Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

search redirect, windows explorer no loading


  • Please log in to reply

#1
jjmears

jjmears

    Member

  • Member
  • PipPip
  • 33 posts
I got this computer from a friend, so I have no idea what may be wrong with it.

As long as we have had it, about 2 months, it has been doing the search redirect.

It also will sometimes just lock up and not do anything, including loading windows explorer, you know, with the start menu bar, or anything.

I had such success on my laptop with your help, I thought I would beg for help with this computer. Thank you very very much.

Here is my OTL log: (it also produced an "extras.txt log, do I need to include that?)



OTL logfile created on: 3/28/2011 4:37:52 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Dad\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 355.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 132.12 Gb Free Space | 88.67% Space Free | Partition Type: NTFS

Computer Name: MEARSFAMILY | User Name: Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/28 16:36:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) -- C:\Documents and Settings\Dad\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/31 18:27:04 | 000,118,784 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe


========== Modules (SafeList) ==========

MOD - [2011/03/28 16:36:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WPFFontCache_v0400)
SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/01 11:38:26 | 000,083,512 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Documents and Settings\Dad\Application Data\HP SimpleSave Application\uUACTokenSvc.exe -- (BackupService)
SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Running] -- -- (MpKslad829a85)
DRV - File not found [Kernel | System | Running] -- -- (MpKsl6240d434)
DRV - File not found [Kernel | System | Running] -- -- (MpKsl4cca78a2)
DRV - File not found [Kernel | System | Running] -- -- (MpKsl25438b75)
DRV - File not found [Kernel | System | Running] -- -- (MpKsl08b44e09)
DRV - [2011/03/28 16:35:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl22fb1fed.sys -- (MpKsl22fb1fed)
DRV - [2007/09/05 20:35:46 | 000,377,920 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2005/03/17 17:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 4C BF 25 77 A9 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/09 19:07:35 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} https://bp.leetechno...ebBehaviors.cab (CHListFactory Object)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1293861011937 (WUWebControl Class)
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/31 20:38:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{305f6730-155f-11e0-91b9-cbc9144a0ea1}\Shell - "" = AutoRun
O33 - MountPoints2\{305f6730-155f-11e0-91b9-cbc9144a0ea1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{305f6730-155f-11e0-91b9-cbc9144a0ea1}\Shell\AutoRun\command - "" = E:\HPLauncher.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/28 16:36:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2011/03/20 13:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dad\My Documents\OneNote Notebooks
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/28 16:36:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dad\Desktop\OTL.exe
[2011/03/28 16:23:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/28 16:10:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/28 14:46:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/28 14:46:17 | 000,013,692 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/28 14:46:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/28 14:46:16 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job
[2011/03/28 14:41:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 09:57:53 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk
[2011/03/24 12:26:13 | 000,300,664 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\sears payment.pdf
[2011/03/22 07:24:24 | 000,024,436 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\dtsart-snail-pblc.zip
[2011/03/22 07:10:26 | 000,103,558 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\800PJLsick-in-bed.jpg
[2011/03/21 01:57:33 | 000,398,760 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2011/03/20 16:09:04 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/20 16:09:04 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/20 15:10:10 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/20 13:59:45 | 000,234,657 | ---- | M] () -- C:\Documents and Settings\Dad\My Documents\laptop receipt.pdf
[2011/03/20 13:58:33 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Dad\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 12:26:11 | 000,300,664 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\sears payment.pdf
[2011/03/22 07:24:23 | 000,024,436 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\dtsart-snail-pblc.zip
[2011/03/22 07:10:25 | 000,103,558 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\800PJLsick-in-bed.jpg
[2011/03/20 13:59:43 | 000,234,657 | ---- | C] () -- C:\Documents and Settings\Dad\My Documents\laptop receipt.pdf
[2011/03/20 13:58:33 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Dad\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/01/02 19:23:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/01 16:45:08 | 000,000,843 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011/01/01 16:45:08 | 000,000,178 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011/01/01 16:44:55 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/01/01 16:44:55 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011/01/01 16:44:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2011/01/01 16:44:14 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2011/01/01 16:44:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/12/31 21:33:18 | 000,000,374 | ---- | C] () -- C:\WINDOWS\System32\DWLAB.DAT
[2010/12/31 21:21:53 | 000,155,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ar5523.bin
[2010/12/31 20:40:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/12/31 20:35:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/12/31 12:03:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/12/31 12:02:53 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/30 22:01:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,435,260 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,068,156 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/03/21 18:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2011/01/09 19:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\FinalMediaPlayer
[2010/12/30 22:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\HitPoint Studios
[2011/01/02 23:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\PC-FAX TX
[2011/01/09 19:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dad\Application Data\Sony Online Entertainment
[2011/03/28 14:46:16 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\Final Media Player Update Checker.job
[2011/03/28 14:46:59 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2010/12/04 17:33:57 | 000,000,283 | ---- | M] ()(C:\Documents and Settings\Dad\Desktop\Basketball_League_Rules34.doc? (32 KB?).url) -- C:\Documents and Settings\Dad\Desktop\Basketball_League_Rules34.doc‎ (32 KB‎).url
[2010/12/04 17:33:57 | 000,000,283 | ---- | C] ()(C:\Documents and Settings\Dad\Desktop\Basketball_League_Rules34.doc? (32 KB?).url) -- C:\Documents and Settings\Dad\Desktop\Basketball_League_Rules34.doc‎ (32 KB‎).url

< End of report >

Attached Files

  • Attached File  log.txt   31.92KB   85 downloads

  • 0

Advertisements


#2
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi jjmears,

Sorry for the delay.

My name is Salagubang and I'll be looking at your problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

Posted Image ERUNT - Download here
Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting. Compatible with Windows NT, 2000, 2003, XP, Vista, 32 & 64-bit versions. To ensure that we have a valid registry backup. Install and run ERUNT (Emergency Recovery Utility NT) which will allows you to store a complete backup of your registry and restore if needed.
  • Download ERUNT
  • Double-click erunt_setup.exe to run.
  • Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  • Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    Posted Image
  • Start ERUNT
  • Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    Posted Image
  • The first two check boxes are ticked by default (System registry and Current user registry).
  • Press OK
  • When prompted, click YES to create a new folder.
  • Progress bars will show backup status.
  • A confirmation window will popup when complete. Click OK to close.

+++++++++++++++++++++++++++++++++++++++++++

Here we go.

Step One

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step Two

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#4
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Hi,

Welcome back. You may proceed with my last instruction. :D
  • 0

#5
jjmears

jjmears

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
2011/04/16 20:43:49.0953 2404 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/16 20:43:50.0453 2404 ================================================================================
2011/04/16 20:43:50.0453 2404 SystemInfo:
2011/04/16 20:43:50.0453 2404
2011/04/16 20:43:50.0453 2404 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/16 20:43:50.0453 2404 Product type: Workstation
2011/04/16 20:43:50.0453 2404 ComputerName: MEARSFAMILY
2011/04/16 20:43:50.0453 2404 UserName: Dad
2011/04/16 20:43:50.0453 2404 Windows directory: C:\WINDOWS
2011/04/16 20:43:50.0453 2404 System windows directory: C:\WINDOWS
2011/04/16 20:43:50.0453 2404 Processor architecture: Intel x86
2011/04/16 20:43:50.0453 2404 Number of processors: 2
2011/04/16 20:43:50.0453 2404 Page size: 0x1000
2011/04/16 20:43:50.0453 2404 Boot type: Normal boot
2011/04/16 20:43:50.0453 2404 ================================================================================
2011/04/16 20:43:51.0187 2404 Initialize success
2011/04/16 20:43:53.0328 3920 ================================================================================
2011/04/16 20:43:53.0328 3920 Scan started
2011/04/16 20:43:53.0328 3920 Mode: Manual;
2011/04/16 20:43:53.0328 3920 ================================================================================
2011/04/16 20:43:53.0968 3920 A5AGU (f2e8282f2d462daca1ed8f1d8f94c21c) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
2011/04/16 20:43:54.0140 3920 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/16 20:43:54.0203 3920 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/16 20:43:54.0296 3920 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/16 20:43:54.0390 3920 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/16 20:43:54.0703 3920 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/16 20:43:54.0750 3920 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/16 20:43:54.0812 3920 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/16 20:43:54.0859 3920 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/16 20:43:54.0906 3920 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/04/16 20:43:55.0000 3920 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/16 20:43:55.0156 3920 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/16 20:43:55.0218 3920 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/16 20:43:55.0296 3920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/16 20:43:55.0359 3920 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/16 20:43:55.0578 3920 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/16 20:43:55.0640 3920 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/16 20:43:55.0687 3920 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/16 20:43:55.0718 3920 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/16 20:43:55.0765 3920 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/16 20:43:55.0828 3920 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/16 20:43:55.0906 3920 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/16 20:43:55.0953 3920 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/04/16 20:43:56.0000 3920 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/16 20:43:56.0000 3920 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/04/16 20:43:56.0062 3920 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/16 20:43:56.0078 3920 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/16 20:43:56.0093 3920 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/16 20:43:56.0125 3920 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/16 20:43:56.0203 3920 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/16 20:43:56.0312 3920 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/16 20:43:56.0437 3920 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/16 20:43:56.0609 3920 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/16 20:43:56.0703 3920 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/16 20:43:56.0765 3920 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/16 20:43:56.0828 3920 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/16 20:43:56.0875 3920 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/16 20:43:56.0921 3920 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/16 20:43:56.0968 3920 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/16 20:43:57.0000 3920 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/16 20:43:57.0046 3920 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/16 20:43:57.0093 3920 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/16 20:43:57.0109 3920 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/16 20:43:57.0187 3920 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/16 20:43:57.0234 3920 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/16 20:43:57.0343 3920 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/16 20:43:57.0406 3920 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/16 20:43:57.0453 3920 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/16 20:43:57.0484 3920 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/16 20:43:57.0593 3920 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/16 20:43:57.0625 3920 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/16 20:43:57.0703 3920 MpKsl09070c93 (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF1A4D65-E494-438C-9B21-4FB1F40A3F68}\MpKsl09070c93.sys
2011/04/16 20:43:57.0984 3920 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/16 20:43:58.0015 3920 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/16 20:43:58.0046 3920 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/16 20:43:58.0093 3920 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/16 20:43:58.0140 3920 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/16 20:43:58.0171 3920 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/16 20:43:58.0234 3920 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/16 20:43:58.0250 3920 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/16 20:43:58.0296 3920 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/16 20:43:58.0312 3920 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/16 20:43:58.0328 3920 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/16 20:43:58.0359 3920 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/16 20:43:58.0406 3920 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/16 20:43:58.0453 3920 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/16 20:43:58.0484 3920 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/16 20:43:58.0578 3920 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/16 20:43:58.0640 3920 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/16 20:43:58.0703 3920 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/04/16 20:43:58.0750 3920 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/16 20:43:58.0796 3920 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/16 20:43:58.0828 3920 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/16 20:43:58.0875 3920 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/16 20:43:58.0890 3920 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/16 20:43:58.0906 3920 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/16 20:43:58.0953 3920 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/16 20:43:59.0015 3920 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/16 20:43:59.0093 3920 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/16 20:43:59.0390 3920 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/16 20:43:59.0421 3920 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/16 20:43:59.0468 3920 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/16 20:43:59.0734 3920 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/16 20:43:59.0750 3920 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/16 20:43:59.0765 3920 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/16 20:43:59.0781 3920 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/16 20:43:59.0828 3920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/16 20:43:59.0875 3920 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/16 20:43:59.0906 3920 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/16 20:43:59.0984 3920 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/16 20:44:00.0125 3920 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/16 20:44:00.0250 3920 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/16 20:44:00.0359 3920 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
2011/04/16 20:44:00.0484 3920 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/16 20:44:00.0500 3920 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/16 20:44:00.0578 3920 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/16 20:44:00.0656 3920 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/16 20:44:00.0718 3920 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/16 20:44:00.0781 3920 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/16 20:44:00.0812 3920 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/16 20:44:00.0953 3920 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2011/04/16 20:44:01.0015 3920 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/16 20:44:01.0062 3920 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/16 20:44:01.0171 3920 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/16 20:44:01.0250 3920 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/16 20:44:01.0328 3920 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/16 20:44:01.0390 3920 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/16 20:44:01.0437 3920 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/16 20:44:01.0500 3920 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/16 20:44:01.0609 3920 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/16 20:44:01.0718 3920 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/16 20:44:01.0781 3920 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/16 20:44:01.0812 3920 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/16 20:44:01.0843 3920 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/16 20:44:01.0921 3920 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/16 20:44:01.0984 3920 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/16 20:44:02.0031 3920 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/16 20:44:02.0125 3920 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/16 20:44:02.0156 3920 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/16 20:44:02.0218 3920 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/16 20:44:02.0281 3920 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/16 20:44:02.0406 3920 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/16 20:44:02.0531 3920 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/16 20:44:02.0531 3920 ================================================================================
2011/04/16 20:44:02.0531 3920 Scan finished
2011/04/16 20:44:02.0531 3920 ================================================================================
2011/04/16 20:44:02.0546 3236 Detected object count: 1
2011/04/16 20:44:16.0468 3236 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/16 20:44:16.0468 3236 \HardDisk0 - ok
2011/04/16 20:44:16.0468 3236 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/16 20:44:26.0203 2980 Deinitialize success



ComboFix 11-04-16.01 - Dad 04/16/2011 21:07:37.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.648 [GMT -7:00]
Running from: c:\documents and settings\Dad\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-17 to 2011-04-17 )))))))))))))))))))))))))))))))
.
.
2011-04-17 03:41 . 2011-04-17 03:41 -------- d-----w- c:\program files\ERUNT
2011-04-17 03:33 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF1A4D65-E494-438C-9B21-4FB1F40A3F68}\mpengine.dll
2011-04-15 02:15 . 2011-04-15 02:35 -------- d-----w- c:\documents and settings\Haylee\Application Data\Magic Academy
2011-04-14 23:43 . 2011-04-14 23:49 -------- d-----w- c:\documents and settings\Hunter\Application Data\Magic Academy
2011-04-10 23:08 . 2011-04-10 23:08 -------- d-----w- c:\documents and settings\Haylee\Application Data\GamesCafe
2011-04-04 01:50 . 2011-04-04 01:50 -------- d-----w- c:\documents and settings\Haylee\Application Data\Gamers Digital
2011-04-04 00:32 . 2011-04-04 00:32 -------- d-----w- c:\documents and settings\Hunter\Application Data\Gamers Digital
2011-04-04 00:32 . 2011-04-04 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Gamers Digital
2011-03-28 23:58 . 2011-03-28 23:58 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Mozilla
2011-03-26 18:30 . 2011-03-26 18:31 -------- d-----w- c:\documents and settings\Haylee\Application Data\TitanicMystery
2011-03-26 17:25 . 2011-03-26 17:26 -------- d-----w- c:\documents and settings\Haylee\Local Settings\Application Data\Chronicles of Albian
2011-03-25 00:11 . 2011-03-25 00:11 -------- d-----w- c:\documents and settings\Hunter\Application Data\KingsIsle Entertainment
2011-03-25 00:11 . 2011-03-25 00:11 -------- d-----w- c:\documents and settings\Hunter\Application Data\InstallShield Installation Information
2011-03-25 00:00 . 2011-03-25 00:00 -------- d-----w- c:\documents and settings\Hunter\Local Settings\Application Data\Chronicles of Albian
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 08:57 . 2011-01-03 21:10 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-03-15 04:05 . 2011-01-02 09:42 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-03 01:11 . 2011-01-01 08:18 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-22 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\documents and settings\Dad\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Brother\\Brmfl08b\\FAXRX.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:BrotherNetwork Scanner
.
R1 MpKsl84daa53c;MpKsl84daa53c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF1A4D65-E494-438C-9B21-4FB1F40A3F68}\MpKsl84daa53c.sys [4/16/2011 8:54 PM 28752]
S1 MpKsl08b44e09;MpKsl08b44e09;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl08b44e09.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl08b44e09.sys [?]
S1 MpKsl1124daa8;MpKsl1124daa8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl1124daa8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl1124daa8.sys [?]
S1 MpKsl22fb1fed;MpKsl22fb1fed;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl22fb1fed.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl22fb1fed.sys [?]
S1 MpKsl25438b75;MpKsl25438b75;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl25438b75.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl25438b75.sys [?]
S1 MpKsl4cca78a2;MpKsl4cca78a2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl4cca78a2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl4cca78a2.sys [?]
S1 MpKsl558fc386;MpKsl558fc386;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl558fc386.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl558fc386.sys [?]
S1 MpKsl6240d434;MpKsl6240d434;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl6240d434.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKsl6240d434.sys [?]
S1 MpKsl7d0bf3d5;MpKsl7d0bf3d5;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl7d0bf3d5.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl7d0bf3d5.sys [?]
S1 MpKsl9273215b;MpKsl9273215b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl9273215b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A123962B-47C4-433B-B35E-C8BE8AFE2566}\MpKsl9273215b.sys [?]
S1 MpKslad829a85;MpKslad829a85;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKslad829a85.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B478E229-61AD-49A6-B7F3-A97026CF477C}\MpKslad829a85.sys [?]
S2 BackupService;BackupService;c:\documents and settings\Dad\Application Data\HP SimpleSave Application\uUACTokenSvc.exe [1/1/2011 12:27 PM 83512]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2011 9:18 PM 136176]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [12/31/2010 9:21 PM 377920]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 10:59 AM 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL84DAA53C
*Deregistered* - klmd25
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 04:18]
.
2011-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-02 04:18]
.
2011-04-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 20:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {06D59DC6-5304-432D-A1CE-67E531410F9F} - hxxps://bp.leetechnologies.com/BusinessPortal/UI/ResultViewer/Scripts/MBFWebBehaviors.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 21:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2620)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-04-16 21:19:51
ComboFix-quarantined-files.txt 2011-04-17 04:19
.
Pre-Run: 142,787,198,976 bytes free
Post-Run: 144,616,271,872 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - A862144FEF5346E376D39566412C942B
  • 0

#6
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Step One

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step Two

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the Posted Image button.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Step Three

Open OTL and choose Run Scan. Post the log on your reply for review.
  • 0

#7
jjmears

jjmears

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
Here is my log for step one. For step 2, I cannot see your icons/images, so I don't know what I am supposed to be clicking. I will await written instructions, as it seems I cannot do what I need if I can't see the images.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6381

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/16/2011 10:03:39 PM
mbam-log-2011-04-16 (22-03-39).txt

Scan type: Quick scan
Objects scanned: 199457
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Salagubang

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,890 posts
Here it is. :D

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP