Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: Need of Fake Antivirus Removal  (Read 19681 times)

0 Members and 1 Guest are viewing this topic.

SuperDave

  • Malware Removal Specialist
  • Moderator


    • Genius
    • Thanked: 1020
  • Certifications: List
  • Experience: Expert
  • OS: Windows 10
Re: Need of Fake Antivirus Removal
« Reply #15 on: July 01, 2010, 05:45:06 PM »
Here's some information about script errors in IE

* Direct download link is here: RootRepeal.zip

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.
* Click this link to see a list of such programs and how to disable them.

* Extract the program file to a new folder such as C:\RootRepeal
* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.
* Select ALL of the checkboxes and then click OK and it will start scanning your system.
* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
* When done, click on Save Report
* Save it to the same location where you ran it from, such as C:RootRepeal
* Save it as rootrepeal.txt
* Then open that log and select all and copy/paste it back on your next reply please.
* Close RootRepeal.
Logged
Windows 8 and Windows 10 dual boot with two SSD's

binkow

    Topic Starter


    Rookie

    Re: Need of Fake Antivirus Removal
    « Reply #16 on: July 02, 2010, 08:41:58 AM »
    ROOTREPEAL (c) AD, 2007-2009
    ==================================================
    Scan Start Time:      2010/07/02 10:19
    Program Version:      Version 1.3.5.0
    Windows Version:      Windows XP SP3
    ==================================================

    Drivers
    -------------------
    Name: catchme.sys
    Image Path: C:\ComboFix\catchme.sys
    Address: 0xB48AD000   Size: 31744   File Visible: No   Signed: -
    Status: -

    Name: Combo-Fix.sys
    Image Path: Combo-Fix.sys
    Address: 0xB81A8000   Size: 60416   File Visible: No   Signed: -
    Status: -

    Name: dump_atapi.sys
    Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
    Address: 0xB487D000   Size: 98304   File Visible: No   Signed: -
    Status: -

    Name: dump_WMILIB.SYS
    Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
    Address: 0xB85E8000   Size: 8192   File Visible: No   Signed: -
    Status: -

    Name: giveio.sys
    Image Path: giveio.sys
    Address: 0xB8672000   Size: 1664   File Visible: No   Signed: -
    Status: -

    Name: mbr.sys
    Image Path: C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys
    Address: 0xB84A8000   Size: 20864   File Visible: No   Signed: -
    Status: -

    Name: PROCEXP113.SYS
    Image Path: C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
    Address: 0xB862E000   Size: 7872   File Visible: No   Signed: -
    Status: -

    Name: rootrepeal.sys
    Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
    Address: 0xB00AA000   Size: 49152   File Visible: No   Signed: -
    Status: -

    Name: speedfan.sys
    Image Path: speedfan.sys
    Address: 0xB85BA000   Size: 5248   File Visible: No   Signed: -
    Status: -

    Hidden/Locked Files
    -------------------
    Path: C:\hiberfil.sys
    Status: Locked to the Windows API!

    Path: C:\RECYCLER\S-1-5-21-3622105252-4212685542-302905379-1007\Dc83\BINKOW~1.LOG
    Status: Locked to the Windows API!

    Path: c:\documents and settings\owner\application data\mozilla\firefox\profiles\xxruvh3u.default\sessionstore.js
    Status: Size mismatch (API: 62906, Raw: 62144)

    Path: C:\Documents and Settings\Owner\Local Settings\Apps\2.0\KNGWJ36R.3YL\8ZJ31MO6.333\manifests\Skin Installer.exe.manifest
    Status: Locked to the Windows API!

    SSDT
    -------------------
    #: 041   Function Name: NtCreateKey
    Status: Hooked by "<unknown>" at address 0xb87d0276

    #: 053   Function Name: NtCreateThread
    Status: Hooked by "<unknown>" at address 0xb87d026c

    #: 063   Function Name: NtDeleteKey
    Status: Hooked by "<unknown>" at address 0xb87d027b

    #: 065   Function Name: NtDeleteValueKey
    Status: Hooked by "<unknown>" at address 0xb87d0285

    #: 098   Function Name: NtLoadKey
    Status: Hooked by "<unknown>" at address 0xb87d028a

    #: 122   Function Name: NtOpenProcess
    Status: Hooked by "<unknown>" at address 0xb87d0258

    #: 128   Function Name: NtOpenThread
    Status: Hooked by "<unknown>" at address 0xb87d025d

    #: 193   Function Name: NtReplaceKey
    Status: Hooked by "<unknown>" at address 0xb87d0294

    #: 204   Function Name: NtRestoreKey
    Status: Hooked by "<unknown>" at address 0xb87d028f

    #: 247   Function Name: NtSetValueKey
    Status: Hooked by "<unknown>" at address 0xb87d0280

    Stealth Objects
    -------------------
    Object: Hidden Module [Name: ernel32.dll]
    Process: avgnt.exe (PID: 748)   Address: 0x003d0000   Size: 73728

    ==EOF==
    « Last Edit: July 02, 2010, 05:10:10 PM by SuperDave »
    Logged

    SuperDave

    • Malware Removal Specialist
    • Moderator


      • Genius
      • Thanked: 1020
    • Certifications: List
    • Experience: Expert
    • OS: Windows 10
    Re: Need of Fake Antivirus Removal
    « Reply #17 on: July 02, 2010, 05:12:05 PM »
    Download this << file >> & extract TDSSKiller.exe onto your Desktop

    Then create this batch file to be placed next to TDSSKiller

    =====

    Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:
    Code: [Select]
    @ECHO OFF
    START /WAIT TDSSKILLER.exe -l Logit.txt -v
    START Logit.txt
    del %0    Save this as fix.bat Choose to "Save type as  - All Files"
    It should look like this:
    Double click on fix.bat & allow it to run

    Post back to tell me what it says
    Logged
    Windows 8 and Windows 10 dual boot with two SSD's

    binkow

      Topic Starter


      Rookie

      Re: Need of Fake Antivirus Removal
      « Reply #18 on: July 02, 2010, 07:02:40 PM »
      21:04:01:874 2256   TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
      21:04:01:874 2256   ================================================================================
      21:04:01:874 2256   SystemInfo:

      21:04:01:874 2256   OS Version: 5.1.2600 ServicePack: 3.0
      21:04:01:874 2256   Product type: Workstation
      21:04:01:874 2256   ComputerName: YOUR-76500D519C
      21:04:01:874 2256   UserName: Owner
      21:04:01:874 2256   Windows directory: C:\WINDOWS
      21:04:01:874 2256   System windows directory: C:\WINDOWS
      21:04:01:874 2256   Processor architecture: Intel x86
      21:04:01:874 2256   Number of processors: 1
      21:04:01:874 2256   Page size: 0x1000
      21:04:01:874 2256   Boot type: Normal boot
      21:04:01:874 2256   ================================================================================
      21:04:02:202 2256   Initialize success
      21:04:02:202 2256   
      21:04:02:202 2256   Scanning   Services ...
      21:04:02:561 2256   Raw services enum returned 380 services
      21:04:02:577 2256   
      21:04:02:577 2256   Scanning   Drivers ...
      21:04:03:296 2256   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
      21:04:03:327 2256   ACPI            (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
      21:04:03:358 2256   ACPIEC          (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
      21:04:03:374 2256   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
      21:04:03:405 2256   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
      21:04:03:639 2256   AFD             (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
      21:04:03:827 2256   AgereSoftModem  (b7d2103eb2ecb765b2b7106bad089ab1) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
      21:04:03:983 2256   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
      21:04:04:030 2256   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
      21:04:04:061 2256   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
      21:04:04:108 2256   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
      21:04:04:186 2256   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
      21:04:04:202 2256   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
      21:04:04:233 2256   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
      21:04:04:249 2256   amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
      21:04:04:296 2256   amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
      21:04:04:342 2256   Arp1394         (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
      21:04:04:436 2256   asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
      21:04:04:483 2256   asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
      21:04:04:530 2256   asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
      21:04:04:577 2256   ASCTRM          (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
      21:04:04:671 2256   AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
      21:04:04:717 2256   atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
      21:04:04:858 2256   ati2mtag        (1db0e5f78a67307f9c68d777873c1164) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
      21:04:05:061 2256   Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
      21:04:05:124 2256   audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
      21:04:05:202 2256   avgio           (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
      21:04:05:327 2256   avgntflt        (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
      21:04:05:374 2256   avipbb          (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
      21:04:05:436 2256   Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
      21:04:05:483 2256   cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
      21:04:05:577 2256   cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
      21:04:05:624 2256   cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
      21:04:05:655 2256   Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
      21:04:05:717 2256   Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
      21:04:05:811 2256   Cdr4_xp         (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
      21:04:05:858 2256   Cdralw2k        (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys
      21:04:05:921 2256   Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
      21:04:06:092 2256   CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
      21:04:06:186 2256   CmdIde          (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
      21:04:06:233 2256   Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
      21:04:06:311 2256   Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
      21:04:06:421 2256   cpuz133         (13a0d3f9d5f39adaca0a8d3bb327eb31) C:\WINDOWS\system32\drivers\cpuz133_x32.sys
      21:04:06:483 2256   dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
      21:04:06:546 2256   dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
      21:04:06:608 2256   Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
      21:04:06:702 2256   dmboot          (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
      21:04:06:858 2256   dmio            (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
      21:04:06:936 2256   dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
      21:04:07:014 2256   DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
      21:04:07:092 2256   DNINDIS5        (d2ee54cdbced01d48f2b18642be79a98) C:\WINDOWS\system32\DNINDIS5.SYS
      21:04:07:483 2256   dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
      21:04:07:530 2256   drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
      21:04:07:608 2256   el575nd5        (23f6b9cf432f492ebbd8105d78cb008c) C:\WINDOWS\system32\DRIVERS\el575nd5.sys
      21:04:07:655 2256   Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
      21:04:07:717 2256   Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
      21:04:07:764 2256   Fips            (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
      21:04:07:811 2256   Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
      21:04:07:874 2256   FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
      21:04:07:967 2256   Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
      21:04:08:046 2256   Ftdisk          (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
      21:04:08:077 2256   GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
      21:04:08:171 2256   giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
      21:04:08:249 2256   Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
      21:04:08:296 2256   hamachi         (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
      21:04:08:405 2256   HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
      21:04:08:467 2256   HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
      21:04:08:514 2256   hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
      21:04:08:592 2256   HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
      21:04:08:702 2256   i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
      21:04:08:780 2256   i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
      21:04:08:827 2256   i8042prt        (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
      21:04:08:889 2256   Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
      21:04:08:999 2256   ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
      21:04:09:264 2256   IntcAzAudAddService (71ae838a88b07268d732f596fc17ced5) C:\WINDOWS\system32\drivers\RtkHDAud.sys
      21:04:09:452 2256   IntelIde        (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
      21:04:09:483 2256   intelppm        (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
      21:04:09:546 2256   Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
      21:04:09:608 2256   IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
      21:04:09:733 2256   IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
      21:04:09:796 2256   IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
      21:04:09:858 2256   IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
      21:04:09:983 2256   IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
      21:04:10:030 2256   isapnp          (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
      21:04:10:077 2256   JSWSCIMD        (ad67795900aa8c05cc4570f5349e0639) C:\WINDOWS\system32\DRIVERS\jswscimd.sys
      21:04:10:139 2256   Kbdclass        (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
      21:04:10:264 2256   klmd23          (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
      21:04:10:296 2256   kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
      21:04:10:374 2256   KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
      21:04:10:421 2256   mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
      21:04:10:530 2256   Modem           (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
      21:04:10:639 2256   Mouclass        (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
      21:04:10:686 2256   mouhid          (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
      21:04:10:733 2256   MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
      21:04:10:764 2256   mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
      21:04:10:796 2256   MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
      21:04:10:921 2256   MRxSmb          (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
      21:04:10:967 2256   Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
      21:04:11:014 2256   MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
      21:04:11:139 2256   MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
      21:04:11:186 2256   MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
      21:04:11:249 2256   mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
      21:04:11:311 2256   Mup             (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
      21:04:11:374 2256   Nbdrv           (ce450acf87ea92fd3c09873149b4badb) C:\WINDOWS\system32\DRIVERS\nbdrv.sys
      21:04:11:452 2256   NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
      21:04:11:483 2256   NdisTapi        (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
      21:04:11:592 2256   Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
      21:04:11:655 2256   NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
      21:04:11:717 2256   NDProxy         (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
      21:04:11:796 2256   NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
      21:04:11:842 2256   NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
      21:04:11:967 2256   NIC1394         (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
      21:04:12:061 2256   Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
      21:04:12:139 2256   Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
      21:04:12:217 2256   Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
      21:04:12:483 2256   nv              (f85e109844787668ce8aab54ef14362a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
      21:04:12:764 2256   NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
      21:04:12:811 2256   NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
      21:04:12:874 2256   ohci1394        (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
      21:04:13:030 2256   Parport         (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
      21:04:13:155 2256   PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
      21:04:13:202 2256   ParVdm          (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
      21:04:13:311 2256   PCI             (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
      21:04:13:358 2256   PCIIde          (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
      21:04:13:389 2256   Pcmcia          (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
      21:04:13:499 2256   perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
      21:04:13:546 2256   perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
      21:04:13:592 2256   PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
      21:04:13:671 2256   PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
      21:04:13:749 2256   Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
      21:04:13:796 2256   PxHelp20        (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
      21:04:13:827 2256   ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
      21:04:13:874 2256   Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
      21:04:13:936 2256   ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
      21:04:14:046 2256   ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
      21:04:14:092 2256   ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
      21:04:14:139 2256   RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
      21:04:14:202 2256   Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
      21:04:14:249 2256   RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
      21:04:14:342 2256   Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
      21:04:14:421 2256   Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
      21:04:14:483 2256   RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
      21:04:14:577 2256   rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
      21:04:14:655 2256   RDPWD           (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
      21:04:14:717 2256   redbook         (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
      21:04:14:811 2256   RTL8023xp       (7988bfe882bcd94199225b5c3482f1bd) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
      21:04:14:889 2256   rtl8139         (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
      21:04:14:983 2256   SASDIFSV        (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
      21:04:15:014 2256   SASENUM         (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
      21:04:15:077 2256   SASKUTIL        (81c02ea5f88ca4125e579384dfd75e3a) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
      21:04:15:233 2256   SCDEmu          (16b1abe7f3e35f21dac57592b6c5d464) C:\WINDOWS\system32\drivers\SCDEmu.sys
      21:04:15:296 2256   SCREAMINGBDRIVER (d3fa9fb502ad62001101f495bbbac42e) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
      21:04:15:374 2256   sdbus           (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
      21:04:15:499 2256   Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
      21:04:15:546 2256   Serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
      21:04:15:608 2256   Serial          (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
      21:04:15:702 2256   Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
      21:04:15:780 2256   sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
      21:04:15:827 2256   Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
      21:04:15:874 2256   speedfan        (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
      21:04:16:014 2256   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
      21:04:16:139 2256   sptd            (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
      21:04:16:389 2256   sr              (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
      21:04:16:467 2256   Srv             (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
      21:04:16:499 2256   ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
      21:04:16:577 2256   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
      21:04:16:671 2256   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
      21:04:16:749 2256   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
      21:04:16:796 2256   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
      21:04:16:827 2256   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
      21:04:16:889 2256   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
      21:04:16:936 2256   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
      21:04:17:014 2256   taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
      21:04:17:155 2256   Tcpip           (d24ea301e2b36c4e975fd216ca85d8e7) C:\WINDOWS\system32\DRIVERS\tcpip.sys
      21:04:17:264 2256   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
      21:04:17:327 2256   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
      21:04:17:436 2256   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
      21:04:17:483 2256   TosIde          (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
      21:04:17:530 2256   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
      21:04:17:577 2256   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
      21:04:17:686 2256   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
      21:04:17:749 2256   USBAAPL         (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
      21:04:17:842 2256   usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
      21:04:17:967 2256   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
      21:04:18:046 2256   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
      21:04:18:108 2256   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
      21:04:18:202 2256   usbohci         (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
      21:04:18:249 2256   usbprint        (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
      21:04:18:311 2256   usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
      21:04:18:374 2256   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
      21:04:18:467 2256   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
      21:04:18:530 2256   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
      21:04:18:592 2256   viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
      21:04:18:624 2256   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
      21:04:18:671 2256   VolSnap         (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
      21:04:18:717 2256   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
      21:04:18:796 2256   wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
      21:04:18:874 2256   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
      21:04:19:046 2256   WN111v2         (93ea7d94959bef66d0e4adbc8ce4e073) C:\WINDOWS\system32\DRIVERS\WN111v2.sys
      21:04:19:155 2256   WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
      21:04:19:233 2256   WSIMD           (43f767d59bfc25d8f4fc2eb42043ec1e) C:\WINDOWS\system32\DRIVERS\wsimd.sys
      21:04:19:311 2256   WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
      21:04:19:358 2256   WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
      21:04:19:374 2256   
      21:04:19:374 2256   Completed
      21:04:19:374 2256   
      21:04:19:374 2256   Results:
      21:04:19:374 2256   Registry objects infected / cured / cured on reboot:   0 / 0 / 0
      21:04:19:374 2256   File objects infected / cured / cured on reboot:   0 / 0 / 0
      21:04:19:374 2256   
      21:04:19:374 2256   KLMD(ARK) unloaded successfully
       
      « Last Edit: July 02, 2010, 07:05:54 PM by SuperDave »
      Logged

      SuperDave

      • Malware Removal Specialist
      • Moderator


        • Genius
        • Thanked: 1020
      • Certifications: List
      • Experience: Expert
      • OS: Windows 10
      Re: Need of Fake Antivirus Removal
      « Reply #19 on: July 02, 2010, 07:17:51 PM »
      I'd like us to scan your machine with ESET OnlineScan

      •Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
      •Click the button.
      •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the icon on your desktop.
      •Check
      •Click the button.
      •Accept any security warnings from your browser.
      •Check
      •Push the Start button.
      •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      •When the scan completes, push
      •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      •Push the button.
      •Push
      A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

      Logged
      Windows 8 and Windows 10 dual boot with two SSD's

      binkow

        Topic Starter


        Rookie

        Re: Need of Fake Antivirus Removal
        « Reply #20 on: July 02, 2010, 08:17:21 PM »
        It won't let me download the virus database even with different proxies.
        Logged

        SuperDave

        • Malware Removal Specialist
        • Moderator


          • Genius
          • Thanked: 1020
        • Certifications: List
        • Experience: Expert
        • OS: Windows 10
        Re: Need of Fake Antivirus Removal
        « Reply #21 on: July 03, 2010, 05:00:54 PM »
        Download the GMER Rootkit Scanner. Unzip it to your Desktop.

        Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

        Double-click gmer.exe. The program will begin to run.

        **Caution**
        These types of scans can produce false positives. Do NOT take any action on any         "<--- ROOKIT" entries unless advised!

        If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
        • Click NO
        • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
        • Now click the Scan button.
        • Once the scan is complete, you may receive another notice about rootkit activity.
        • Click OK.
        • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
        • Save it where you can easily find it, such as your desktop.
        Logged
        Windows 8 and Windows 10 dual boot with two SSD's

        binkow

          Topic Starter


          Rookie

          Re: Need of Fake Antivirus Removal
          « Reply #22 on: July 05, 2010, 02:26:28 PM »
          GMER 1.0.15.15281 - http://www.gmer.net
          Rootkit scan 2010-07-04 00:32:49
          Windows 5.1.2600 Service Pack 3
          Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxxyqfow.sys


          ---- System - GMER 1.0.15 ----

          SSDT            B87D0276                                                                                                                               ZwCreateKey
          SSDT            B87D026C                                                                                                                               ZwCreateThread
          SSDT            B87D027B                                                                                                                               ZwDeleteKey
          SSDT            B87D0285                                                                                                                               ZwDeleteValueKey
          SSDT            B87D028A                                                                                                                               ZwLoadKey
          SSDT            B87D0258                                                                                                                               ZwOpenProcess
          SSDT            B87D025D                                                                                                                               ZwOpenThread
          SSDT            B87D0294                                                                                                                               ZwReplaceKey
          SSDT            B87D028F                                                                                                                               ZwRestoreKey
          SSDT            B87D0280                                                                                                                               ZwSetValueKey

          ---- Kernel code sections - GMER 1.0.15 ----

          ?               Combo-Fix.sys                                                                                                                          The system cannot find the file specified. !
          .text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                               section is writeable [0xB7502380, 0x3DEB95, 0xE8000020]
          ?               C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys                                                                                                The system cannot find the file specified. !
          ?               C:\ComboFix\catchme.sys                                                                                                                The system cannot find the path specified. !
          ?               C:\WINDOWS\system32\Drivers\PROCEXP113.SYS                                                                                             The system cannot find the file specified. !

          ---- User code sections - GMER 1.0.15 ----

          .text           C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[748] ntdll.dll!NtResumeThread                                                         7C90DB3E 5 Bytes  JMP 003F000A

          ---- User IAT/EAT - GMER 1.0.15 ----

          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]               [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                 [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                  [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                 [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                   [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                  [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                   [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                  [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                  [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                    [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                  [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                  [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA]                    [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW]                 [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
          IAT             C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1536] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA]                 [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

          ---- Devices - GMER 1.0.15 ----

          Device                                                                                                                                                 Ntfs.sys (NT File System Driver/Microsoft Corporation)
          Device                                                                                                                                                 Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
          Device                                                                                                                                                 mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

          AttachedDevice                                                                                                                                         fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

          Device                                                                                                                                                 Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

          ---- Registry - GMER 1.0.15 ----

          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                   
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0xB4 0x6D 0x90 0x02 ...
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Pro\
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0x9F 0x9D 0x99 0x6B ...
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                         
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                               0x20 0x01 0x00 0x00 ...
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0xA7 0xA7 0x55 0x1F ...
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                     
          Reg             HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                       0x41 0xAA 0x8A 0xDE ...
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                       
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                    0xD4 0xC3 0x97 0x02 ...
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                    0
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                 0x86 0x38 0x1B 0xF5 ...
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                    C:\Program Files\DAEMON Tools Lite\
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                             
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                           0x20 0x01 0x00 0x00 ...
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                        0x28 0x9D 0x73 0xBA ...
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                         
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                   0x44 0xD5 0x01 0xD3 ...
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                                         
          Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                   0x40 0x43 0x5C 0x23 ...
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                   
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0xD4 0xC3 0x97 0x02 ...
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0x9F 0x9D 0x99 0x6B ...
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                         
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                               0x20 0x01 0x00 0x00 ...
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0xA7 0xA7 0x55 0x1F ...
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                     
          Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                       0x5E 0x7A 0xC4 0xEB ...
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                   
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                        0xD4 0xC3 0x97 0x02 ...
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                        0
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                     0x86 0x38 0x1B 0xF5 ...
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                        C:\Program Files\DAEMON Tools Lite\
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                         
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                               0x20 0x01 0x00 0x00 ...
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                            0x28 0x9D 0x73 0xBA ...
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                     
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                       0x44 0xD5 0x01 0xD3 ...
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)                     
          Reg             HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                                       0x40 0x43 0x5C 0x23 ...
          « Last Edit: July 05, 2010, 05:19:42 PM by SuperDave »
          Logged

          SuperDave

          • Malware Removal Specialist
          • Moderator


            • Genius
            • Thanked: 1020
          • Certifications: List
          • Experience: Expert
          • OS: Windows 10
          Re: Need of Fake Antivirus Removal
          « Reply #23 on: July 05, 2010, 05:29:29 PM »
          I'm going to need to do a consult on this problem. Please wait until I get back to you.
          Logged
          Windows 8 and Windows 10 dual boot with two SSD's

          binkow

            Topic Starter


            Rookie

            Re: Need of Fake Antivirus Removal
            « Reply #24 on: July 05, 2010, 07:35:01 PM »
            Just to let you know, it's like it infected my router because all the computers the router is connected to are getting this redirecting popup virus. Something with results5.google.com and googlesyndication.com
            Logged

            SuperDave

            • Malware Removal Specialist
            • Moderator


              • Genius
              • Thanked: 1020
            • Certifications: List
            • Experience: Expert
            • OS: Windows 10
            Re: Need of Fake Antivirus Removal
            « Reply #25 on: July 07, 2010, 12:29:51 PM »
            Download Dr.Web CureIt to the desktop:
            Dr WebCureIt
            • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
            • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
            • Once the short scan has finished, just let it cure whatever it finds...

              o Now, go to Settings >> Change Settings
              o Go to Actions tab >> under Objects section, change the settings to below
              Infected objects - Cure
              Incurable objects - Report
              Suspicious objects - Report
              o Don't change any other settings
            • Start the scan again. This time, choose Complete Scan
            • Click the green arrow button at the right, and the scan will start.
            • After the scan finished, click Select all
            • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
            • When the scan has finished, in the menu, click File and choose Save report list
            • Save the report to your Desktop. The report will be called DrWeb.csv
            • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
            Logged
            Windows 8 and Windows 10 dual boot with two SSD's

            binkow

              Topic Starter


              Rookie

              Re: Need of Fake Antivirus Removal
              « Reply #26 on: July 07, 2010, 09:25:51 PM »
              I don't think something's right... I've been scanning for more than 5 hours and it's not even near 25 15 percent! Here's the log for the part though... there's really no point in scanning my other drives which it would of done

              Quote
              aoltsmon.dll;c:\program files\common files\aol\topspeed\2.0;Probably DLOADER.Trojan;Deleted.;
              4a8bae9d.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bae9d.qua;Trojan.Packed.682;;
              4a8bae9d.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a8baf5b.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8baf5b.qua;Trojan.Fakealert.4533;;
              4a8baf5b.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a8bafae.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bafae.qua;Trojan.Packed.682;;
              4a8bafae.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a8bafb0.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bafb0.qua;Trojan.Fakealert.4533;;
              4a8bafb0.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a8bb254.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8bb254.qua;Trojan.NtRootKit.3206;;
              4a8bb254.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a8dd4dd.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8dd4dd.qua;Trojan.Packed.682;;
              4a8dd4dd.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a8dd4df.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a8dd4df.qua;Trojan.Packed.682;;
              4a8dd4df.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4a97e6a3.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4a97e6a3.qua;Trojan.Juan.88;;
              4a97e6a3.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4ab434b7.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ab434b7.qua;BackDoor.Tdss.333;;
              4ab434b7.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4ab434bb.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ab434bb.qua;BackDoor.Tdss.333;;
              4ab434bb.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4ab434bd.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ab434bd.qua;BackDoor.Tdss.333;;
              4ab434bd.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4b0a2f6b.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b0a2f6b.qua;Trojan.Fakealert.4625;;
              4b0a2f6b.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4b334324.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4b334324.qua;Trojan.Fakealert.5481;;
              4b334324.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4e1dfb3c.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e1dfb3c.qua;Trojan.PWS.IpDiscover.14;;
              4e1dfb3c.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4e35d6e3.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e35d6e3.qua;BackDoor.Tdss.2459;;
              4e35d6e3.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4e493f4e.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e493f4e.qua;Trojan.Packed.20405;;
              4e493f4e.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4e86f2b5.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e86f2b5.qua;Trojan.PWS.IpDiscover.14;;
              4e86f2b5.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4e926f38.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4e926f38.qua;Trojan.Fakealert.15215;;
              4e926f38.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4eb6bc8d.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4eb6bc8d.qua;Trojan.PWS.IpDiscover.14;;
              4eb6bc8d.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4ed83c08.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4ed83c08.qua;Trojan.PWS.IpDiscover.14;;
              4ed83c08.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4edb3846.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4edb3846.qua;Trojan.PWS.IpDiscover.14;;
              4edb3846.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4edbf547.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4edbf547.qua;Trojan.PWS.IpDiscover.14;;
              4edbf547.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4efcaf62.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4efcaf62.qua;Trojan.DownLoad1.58938;;
              4efcaf62.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4f17c34c.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f17c34c.qua;BackDoor.Tdss.2459;;
              4f17c34c.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4f17c3f8.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f17c3f8.qua;BackDoor.Tdss.2459;;
              4f17c3f8.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              4f5f44fe.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\4f5f44fe.qua;Probably Trojan.Packed.Based;;
              4f5f44fe.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              56054a47.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\56054a47.qua;Trojan.Fakealert.15215;;
              56054a47.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              564c1d39.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\564c1d39.qua;Trojan.PWS.IpDiscover.14;;
              564c1d39.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              564cd158.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\564cd158.qua;Trojan.PWS.IpDiscover.14;;
              564cd158.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              564f1968.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\564f1968.qua;Trojan.PWS.IpDiscover.14;;
              564f1968.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              5780e687.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\5780e687.qua;BackDoor.Tdss.2459;;
              5780e687.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              57c86181.qua\data001;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED\57c86181.qua;Probably Trojan.Packed.Based;;
              57c86181.qua;C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED;Container contains infected objects;;
              7adbb65d-13f5e785\________vload.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-13f5e785;Exploit.Java.45;;
              7adbb65d-13f5e785\vmain.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\7adbb65d-13f5e785;Exploit.Java.45;;
              7adbb65d-13f5e785;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29;Archive contains infected objects;Deleted.;
              30feb821-34c155f5\________vload.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-34c155f5;Exploit.Java.45;;
              30feb821-34c155f5\vmain.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33\30feb821-34c155f5;Exploit.Java.45;;
              30feb821-34c155f5;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\33;Archive contains infected objects;Deleted.;
              e649f74-5934e666\________vload.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5934e666;Exploit.Java.45;;
              e649f74-5934e666\vmain.class;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52\e649f74-5934e666;Exploit.Java.45;;
              e649f74-5934e666;C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\52;Archive contains infected objects;Deleted.;
              Logged

              binkow

                Topic Starter


                Rookie

                Re: Need of Fake Antivirus Removal
                « Reply #27 on: July 07, 2010, 10:13:33 PM »
                Can you help me restore my internet connection on my pc? It just says "Acquiring network address" and it won't say anything else... I had to reset my router to the default settings since it got infected and ads popped up and all that on other computers too. I had the server not found thing going for my pc and it still happens (firefox). All the other computers have internet except the pc.
                Logged

                SuperDave

                • Malware Removal Specialist
                • Moderator


                  • Genius
                  • Thanked: 1020
                • Certifications: List
                • Experience: Expert
                • OS: Windows 10
                Re: Need of Fake Antivirus Removal
                « Reply #28 on: July 08, 2010, 12:56:59 PM »
                As far as I know, routers cannot get infected but they can have their settings altered by malware on any computer connected to that router. You did the correct thing by resetting your settings. No we have to get the computers cleaned and the only way to do that is to run the scans. Afterward, we will deal with any remaining problems.
                Logged
                Windows 8 and Windows 10 dual boot with two SSD's

                binkow

                  Topic Starter


                  Rookie

                  Re: Need of Fake Antivirus Removal
                  « Reply #29 on: July 08, 2010, 10:35:59 AM »
                  I don't think the computers are infected because they're fine now. I need to know how to establish internet connection to my pc though.
                  Logged
                  Pages: 1 [2] 3  All   Go Up
                  « previous next »