Inactive Virus? Safe mode screen is 3/4 blocked

[Bobbye]

I accidentally clicked the column that turned everything into auto.

I accidentally single clicked on the manual/auto tab and everything went to auto.

I think I figured out what you're referring to here and no harm done!! You just sorted the Services into groups for Automatic, Manual and Disabled. I click sorts in Ascending order, double click sorts in Descending order. If you scroll down the column, you should see the other groups.

Let me give you something comparable so you'll understand how sorting works:
Right click on the Taskbar> Task Manager> Processes tab> click once on the frame above the Memory column>> the column will sort in ascending order with the higher numbers as you go down. If you double click the same column, now you'll sort the memory usage with the most at the top, getting less as you go down the column.

You didn't change any settings- just the order they were in. That's what you did in the Services Startup column! When the contents of a column are text, it will sort alphabetically and Automatic starts with A so that is the first group. Whew!! It took me a while to figure that one out! So Services have not been changed. When you want to actually change the Startup type of a Service, you need to double click on the Service itself, not the column. Once it's open, you can make the change there.

OK?

 

[steveow]

Ok, Bobbye,
I kind of figured the "auto/manual" mess up was not too serious since it was only my preference during start up.

Some progress:
By accident this afternoon I found that if I wait about 10 minutes Normal mode desktop appears. So I was able to run ESET and TDSS.

I cannot connect to the Net and there's not much else I can do in normal mode, however, I was able to view and pencil down the meat and potatoes of the scans and post them using the other computer for you . Like before I did not clean ESET. TDSS scan was moved to quarantine.

ESET:
remove_checked=false
archives_checked=false
unwanted_checked=true
unsafe_checked=false
anti-stealth_checked=true
UTC_time=2010-12-13 7:42:04
local time=11:42:04
US
Lang 1033 Service Pack 3
compatibility=mode-crash
scanned 112587
Found 1
cleaned=0
c:\Documents&Settings\networkservice.NT\authority\localsettings\tempfiles\content.IE5\LitozBJ8\dsgfhfsgju[2].htm

TDSS:
ROOTKIT.WIN32.Backboot.gen\HardDisk0 copied to quarantine

I hope this helps.
And I sure do appreciate you taking the time to help me with this. You're right this malware is very tenacious.
steveow

 

[Bobbye]

What was the malware found on this entry?
c:\Documents&Settings\networkservice.NT\authority\localsettings\tempfiles\c ontent.IE5\LitozBJ8\dsgfhfsgju[2].htm

For instance, I found one Eset log with the same entry, followed by the name of the malware- like this:
#
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLH0Z8QF\dsgfhfsgju[1].htm JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
#
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\NLH0Z8QF\dsgfhfsgju[2].htm JS/TrojanDownloader.Agent.NWG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

I need to know because there may be a special way to clean, such if it's the JSTrojan Downloader/
=======================================
Will you please give me a description of the current problems you are having? What has improved- is anything?
Where is the TDSSKiller log? Where is the Combofix rescan?

 

[steveow]

crap! Forgot to turn the page for the rest of the eset results.

ESET.....JS/TROJANDOWNLOADER.AGENT.NWG.trojan 00000000000000000000000000 I

TDSS LOG: Had to get a flash drive for this.

2010/12/14 18:29:52.0421 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/14 18:29:52.0421 ================================================================================
2010/12/14 18:29:52.0421 SystemInfo:
2010/12/14 18:29:52.0421
2010/12/14 18:29:52.0421 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/14 18:29:52.0421 Product type: Workstation
2010/12/14 18:29:52.0421 ComputerName: STEVE-0B6026E53
2010/12/14 18:29:52.0421 UserName: steve r warner
2010/12/14 18:29:52.0421 Windows directory: C:\WINDOWS
2010/12/14 18:29:52.0421 System windows directory: C:\WINDOWS
2010/12/14 18:29:52.0421 Processor architecture: Intel x86
2010/12/14 18:29:52.0421 Number of processors: 2
2010/12/14 18:29:52.0421 Page size: 0x1000
2010/12/14 18:29:52.0421 Boot type: Normal boot
2010/12/14 18:29:52.0421 ================================================================================
2010/12/14 18:29:52.0608 Initialize success
2010/12/14 18:30:29.0306 ================================================================================
2010/12/14 18:30:29.0306 Scan started
2010/12/14 18:30:29.0306 Mode: Manual;
2010/12/14 18:30:29.0306 ================================================================================
2010/12/14 18:30:30.0212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/14 18:30:30.0290 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/14 18:30:30.0399 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/14 18:30:30.0493 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/14 18:30:30.0618 AgereSoftModem (593aefc67283d409f34cc1245d00a509) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/14 18:30:30.0977 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/14 18:30:31.0212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/14 18:30:31.0243 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/14 18:30:31.0352 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/14 18:30:31.0415 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/14 18:30:31.0602 avgio (afa456a6210abe5798561a5758517340) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
2010/12/14 18:30:31.0680 avgntflt (906f73c4f6b8ba5daabc41a1f04cecfe) C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
2010/12/14 18:30:31.0790 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/14 18:30:31.0915 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/14 18:30:32.0024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/14 18:30:32.0196 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/14 18:30:32.0680 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/14 18:30:33.0243 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/14 18:30:33.0352 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/14 18:30:33.0399 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/14 18:30:33.0461 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/14 18:30:33.0555 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/14 18:30:33.0649 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/14 18:30:33.0743 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/14 18:30:33.0868 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/14 18:30:33.0930 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/14 18:30:34.0024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/14 18:30:34.0055 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/14 18:30:34.0133 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/14 18:30:34.0227 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2010/12/14 18:30:34.0258 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/14 18:30:34.0321 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/14 18:30:34.0414 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2010/12/14 18:30:34.0461 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/14 18:30:34.0571 HdAudAddService (9131ede087af04a7d80f7ebadc164254) C:\WINDOWS\system32\drivers\HdAudio.sys
2010/12/14 18:30:34.0649 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/14 18:30:34.0727 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/14 18:30:34.0899 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/14 18:30:35.0055 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/14 18:30:35.0117 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/14 18:30:35.0367 IntcAzAudAddService (1ed9ac45c69e650d4f12d1114132622b) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/14 18:30:35.0414 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/14 18:30:35.0492 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/14 18:30:35.0539 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/14 18:30:35.0602 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/14 18:30:35.0664 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/14 18:30:35.0696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/14 18:30:35.0758 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/14 18:30:35.0836 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/14 18:30:35.0883 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/14 18:30:35.0930 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/14 18:30:35.0977 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/14 18:30:36.0055 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/14 18:30:36.0117 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/14 18:30:36.0367 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/14 18:30:36.0461 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/14 18:30:36.0524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/14 18:30:36.0570 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/14 18:30:36.0617 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/14 18:30:36.0695 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/14 18:30:36.0805 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/14 18:30:36.0883 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/14 18:30:36.0945 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/14 18:30:37.0008 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/14 18:30:37.0055 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/14 18:30:37.0148 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/14 18:30:37.0195 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/14 18:30:37.0242 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/14 18:30:37.0320 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/14 18:30:37.0367 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/14 18:30:37.0398 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/14 18:30:37.0461 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/14 18:30:37.0492 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/14 18:30:37.0601 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/14 18:30:37.0758 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/14 18:30:37.0805 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/14 18:30:37.0883 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/14 18:30:38.0039 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/14 18:30:38.0180 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/14 18:30:38.0242 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/14 18:30:38.0289 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/14 18:30:38.0336 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/14 18:30:38.0383 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/14 18:30:38.0445 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/14 18:30:38.0476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/14 18:30:38.0586 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/12/14 18:30:38.0648 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/14 18:30:38.0992 pfc (957b82ec80ad7ead64e5e47df6b0dc40) C:\WINDOWS\system32\drivers\pfc.sys
2010/12/14 18:30:39.0086 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/14 18:30:39.0148 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/14 18:30:39.0195 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/14 18:30:39.0445 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/14 18:30:39.0523 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/14 18:30:39.0570 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/14 18:30:39.0632 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/14 18:30:39.0679 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/14 18:30:39.0726 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/14 18:30:39.0789 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/14 18:30:39.0882 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/14 18:30:40.0414 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/14 18:30:40.0664 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2010/12/14 18:30:40.0757 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2010/12/14 18:30:40.0976 SASDIFSV (c030c9a39e85b6f04a8dd25d1a50258a) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/14 18:30:41.0038 SASENUM (e9c2d75c748c3f0a4c34d6cf2ae1d754) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2010/12/14 18:30:41.0085 SASKUTIL (64c100dbf57c6cb6e7d5d24153f5e444) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
2010/12/14 18:30:41.0195 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/14 18:30:41.0304 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/14 18:30:41.0413 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/14 18:30:41.0570 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/14 18:30:41.0648 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/14 18:30:41.0757 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/14 18:30:41.0866 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/14 18:30:41.0960 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/14 18:30:41.0991 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/14 18:30:42.0273 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/14 18:30:42.0398 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/14 18:30:42.0476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/14 18:30:42.0507 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/14 18:30:42.0569 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/14 18:30:42.0788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/14 18:30:42.0882 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/14 18:30:42.0991 usbbus (9419faac6552a51542dbba02971c841c) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
2010/12/14 18:30:43.0069 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/14 18:30:43.0132 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
2010/12/14 18:30:43.0194 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/14 18:30:43.0288 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/14 18:30:43.0335 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
2010/12/14 18:30:43.0429 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/14 18:30:43.0522 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/14 18:30:43.0554 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/14 18:30:43.0616 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/14 18:30:43.0663 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/14 18:30:43.0804 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/14 18:30:43.0944 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/14 18:30:44.0054 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/14 18:30:44.0319 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/14 18:30:44.0429 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/14 18:30:44.0475 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/14 18:30:44.0804 \HardDisk0 - detected Rootkit.Win32.BackBoot.gen (1)
2010/12/14 18:30:44.0866 ================================================================================
2010/12/14 18:30:44.0866 Scan finished
2010/12/14 18:30:44.0866 ================================================================================
2010/12/14 18:30:44.0897 Detected object count: 1
2010/12/14 18:31:04.0176 \HardDisk0 - copied to quarantine
2010/12/14 18:31:04.0176 Rootkit.Win32.BackBoot.gen(\HardDisk0) - User select action: Quarantine

The Combofix I have no idea what that is. It's not on my computer.

The problems I'm having now are:
I can't get on the internet.
Normal Mode (app 10-15 for desktop to appear) is very very slow except the Start Tab...Acc, My PC, Control Panel etc etc....all is fast there.
I can run all the Scans quickly, but SAS will only scan 1 file per minute in Memory. After 19 files ( and 17mins) of scanning I closed it. Same thing in Safe Mode.

Here's one more thing that may be a problem. When I went to burn CD's last week (just before my PC went on the blink again) it would only burn the 1st song and then tell me to put in a blank CD...many times over.......NOW** once from my music library a damn porno started via Windows Media Player. What the heck is that doing in my music library?

There you go, bobbye.

 

[steveow]

I was able to connect. Not sure how, but it did. I can connect almost everytime now and sometimes I get redirected (walmart) and sometimes not. And my desktop comes up quick too.

I downloaded ComboFix.exe from BleepingComputer and it will not run because there is a
Virus Ranger 3.6 that is running. Internet said that's an infection. I thought I'd give it a go, but ComboFix said it's corrupted and can't run.

 

[Bobbye]

This is also known as VirusBurst which is a anti-spyware program that is known to issue fake warnings on your computer in order to manipulate you into buying its full commercial version. The program is generally installed by a Trojan that automatically downloads and installs the program.

If you are infected with this program you will receive warnings in your task bar stating that you are infected with spyware and to run its special anti-spyware tool. This tool turns out to be the commercial version of VirusBurst. These warnings are fake and are a goad to have you buy the commercial version of this software. The current text for these alerts is "System detected virus activities. They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs. Click this baloon to get all available software."

This is an example of the alert:

Courtesy bleepingcomputer:

Please go to this section Automated Removal Instructions on THIS SITE and follow the automatic removal instructions.

You will be guided through downloading and running Tools Needed for this fix:
* Roguescanfix (VirusBurst Removal Tool)
* smitRem.exe
* FixVB.reg

Please follow this well-written guide. When completed, come back and we'll try to have you do what you cannot do now.

 

[steveow]

Roguescanfix will not download. The other 2 are on my desktop waiting.
When I click the highlighted Roguescanfix_setup.exe I'm directed to the Bleeping Computer sign in page to their forums.
I've tried it many many times and the same thing. It looks like the manual doesn't need it, but I'd prefer the Automatic method.

I'm getting tempted to backup my files and pictures etc and toss the hard drive in the trash.

 

[Bobbye]

Roguescanfix will not download.When I click the highlighted Roguescanfix_setup.exe

Sorry I didn't get back to you sooner. If you had the setup on the desktop, something must have downloaded. But after doing a trip around the internet, I see that you cannot get the valid exe file for the roguescanfix setup.exe starting with that link. Sometimes these authors go elsewhere and the link becomes invalid. But I found him and his program:

http://users.telenet.be/Beamerke/tools/roguescanfix_setup.exe

Please delete the one you have on your desktop, then download this and proceed with the double click to run it. The directions there are pretty straight forward:

1. Download roguescanfix_setup.
2. Double click roguescanfix_setup to install it.
3. After the installation, you will be prompted if you would like to run roguescanfix now. Click "YES" to start the tool.
4. When you start roguescanfix.bat you'll see a menu:
   1. Run Roguescanfix
   2. Run sharedtasksrem
5. Choose option 1 by typing "1".

Let me know if that works for you. I've sent a note to bleepingcomputer to let them know the link is no good.

 

[steveow]

No biggy, Bobbye. Grandma passed..funeral...parents in town...Xmas.....Whew!

Update: I haven't been able to connect with my PC to the net for several days now. I was getting that "Virus Alert....blah blah...Please download" etc. I'd use task manager to stop it by ending the random lettered process. After many times it finally shut down task manager. Just today I decided to mess with it again and in safe mode (normal mode froze) I went to Hijack and found that same task manager's random lettered jibberish in two spots. At this time I was in the mindset to copy my pictures etc and buy a new hard drive and start over, so I ran Hijack's 'Fix Selected' not really caring if I'd screw something up. Well, now I'm able to bring up desktop in normal mode. So I guess let's fix this PC.

One thing....I can't connect to the net, so what do I do now?
One more thing. I tried to run ESET the other day and it said the proxy is not configured. That was just before I was hammered with the task manager headache.

thanks!
steveo

 

[steveow]

Well what do I do about connecting to the net to download the Roguescanfix program? Don't know if this helps, but in Task Manager "System Idle Process" is running 99%. everything else is 00. However, I was finally able to get SAS to run after I was in Hijack and found a WinLogon Notify !SASWinLogon-Invalid Registry. I hit fix selected and now my SAS is running full speed, which hasn't happened in weeks.

Now, how do we know if lsass.exe is the small i or Isass is the ligitimate small L? Reading up on here about this isass infection. It is on my Task Manager and don't know if it's legit or not.

 

[steveow]

Bobbye,

Forget the above jibberish, what I really need is some instruction how to connect to the internet so I can get to the RogueScanFix download. When I try it always say's, "Internet Explore can't display web page." All connections to router etc are diagnosed as working.

I've done some investigation for my own learning interests (not deleting anything or changing any setting that I can't go right back to) and my PC tells me HTTP-port 80, HTTPS port 443 and FTB port 21 is(?) the problem due to firewall settings. In CP> Windows Firewall ..it just says it's on. My knowledge ends there. Hope that info helps.

Here's something interesting regarding ESET. Last night I was milling around my PC I went to ESET again and I hit scan and then focused on the TV football games, well, I dozed off a while and saw that ESET found and deleted 2 infections. This time It did not stop the scan due to bad Proxy. I wished I'd of not cleaned them so you could see....if it even matters at this point. I'm now running another one without cleaning just in case you may want to see it.

steveo

 

[Bobbye]

My sympathy for the passing of your loved one.

We should now try to get back on course. It would be best if you not run scans unless I instruct you to and that you follow the directions specifically. Hopefully I'll pick up whatever the Eset scan found previously. Perhaps you now see why one of the directions for that scan is not to remove entries that are found.

 

[steveow]

I'll have to get a flash drive to transfer the scans.
I should have it pasted here Sun or Mon.

thanks