25 09:42:56.0078 2788 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/06/25 09:42:56.0625 2788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/25 09:42:58.0031 2788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/25 09:42:58.0515 2788 ialm (3046f83c8a6acebb9eaa834c2cd7105c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/25 09:42:58.0906 2788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/25 09:42:59.0734 2788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
2011/06/25 09:43:00.0062 2788 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/25 09:43:00.0500 2788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/25 09:43:00.0781 2788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/25 09:43:01.0046 2788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/25 09:43:01.0625 2788 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/25 09:43:02.0000 2788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/25 09:43:02.0500 2788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/25 09:43:02.0906 2788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/25 09:43:03.0234 2788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/25 09:43:03.0609 2788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/25 09:43:04.0015 2788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/25 09:43:04.0796 2788 ltmodem5 (3070246fba35aa2e0c2251d55f5848f8) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/06/25 09:43:05.0375 2788 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
2011/06/25 09:43:05.0796 2788 MCSTRM (5bb01b9f582259d1fb7653c5c1da3653) C:\WINDOWS\system32\drivers\MCSTRM.sys
2011/06/25 09:43:06.0265 2788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/25 09:43:06.0609 2788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/25 09:43:06.0921 2788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/25 09:43:07.0234 2788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/25 09:43:07.0765 2788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/25 09:43:08.0468 2788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/25 09:43:09.0093 2788 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/25 09:43:09.0437 2788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/25 09:43:09.0890 2788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/25 09:43:10.0250 2788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/25 09:43:10.0609 2788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/25 09:43:11.0015 2788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/25 09:43:11.0390 2788 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/25 09:43:11.0750 2788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/25 09:43:12.0171 2788 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/25 09:43:12.0562 2788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/25 09:43:12.0968 2788 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/25 09:43:13.0531 2788 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/25 09:43:13.0796 2788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/25 09:43:14.0437 2788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/25 09:43:14.0953 2788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/25 09:43:15.0359 2788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/25 09:43:15.0671 2788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/25 09:43:16.0328 2788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/25 09:43:16.0984 2788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/25 09:43:17.0640 2788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/25 09:43:18.0031 2788 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/25 09:43:18.0734 2788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/25 09:43:19.0031 2788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/25 09:43:19.0375 2788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/25 09:43:19.0750 2788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/25 09:43:20.0125 2788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/25 09:43:20.0437 2788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/25 09:43:21.0140 2788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\System32\DRIVERS\pciide.sys
2011/06/25 09:43:21.0625 2788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/25 09:43:23.0734 2788 pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/25 09:43:24.0375 2788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/25 09:43:24.0718 2788 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/06/25 09:43:24.0984 2788 Ps2 (bffdb363485501a38f0bca83aec810db) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/06/25 09:43:25.0703 2788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/25 09:43:25.0984 2788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/25 09:43:26.0296 2788 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
2011/06/25 09:43:26.0640 2788 pxrts (04d1c97a0818f9378eeaa793a09f8202) C:\WINDOWS\system32\drivers\pxrts.sys
2011/06/25 09:43:28.0406 2788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/25 09:43:28.0765 2788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/25 09:43:29.0218 2788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/25 09:43:29.0593 2788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/25 09:43:30.0015 2788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/25 09:43:30.0375 2788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/25 09:43:30.0843 2788 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/25 09:43:31.0359 2788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/25 09:43:32.0015 2788 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/06/25 09:43:32.0375 2788 S3Psddr (f5c5903c601a193e659485cd8258fcb3) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/06/25 09:43:32.0875 2788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/25 09:43:33.0796 2788 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/25 09:43:34.0203 2788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/25 09:43:34.0562 2788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/25 09:43:35.0281 2788 SISAGP (99d5140d748ba27576a4c883e536e6d6) C:\WINDOWS\system32\DRIVERS\SISAGP.sys
2011/06/25 09:43:35.0640 2788 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/25 09:43:36.0406 2788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/25 09:43:36.0796 2788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/25 09:43:37.0140 2788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/25 09:43:37.0640 2788 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/25 09:43:38.0109 2788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/25 09:43:38.0781 2788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/25 09:43:40.0453 2788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/25 09:43:41.0312 2788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/25 09:43:41.0703 2788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/25 09:43:42.0078 2788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/25 09:43:42.0734 2788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/25 09:43:43.0484 2788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/25 09:43:44.0500 2788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/25 09:43:45.0062 2788 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/25 09:43:45.0484 2788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/25 09:43:45.0906 2788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/25 09:43:46.0156 2788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/25 09:43:46.0656 2788 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/06/25 09:43:47.0078 2788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/25 09:43:47.0421 2788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/25 09:43:47.0812 2788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/25 09:43:48.0359 2788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/25 09:43:48.0968 2788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/25 09:43:49.0500 2788 viaagp1 (2f17dbabe5aa3932bed156b0d12b013a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/06/25 09:43:49.0531 2788 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\viaagp1.sys. Real md5: 2f17dbabe5aa3932bed156b0d12b013a, Fake md5: 6626df072d3021ecb394d559c5e086fa
2011/06/25 09:43:49.0578 2788 viaagp1 - detected ForgedFile.Multi.Generic (1)
2011/06/25 09:43:50.0234 2788 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/25 09:43:50.0859 2788 VIAudio (a6fcca426660d3fc5a5cb7c0623a257b) C:\WINDOWS\system32\drivers\vinyl97.sys
2011/06/25 09:43:51.0421 2788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/25 09:43:51.0984 2788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/25 09:43:52.0968 2788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/25 09:43:54.0093 2788 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/25 09:43:54.0718 2788 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/25 09:43:55.0140 2788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/25 09:43:55.0671 2788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/25 09:43:56.0468 2788 {6080A529-897E-4629-A488-ABA0C29B635E} (f0890825e7a9f4a808190a781c480568) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/06/25 09:43:57.0140 2788 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (8854f5453cce4c5831538e935f92f73b) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/06/25 09:43:57.0343 2788 MBR (0x1B8) (24bf22b59c30b9b11e1af62cfc3c418e) \Device\Harddisk0\DR0
2011/06/25 09:43:57.0437 2788 ================================================================================
2011/06/25 09:43:57.0437 2788 Scan finished
2011/06/25 09:43:57.0437 2788 ================================================================================
2011/06/25 09:43:57.0500 1756 Detected object count: 1
2011/06/25 09:43:57.0500 1756 Actual detected object count: 1
2011/06/25 09:44:42.0828 1756 ForgedFile.Multi.Generic(viaagp1) - User select action: Skip

Report •

#19
June 25, 2011 at 08:58:54
Did you follow Post #15, exactly as written?

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#20
June 25, 2011 at 10:33:19
Ok...I pasted everything as written.It went to notepad and such. When I double clicked it opened the notepad that was all.It was the same file that was on the notepad.Nothing went on briefly.I have tried this several times and deleted and started again.Not sure why it's not working.

Report •

#21
June 25, 2011 at 12:15:32
It is time to pull out this tool out of the box...

Please download ComboFix:
http://download.bleepingcomputer.co...

Save to your Desktop
Double-click ComboFix.exe to run the program

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your Desktop, and if interrupted may leave your Desktop disabled. If this occurs, please reboot to restore the Desktop.

Install the >Recovery Console< if asked to do so. It may come in handy!!

When the scan completes, and it may take a while, a text window with the CF log opens on your Desktop. The CF log is also found at C:\ComboFix.txt

>>Please post this log in your reply to analyze it, and let you know what to do next.<<

However, because of the potential size of this report, please upload ComboFix.txt to the Uploading website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix.txt file, and click: 'Open'

You will see the following:
Your file has been uploaded successfully: (Name and size of the file)

Copy the 'Download link' provided, and post it in your reply.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#22
June 25, 2011 at 13:17:58
the combofix was deleted it and said I was at risk for identity frued.

Report •

#23
June 25, 2011 at 13:24:34
"the combofix was deleted it"

What do you mean by this? What did ComboFix delete?

Did ComboFix not run? If it ran I need to see its report, as requested earlier.

Please be specific.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#24
June 25, 2011 at 13:55:21
The download went through on ComboFix. I pressed it to run after it had downloaded. It was extracting and my virus and anti spyware shut it down and deleted the ComboFix .I had this have everytime I installed it. It will not run on here without the virus software stopping it.Sorry no log.It was not able to run long enough.It seems the software (combofix) has spyware????

Report •

#25
June 25, 2011 at 16:34:54
What is your AntiVirus program, and your AntiSpyware program.

Both of these need to be temporarily disabled while you run ComboFix. They can be enabled again when we are done.

Please let me know the names requested, and will show you how to stop them temporarily.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •

#26
June 26, 2011 at 11:50:40
The file will not work.Have disabled all spyware and antivirus.It just wONT TAKE.

Report •

#27
June 26, 2011 at 13:20:11
Try running ComboFix in Safe Mode:

Tap the F8 key as your computer restarts but before Windows launches
Select the Safe Mode option, and then press: Enter

Now, double click the ComboFix file, and see if it runs.


If you still have trouble running CF, run RKill first, then immediately run CF.

Download and run the following tool to help allow other programs to run.
There are a few different versions. If one of them won't run, then download and try to run the another one.

You only need to get one of them to run, not all of them.

http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...
http://download.bleepingcomputer.co...


Note:

If you see a message that the file is infected, ignore the message.
Leave the message OPEN, do not close the message.
Run RKill repeatedly until it's able to do it's job.
This may take a few tries. You'll be able to tell RKill has done it's job when your Desktop cycles off and then on again.

Once RKill has run, do NOT reboot the machine, and then try once again to run ComboFix.

See how that goes...

~~~~
Retired - Doin' Dis, Dat, and slapping malware.


Report •


Ask Question