Inactive Search results being redirected, programs not launching..

JKBM · 2010/12/15

[Inactive] Search results being redirected, programs not launching..

Ok.. So for the last week or so I've been having problems with explorer.exe not running at startup.. I end the task & run it again & it works.. That's how it started.. Now it has spread to firefox & many other programs not launching & my search results are being redirected to adware anytime I search from the toolbar.. But I noticed if I typed google.com directly & searched there, I wasn't getting adware..

So I did some googling & noticed a few people here have had the same issue, ran HiJackThis & had their problem fixed.. I installed & ran HJT but I want to post the log here to see what the experts have to say before I go removing things myself. Below is the log:

[HJT log removed - Broni]

wildfire · 2010/12/15

Hi JKBM welcome to WindowsBBS

Please read this post as indicated at the top of this forum and follow those instructions.

JKBM · 2010/12/15

Just got in from work.. will start posting the logs from the sticky thread now..

Ran TFC, when I restarted I had the same issue with explorer.exe not loading.. Once I got that running & started firefox this window popped up.

http://pcspeedmaximizer.s3.amazonaws.com/index.html

Running MalwareBytes scan now.. will post log shortly

JKBM · 2010/12/15

MalwareBytes Log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5324

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/15/2010 9:24:20 PM
mbam-log-2010-12-15 (21-24-20).txt

Scan type: Quick scan
Objects scanned: 122786
Time elapsed: 3 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\internet explorer\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\WINDOWS\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

JKBM · 2010/12/15

Gmer.log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-15 21:39:35
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD2500JS-22NCB1 rev.10.02E02
Running: 96buxm13.exe; Driver: C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\kgdyrfog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 58: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-3 89E7F39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89E7F39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89E7F39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 89E7F39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 89E7F39B

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD2500JS-22NCB1_____________________10.02E02#5&cfaf990&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

JKBM · 2010/12/15

MBR Check Log:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 137):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0x89E3F000 \WINDOWS\system32\KDCOM.DLL
0xBACBC000 \WINDOWS\system32\BOOTVID.dll
0xBA8A8000 kbjeour.sys
0xBA779000 ACPI.sys
0xBADA8000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xBA768000 pci.sys
0xBA8B8000 isapnp.sys
0xBA8C8000 ohci1394.sys
0xBA8D8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBACC0000 compbatt.sys
0xBACC4000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBAE70000 pciide.sys
0xBAB28000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA8E8000 MountMgr.sys
0xBA72B000 ftdisk.sys
0xBADB4000 dmload.sys
0xBA705000 dmio.sys
0xBAE71000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBAB30000 PartMgr.sys
0xBA8F8000 VolSnap.sys
0xBA6ED000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA61E000 atapi.sys
0xBA988000 disk.sys
0xBA998000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xBA5BA000 fltMgr.sys
0xBA5A8000 sr.sys
0xBAB98000 PxHelp20.sys
0xBA591000 KSecDD.sys
0xBA504000 Ntfs.sys
0xBA4D7000 NDIS.sys
0xBA4BC000 Mup.sys
0xBABA0000 avgrkx86.sys
0xBA9C8000 AVGIDSEH.Sys
0xBA47C000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xBAC98000 \SystemRoot\system32\DRIVERS\aracpi.sys
0xB92DC000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB92C8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBACA0000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB92A5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBACA8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA46C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA45C000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xBA44C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA43C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9282000 \SystemRoot\system32\DRIVERS\ks.sys
0xBACB0000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xB924B000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xB914E000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB90A1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xBABB0000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA42C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB907C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBACCC000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xB9032000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xB8FFB000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xBA41C000 \SystemRoot\system32\DRIVERS\serial.sys
0xBACD0000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8FE7000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA908000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBABE0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBADE2000 \SystemRoot\system32\DRIVERS\arkbcfltr.sys
0xBACD4000 \SystemRoot\system32\DRIVERS\arpolicy.sys
0xBAF15000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA918000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBACD8000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8FD0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA928000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA938000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBABE8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8FBF000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA948000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBABF0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBABF8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBAC00000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xB8F8E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB97E3000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBAC08000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBADE4000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8F5A000 \SystemRoot\system32\DRIVERS\update.sys
0xBAD74000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB7A53000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB7A43000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBAE2C000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB708E000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xBAE30000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB705E000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xBAE34000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBAED9000 \SystemRoot\System32\Drivers\Null.SYS
0xBAE36000 \SystemRoot\System32\Drivers\Beep.SYS
0xB7BCC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB7BC4000 \SystemRoot\System32\drivers\vga.sys
0xBAE38000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBAE3A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB6E17000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB6E0F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7141000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB1BBF000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB1B67000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB1B3F000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB1B1E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7135000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6531000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB1AFC000 \SystemRoot\System32\drivers\afd.sys
0xB6521000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB6501000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB1A09000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB199A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB64F1000 \SystemRoot\System32\Drivers\Fips.SYS
0xB4E6F000 \SystemRoot\System32\Drivers\FileDisk.SYS
0xB195E000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xB4E4B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB64E1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB6DFF000 \SystemRoot\system32\DRIVERS\arhidfltr.sys
0xB6DF7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB4A3E000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBAE3E000 \SystemRoot\system32\DRIVERS\armoucfltr.sys
0xA90BF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA90A7000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xAB58C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7149000 \SystemRoot\System32\drivers\Dxapi.sys
0xB1E14000 \SystemRoot\System32\watchdog.sys
0xBF9C2000 \SystemRoot\System32\drivers\dxg.sys
0xBAF89000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF9D4000 \SystemRoot\System32\nv4_disp.dll
0xB1A50000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA80DA000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBAE3C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBAE42000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xA8021000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7CAF000 \SystemRoot\system32\DRIVERS\srv.sys
0xA7DF1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBAA68000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA5EFE000 \??\C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\kgdyrfog.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 71):
0 System Idle Process
4 System
676 C:\WINDOWS\system32\smss.exe
820 csrss.exe
848 C:\WINDOWS\system32\winlogon.exe
896 C:\WINDOWS\system32\services.exe
908 C:\WINDOWS\system32\lsass.exe
1096 C:\WINDOWS\system32\svchost.exe
1148 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1380 svchost.exe
1492 svchost.exe
1716 C:\WINDOWS\system32\spoolsv.exe
276 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
296 C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
340 C:\WINDOWS\arservice.exe
380 aoltpspd.exe
404 C:\Program Files\AVG\AVG10\avgwdsvc.exe
456 C:\Program Files\Bonjour\mDNSResponder.exe
560 C:\WINDOWS\ehome\ehrecvr.exe
308 C:\WINDOWS\ehome\ehSched.exe
1244 C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
1556 C:\Program Files\Java\jre6\bin\jqs.exe
1860 C:\Program Files\McAfee.com\Agent\Mcdetect.exe
2068 C:\Program Files\McAfee.com\Agent\McTskshd.exe
2184 C:\WINDOWS\system32\nvsvc32.exe
2208 C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
2420 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
2552 svchost.exe
2592 C:\WINDOWS\system32\svchost.exe
2732 C:\WINDOWS\system32\searchindexer.exe
2904 mcrdsvc.exe
2912 C:\PROGRA~1\McAfee.com\MPS\mscifapp.exe
2968 C:\Program Files\AVG\AVG10\avgchsvx.exe
3728 C:\WINDOWS\system32\dllhost.exe
3880 alg.exe
2100 C:\WINDOWS\explorer.exe
2512 C:\WINDOWS\ehome\ehtray.exe
2532 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2536 C:\WINDOWS\arpwrmsg.exe
2636 C:\Program Files\Digital Media Reader\readericon45G.exe
3000 C:\WINDOWS\ehome\ehmsas.exe
3028 C:\WINDOWS\zHotkey.exe
3228 C:\Program Files\Common Files\AOL\1279480503\EE\aolsoftware.exe
3220 C:\Program Files\QuickTime\QTTask.exe
2948 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3320 C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
3284 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
3272 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3324 C:\Program Files\AVG\AVG10\avgtray.exe
3400 C:\WINDOWS\system32\ctfmon.exe
3460 C:\Program Files\BigFix\bigfix.exe
3488 C:\Program Files\Windows Desktop Search\WindowsSearch.exe
3500 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2236 C:\Program Files\Common Files\AOL\1279480503\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
3116 wmiprvse.exe
3804 C:\WINDOWS\system32\wuauclt.exe
268 C:\Program Files\Common Files\AOL\1279480503\EE\aolsoftware.exe
4120 C:\Program Files\America Online 9.0\waol.exe
4708 C:\Program Files\America Online 9.0\shellmon.exe
6040 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
6052 C:\Program Files\AVG\AVG10\avgcsrvx.exe
720 C:\WINDOWS\explorer.exe
5528 C:\WINDOWS\system32\taskmgr.exe
4288 C:\Program Files\Mozilla Firefox\firefox.exe
5280 C:\Program Files\Mozilla Firefox\plugin-container.exe
5524 C:\WINDOWS\system32\notepad.exe
5996 C:\WINDOWS\system32\notepad.exe
1068 C:\WINDOWS\system32\searchprotocolhost.exe
4584 searchfilterhost.exe
5256 C:\Documents and Settings\Owner.YOUR-B7E751C8E6\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`56b1f600 (NTFS)
\\.\H: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: WDCWD2500JS-22NCB1, Rev: 10.02E02

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Gateway MBR code detected
SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD

Done!

JKBM · 2010/12/15

DDS Log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 21:50:04.33 on Wed 12/15/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1919.1303 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\arservice.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\AOL\1279480503\ee\AOLSoftware.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\common files\aol\1279480503\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1279480503\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Owner.YOUR-B7E751C8E6\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://aol.com/
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.aol.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McBrwHelper Class: {227b8aa8-daf2-4892-bd1d-73f568bcb24e} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
BHO: McAfee Privacy Service Popup Blocker: {3ec8255f-e043-4cae-8b3b-b191550c2a22} - c:\program files\mcafee.com\mps\popupkiller.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [readericon] c:\program files\digital media reader\readericon45G.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CHotkey] zHotkey.exe
mRun: [HostManager] c:\program files\common files\aol\1279480503\ee\AOLSoftware.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [MCAgentExe] c:\progra~1\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Conime] %windir%\system32\conime.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [GMorphCl] "c:\windows\system32\task.exe "
mRun: [MPSExe] c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRunOnce: [OOBEDDDemise] cmd /x /c erase c:\windows\system32\oobe\msoobe.exe
dRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
StartupFolder: c:\docume~1\owner~1.you\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\windows\system32\mclsp.dll
LSP: c:\windows\system32\lsp131.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: ungzpa - ungzpa.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\h4wh4oqh.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\funwebproducts\installr\1.bin\NPFUNWEB.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-23 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-7-23 711352]
R2 McDetect.exe;McAfee WSC Integration;c:\program files\mcafee.com\agent\Mcdetect.exe [2010-7-18 126976]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McTskshd.exe;McAfee Task Scheduler;c:\progra~1\mcafee.com\agent\mctskshd.exe [2010-7-18 122368]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-9-13 308656]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-7-18 30192]
S4 mcupdmgr.exe;McAfee SecurityCenter Update Manager;c:\progra~1\mcafee.com\agent\mcupdmgr.exe [2010-7-18 245760]

=============== Created Last 30 ================

2010-12-16 03:17:48 -------- d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
2010-12-16 03:17:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-16 03:17:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-16 03:17:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 03:17:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-15 20:49:16 388096 ----a-r- c:\docume~1\owner~1.you\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-15 20:49:16 -------- d-----w- c:\program files\Trend Micro
2010-12-14 20:14:28 -------- d-----w- c:\docume~1\owner~1.you\locals~1\applic~1\Mozilla Corporation
2010-12-14 05:42:20 -------- d--h--w- C:\$AVG
2010-12-14 05:37:46 -------- d-----w- c:\docume~1\owner~1.you\applic~1\AVG10
2010-12-14 05:37:18 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-14 05:36:15 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-14 05:36:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-14 05:35:45 -------- d-----w- c:\program files\AVG
2010-12-14 03:23:12 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-14 02:51:04 -------- d-----w- c:\docume~1\owner~1.you\applic~1\McAfee
2010-12-14 02:19:37 -------- d-----w- c:\windows\pss
2010-12-13 23:56:24 -------- d-----w- c:\windows\system32\mclsphlr
2010-12-13 23:56:16 90112 ----a-w- c:\windows\system32\mcrtl32.dll
2010-12-13 23:56:15 131072 ----a-w- c:\windows\system32\mclsp.dll
2010-12-13 23:56:14 32768 ----a-w- c:\windows\system32\instlsp.exe
2010-12-13 23:56:14 11264 ----a-w- c:\windows\system32\sporder.dll
2010-12-13 22:02:49 47425 ----a-w- c:\windows\system32\lsp131.dll
2010-12-13 15:22:32 10752 ----a-w- c:\windows\system32\ungzpa.dll
2010-11-22 17:44:04 -------- d-----w- C:\10poverty_files
2010-11-18 20:54:04 -------- d-----w- c:\docume~1\owner~1.you\applic~1\EazyPlanet
2010-11-18 20:43:30 -------- d-----w- c:\program files\EazyPlanet
2010-11-18 20:43:30 -------- d-----w- c:\docume~1\alluse~1\applic~1\EazyPlanet

==================== Find3M ====================

2010-12-14 01:26:32 1032192 ----a-w- c:\windows\explorer.exe
2010-11-18 20:44:11 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2010-11-18 20:44:11 1081616 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2010-11-18 20:43:33 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-11-18 20:43:33 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-11-18 20:43:33 1386496 ----a-w- c:\windows\system32\MSVBVM60.DLL
2010-11-04 02:35:46 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-04 02:35:46 472808 ----a-w- c:\windows\system32\deployJava1.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500JS-22NCB1 rev.10.02E02 -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-e

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89E7F555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89e857b0]; MOV EAX, [0x89e8582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\Harddisk0\DR0[0x89EE8030]
3 CLASSPNP[0xBA99905B] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> \Device\000000a6[0x89F4C9E8]
5 ACPI[0xBA77F620] -> ntkrnlpa!IofCallDriver[0x804EEF9C] -> [0x89F4BD98]
\Driver\atapi[0x89F4AD10] -> IRP_MJ_CREATE -> 0x89E7F555
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5f; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-e -> \??\IDE#DiskWDC_WD2500JS-22NCB1_____________________10.02E02#5&cfaf990&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x89E7F39B
user & kernel MBR OK
copy of MBR has been found in sector 60 !
Warning: possible TDL3 rootkit infection !

============= FINISH: 21:50:58.92 ===============

JKBM · 2010/12/15

DDS Attach log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2010 6:46:04 AM
System Uptime: 12/15/2010 9:27:14 PM (0 hours ago)

Motherboard: First International Computer, Inc. | | K2BC51G/PV
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2210/201mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2210/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 199.79 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is FIXED (FAT32) - 5 GiB total, 2.101 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP46: 9/14/2010 6:35:55 PM - System Checkpoint
RP47: 9/16/2010 1:26:01 PM - System Checkpoint
RP48: 9/17/2010 3:41:52 PM - System Checkpoint
RP49: 9/18/2010 10:17:41 PM - System Checkpoint
RP50: 9/20/2010 11:33:06 AM - System Checkpoint
RP51: 9/21/2010 1:39:56 PM - System Checkpoint
RP52: 9/22/2010 2:24:44 PM - System Checkpoint
RP53: 9/23/2010 3:01:31 PM - System Checkpoint
RP54: 9/25/2010 11:43:36 AM - System Checkpoint
RP55: 9/26/2010 5:22:47 PM - System Checkpoint
RP56: 9/28/2010 11:13:16 AM - System Checkpoint
RP57: 9/29/2010 7:39:33 PM - System Checkpoint
RP58: 10/1/2010 10:02:03 AM - System Checkpoint
RP59: 10/2/2010 3:07:29 PM - System Checkpoint
RP60: 10/3/2010 8:06:09 PM - System Checkpoint
RP61: 10/5/2010 10:25:00 AM - System Checkpoint
RP62: 10/6/2010 2:48:14 PM - System Checkpoint
RP63: 10/9/2010 6:33:22 PM - Unsigned printer driver KODAK ESP 7 AiO installed.
RP64: 10/9/2010 6:37:29 PM - Unsigned printer driver KODAK ESP 7 AiO installed.
RP65: 10/9/2010 6:48:21 PM - Installed Windows XP KB915865.
RP66: 10/9/2010 6:49:10 PM - Installed Windows XP KB915800-v4.
RP67: 10/9/2010 6:49:32 PM - Installed Windows XP Windows Search 4.0.
RP68: 10/10/2010 8:26:45 PM - System Checkpoint
RP69: 10/12/2010 10:50:41 AM - System Checkpoint
RP70: 10/15/2010 9:34:13 AM - System Checkpoint
RP71: 10/17/2010 1:58:45 PM - System Checkpoint
RP72: 10/18/2010 6:34:51 PM - System Checkpoint
RP73: 10/21/2010 2:46:05 PM - System Checkpoint
RP74: 10/23/2010 2:22:07 PM - System Checkpoint
RP75: 10/24/2010 4:34:03 PM - System Checkpoint
RP76: 10/26/2010 9:19:23 AM - System Checkpoint
RP77: 10/27/2010 1:01:35 PM - System Checkpoint
RP78: 10/31/2010 8:47:41 PM - System Checkpoint
RP79: 11/2/2010 6:42:55 PM - System Checkpoint
RP80: 11/3/2010 8:35:38 PM - Installed Java(TM) 6 Update 22
RP81: 11/5/2010 10:01:11 AM - System Checkpoint
RP82: 11/6/2010 5:16:19 PM - System Checkpoint
RP83: 11/7/2010 5:56:50 PM - System Checkpoint
RP84: 11/8/2010 6:56:43 PM - System Checkpoint
RP85: 11/9/2010 7:28:06 PM - System Checkpoint
RP86: 11/10/2010 8:28:05 PM - System Checkpoint
RP87: 11/11/2010 8:58:29 PM - System Checkpoint
RP88: 11/12/2010 9:21:26 PM - System Checkpoint
RP89: 11/14/2010 1:11:32 AM - System Checkpoint
RP90: 11/15/2010 1:15:10 AM - System Checkpoint
RP91: 11/16/2010 2:15:04 AM - System Checkpoint
RP92: 11/17/2010 2:22:23 AM - System Checkpoint
RP93: 11/18/2010 9:48:04 AM - System Checkpoint
RP94: 11/19/2010 10:43:56 AM - System Checkpoint
RP95: 11/20/2010 2:31:24 PM - System Checkpoint
RP96: 11/21/2010 2:44:18 PM - System Checkpoint
RP97: 11/22/2010 3:27:30 PM - System Checkpoint
RP98: 11/23/2010 5:22:29 PM - System Checkpoint
RP99: 11/24/2010 5:27:30 PM - System Checkpoint
RP100: 11/27/2010 10:19:52 AM - System Checkpoint
RP101: 11/28/2010 10:33:07 AM - System Checkpoint
RP102: 11/29/2010 12:50:35 PM - System Checkpoint
RP103: 11/30/2010 1:20:00 PM - System Checkpoint
RP104: 12/1/2010 5:49:37 PM - System Checkpoint
RP105: 12/3/2010 8:50:43 AM - System Checkpoint
RP106: 12/4/2010 9:26:58 AM - System Checkpoint
RP107: 12/5/2010 10:03:51 AM - System Checkpoint
RP108: 12/6/2010 10:20:27 AM - System Checkpoint
RP109: 12/7/2010 11:20:11 AM - System Checkpoint
RP110: 12/8/2010 5:02:25 PM - System Checkpoint
RP111: 12/9/2010 6:29:10 PM - System Checkpoint
RP112: 12/10/2010 6:53:19 PM - System Checkpoint
RP113: 12/11/2010 7:24:48 PM - System Checkpoint
RP114: 12/12/2010 8:04:16 PM - System Checkpoint
RP115: 12/13/2010 8:25:18 PM - Restore Operation
RP116: 12/13/2010 8:48:46 PM - Restore Operation
RP117: 12/13/2010 11:35:44 PM - Installed AVG 2011
RP118: 12/13/2010 11:36:02 PM - Installed AVG 2011

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0
aiofw
aioprnt
aioscnnr
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Uninstaller
AOL You've Got Pictures Screensaver
Ask Toolbar
AVG 2011
Bejeweled 2 Deluxe
BigFix
Blackhawk Striker 2
Blasterball 2 Revolution
Bonjour
Browser Address Error Redirector
center
Citrix XenApp Web Plugin
Digital Media Reader
Diner Dash
DVD Solution
EazyPaper
FATE
Gateway Game Console
Google Desktop
Google Toolbar for Internet Explorer
gtw_logo
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
iolo technologies' Search and Recover
Java Auto Updater
Java(TM) 6 Update 22
KODAK AiO Home Center
KODAK All-in-One Printer Software
Malwarebytes' Anti-Malware
McAfee Uninstall Wizard
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Away Mode
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 6.0 Parser
Multimedia Keyboard Driver
Napster
Napster Burn Engine
netbrdg
NVIDIA Drivers
OneTouch 4.6
Penguins!
Polar Bowler
Polar Golfer
Power2Go 4.0
PowerDVD
PreReq
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Recovery Software Suite Gateway
RegWork
SCRABBLE
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
SFR
Soft Data Fax Modem with SmartCP
Sonic Encoders
Tradewinds
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebFldrs XP
WildTangent Web Driver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Search 4.0
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Media Center Edition 2005 KB914548
Xerox DocuMate 252 Driver

==== Event Viewer Messages From Past Week ========

12/15/2010 9:28:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 ACPIEC adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp iaStor ini910u IntelIde mraid35x Pcmcia perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
12/15/2010 9:28:07 PM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
12/15/2010 3:27:12 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/15/2010 3:22:11 PM, information: Windows File Protection [64004] - The protected system file wdmaud.drv could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000426 [The service has not been started. ].
12/14/2010 1:16:57 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
12/13/2010 9:45:16 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/13/2010 9:31:50 PM, information: Windows File Protection [64004] - The protected system file dbghelp.dll could not be restored to its original, valid version. The file version of the bad file is 5.1.2600.2180 The specific error code is 0x00000426 [The service has not been started. ].
12/13/2010 9:22:30 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service winmgmt with arguments " " in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
12/13/2010 8:40:23 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service McUpdMgr.Exe with arguments "/Embedding" in order to run the server: {C3A036FA-DA7D-45E2-AE16-6CADAAE5D75E}
12/13/2010 7:36:49 PM, error: Service Control Manager [7034] - The McAfee WSC Integration service terminated unexpectedly. It has done this 1 time(s).
12/13/2010 7:29:44 PM, information: Windows File Protection [64004] - The protected system file explorer.exe could not be restored to its original, valid version. The file version of the bad file is 6.0.2900.2180 The specific error code is 0x00000426 [The service has not been started. ].
12/13/2010 6:24:40 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0040CA9B802A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
12/13/2010 10:27:13 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/13/2010 10:27:00 PM, error: Service Control Manager [7034] - The Kodak AiO Network Discovery Service service terminated unexpectedly. It has done this 1 time(s).
12/13/2010 10:21:48 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/13/2010 10:18:41 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
12/13/2010 1:13:19 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/13/2010 1:13:19 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\infocardcpl.cpl. Reference error message: The operation completed successfully. .
12/13/2010 1:13:19 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================

Thank you again for any help you can provide!

broni · 2010/12/15

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

JKBM · 2010/12/15

Not sure if that got it completely.. But explorer.exe is running at start up now & all of my programs are launching.. Here is the log:

2010/12/15 22:18:36.0236 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/15 22:18:36.0236 ================================================================================
2010/12/15 22:18:36.0236 SystemInfo:
2010/12/15 22:18:36.0236
2010/12/15 22:18:36.0236 OS Version: 5.1.2600 ServicePack: 2.0
2010/12/15 22:18:36.0236 Product type: Workstation
2010/12/15 22:18:36.0236 ComputerName: YOUR-B7E751C8E6
2010/12/15 22:18:36.0236 UserName: Owner
2010/12/15 22:18:36.0236 Windows directory: C:\WINDOWS
2010/12/15 22:18:36.0236 System windows directory: C:\WINDOWS
2010/12/15 22:18:36.0236 Processor architecture: Intel x86
2010/12/15 22:18:36.0236 Number of processors: 2
2010/12/15 22:18:36.0236 Page size: 0x1000
2010/12/15 22:18:36.0236 Boot type: Normal boot
2010/12/15 22:18:36.0236 ================================================================================
2010/12/15 22:18:36.0517 Initialize success
2010/12/15 22:19:04.0266 ================================================================================
2010/12/15 22:19:04.0266 Scan started
2010/12/15 22:19:04.0266 Mode: Manual;
2010/12/15 22:19:04.0266 ================================================================================
2010/12/15 22:19:04.0563 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/15 22:19:04.0595 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/15 22:19:04.0610 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/15 22:19:04.0626 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/15 22:19:04.0657 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/12/15 22:19:04.0673 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2010/12/15 22:19:04.0704 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/15 22:19:04.0720 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/15 22:19:04.0735 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/15 22:19:04.0751 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/15 22:19:04.0766 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/15 22:19:04.0782 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/15 22:19:04.0798 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/15 22:19:04.0813 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/15 22:19:04.0845 AmdK8 (0a4d13b388c814560bd69c3a496ecfa8) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2010/12/15 22:19:04.0860 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/15 22:19:04.0891 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
2010/12/15 22:19:04.0923 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
2010/12/15 22:19:04.0938 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
2010/12/15 22:19:04.0954 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
2010/12/15 22:19:04.0970 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/15 22:19:04.0985 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
2010/12/15 22:19:05.0001 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/15 22:19:05.0032 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/15 22:19:05.0048 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/15 22:19:05.0079 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2010/12/15 22:19:05.0110 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/15 22:19:05.0126 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/15 22:19:05.0157 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/15 22:19:05.0173 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/15 22:19:05.0220 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2010/12/15 22:19:05.0266 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2010/12/15 22:19:05.0298 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2010/12/15 22:19:05.0345 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2010/12/15 22:19:05.0360 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/15 22:19:05.0391 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/15 22:19:05.0407 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/15 22:19:05.0423 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/15 22:19:05.0438 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/15 22:19:05.0454 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/15 22:19:05.0501 Cdr4_xp (2552670e5fbcfdb540eeb426af39704d) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/15 22:19:05.0532 Cdralw2k (b761b10d6a541be69ea448a8429d30b0) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/15 22:19:05.0579 Cdrom (882b4257e5a5adfb6b5c03e8a02d4bf1) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/15 22:19:05.0657 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/15 22:19:05.0688 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/15 22:19:05.0704 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/15 22:19:05.0735 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/15 22:19:05.0751 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/15 22:19:05.0766 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/15 22:19:05.0782 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/15 22:19:05.0829 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/15 22:19:05.0891 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/15 22:19:05.0907 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/15 22:19:05.0954 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/15 22:19:05.0970 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/15 22:19:06.0001 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/15 22:19:06.0032 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/15 22:19:06.0063 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/15 22:19:06.0095 FileDisk (0694585d54bf46379ce41aee2b6864aa) C:\WINDOWS\system32\drivers\FileDisk.sys
2010/12/15 22:19:06.0110 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/15 22:19:06.0126 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/15 22:19:06.0141 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/12/15 22:19:06.0157 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/15 22:19:06.0188 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/15 22:19:06.0204 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/15 22:19:06.0235 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/15 22:19:06.0266 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/15 22:19:06.0282 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/15 22:19:06.0313 HSFHWBS2 (c02dc9d4358e43d088f2061c2b2bf30e) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2010/12/15 22:19:06.0454 HSF_DPV (cbf6831420a97e8fbb91e5f52b707ef7) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2010/12/15 22:19:06.0532 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/15 22:19:06.0563 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/15 22:19:06.0579 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/15 22:19:06.0610 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/15 22:19:06.0626 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\DRIVERS\IASTOR.SYS
2010/12/15 22:19:06.0657 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/15 22:19:06.0688 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/15 22:19:06.0813 IntcAzAudAddService (a575138ad572c12cffa122b89a382b7e) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/15 22:19:06.0845 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/15 22:19:06.0891 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/12/15 22:19:06.0907 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/15 22:19:06.0923 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/15 22:19:06.0938 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/15 22:19:06.0985 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/15 22:19:06.0985 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/15 22:19:07.0016 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/15 22:19:07.0032 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/15 22:19:07.0048 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/15 22:19:07.0095 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/15 22:19:07.0110 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/15 22:19:07.0173 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/12/15 22:19:07.0204 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2010/12/15 22:19:07.0220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/15 22:19:07.0251 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/15 22:19:07.0266 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/15 22:19:07.0282 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/15 22:19:07.0298 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/15 22:19:07.0313 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/15 22:19:07.0345 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/15 22:19:07.0407 MRxSmb (025af03ce51645c62f3b6907a7e2be5e) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/15 22:19:07.0454 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/15 22:19:07.0485 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/15 22:19:07.0501 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/15 22:19:07.0516 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/15 22:19:07.0548 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/15 22:19:07.0563 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/15 22:19:07.0595 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/15 22:19:07.0610 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/15 22:19:07.0626 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/15 22:19:07.0641 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/15 22:19:07.0688 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/15 22:19:07.0720 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/15 22:19:07.0735 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/15 22:19:07.0766 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/15 22:19:07.0782 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/15 22:19:07.0829 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/15 22:19:07.0860 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/15 22:19:07.0985 nv (84c65aa58ae1ede93716439267a23d40) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/15 22:19:08.0095 NVENETFD (2a7a2c6ab9631028b6e3a4159aa65705) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2010/12/15 22:19:08.0126 nvnetbus (20526a8827dc0956b5526aebcb6751a0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2010/12/15 22:19:08.0157 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/15 22:19:08.0157 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/15 22:19:08.0188 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/15 22:19:08.0220 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/15 22:19:08.0235 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/15 22:19:08.0251 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/15 22:19:08.0266 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/15 22:19:08.0298 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/15 22:19:08.0313 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/15 22:19:08.0376 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/15 22:19:08.0391 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/15 22:19:08.0438 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/15 22:19:08.0485 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/12/15 22:19:08.0501 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/15 22:19:08.0516 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/15 22:19:08.0532 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/12/15 22:19:08.0563 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/15 22:19:08.0579 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/15 22:19:08.0595 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/15 22:19:08.0610 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/15 22:19:08.0626 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/15 22:19:08.0641 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/15 22:19:08.0673 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/15 22:19:08.0688 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/15 22:19:08.0704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/15 22:19:08.0720 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/15 22:19:08.0735 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/15 22:19:08.0766 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/15 22:19:08.0845 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/15 22:19:08.0876 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/15 22:19:08.0938 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/15 22:19:08.0954 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/15 22:19:08.0985 Serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/15 22:19:09.0001 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/15 22:19:09.0016 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/15 22:19:09.0063 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/15 22:19:09.0079 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/15 22:19:09.0110 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/15 22:19:09.0126 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/15 22:19:09.0188 Srv (e03b4ea274c9e509cca7f9f0cec24232) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/15 22:19:09.0235 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/15 22:19:09.0251 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/15 22:19:09.0266 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/15 22:19:09.0282 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/15 22:19:09.0313 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/15 22:19:09.0329 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/15 22:19:09.0360 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/15 22:19:09.0391 Tcpip (1dbf125862891817f374f407626967f4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/15 22:19:09.0438 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/15 22:19:09.0454 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/15 22:19:09.0470 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/15 22:19:09.0501 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/15 22:19:09.0532 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/15 22:19:09.0563 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/15 22:19:09.0595 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/15 22:19:09.0641 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/15 22:19:09.0688 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/15 22:19:09.0704 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/15 22:19:09.0735 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/12/15 22:19:09.0766 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/15 22:19:09.0798 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/15 22:19:09.0829 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/15 22:19:09.0860 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/15 22:19:09.0876 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/12/15 22:19:09.0891 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/15 22:19:09.0907 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/15 22:19:09.0923 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/15 22:19:09.0985 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/15 22:19:10.0016 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2010/12/15 22:19:10.0063 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/15 22:19:10.0095 winachsf (59d043485a6eda2ed2685c81489ae5bd) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2010/12/15 22:19:10.0173 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2010/12/15 22:19:10.0235 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/15 22:19:10.0235 ================================================================================
2010/12/15 22:19:10.0235 Scan finished
2010/12/15 22:19:10.0235 ================================================================================
2010/12/15 22:19:10.0251 Detected object count: 1
2010/12/15 22:19:24.0376 \HardDisk0 - will be cured after reboot
2010/12/15 22:19:24.0376 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/15 22:19:29.0594 Deinitialize success

broni · 2010/12/15

Good job

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Log in or Sign up

Inactive Search results being redirected, programs not launching..

JKBM Inactive Thread Starter

wildfire Getting Old

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

broni Moderator Malware Analyst

JKBM Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive Search results being redirected, programs not launching..

JKBM Inactive Thread Starter

wildfire Getting Old

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

JKBM Inactive Thread Starter

broni Moderator Malware Analyst

JKBM Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches