Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox and IE will run but return a blank screen only on search


  • This topic is locked This topic is locked
14 replies to this topic

#1 brother_dev

brother_dev

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 22 September 2009 - 03:59 PM

My XP Professional system is experiencing issues with accessing the internet. Firefox and IE will load but any Google search will return a blank screen only. MSNExplorer will work and I can surf the web. However, whenever I get to any registration form (like I did for BleepingComputer.com), I am unable to enter text into the registration form. Similarly, I cannot enter the password to my Trend Internet Security. I have run AdAware and it keeps finding a trojan identified as Win32Trojan.tdss. I follow the Recommended action - it suggests a reboot but the trojan appears again with the associated problems. In addition, I also experience the dialog box that pops saying that the Google installer could not complete its install.

Below is the RootRepeal report that I was asked to run. This log was all Icould get to run successfully

Thanks for any assistance or advice !



ROOTREPEAL AD, 2007-2009
==================================================
Scan Start Time: 2009/09/20 22:14
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS
Address: 0xF7677000 Size: 57344 File Visible: - Signed: Yes
Status: -

Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xF75A8000 Size: 187776 File Visible: - Signed: Yes
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xB5BB3000 Size: 138496 File Visible: - Signed: Yes
Status: -

Name: AFS2K.SYS
Image Path: C:\WINDOWS\System32\Drivers\AFS2K.SYS
Address: 0xF7507000 Size: 35840 File Visible: - Signed: Yes
Status: -

Name: agp440.sys
Image Path: agp440.sys
Address: 0xF7687000 Size: 42368 File Visible: - Signed: Yes
Status: -

Name: arp1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys
Address: 0xBADB8000 Size: 60800 File Visible: - Signed: Yes
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xF749A000 Size: 96512 File Visible: - Signed: Yes
Status: -

Name: ATMFD.DLL
Image Path: C:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: Yes
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys
Address: 0xF7A88000 Size: 3072 File Visible: - Signed: Yes
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xF79BB000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xF7897000 Size: 12288 File Visible: - Signed: Yes
Status: -

Name: CCDECODE.sys
Image Path: C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
Address: 0xBA20D000 Size: 17024 File Visible: - Signed: Yes
Status: -

Name: cdfdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdfdrv.sys
Address: 0xBAD98000 Size: 45056 File Visible: - Signed: Yes
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xB4895000 Size: 63744 File Visible: - Signed: Yes
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys
Address: 0xF74F7000 Size: 62976 File Visible: - Signed: Yes
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
Address: 0xF7637000 Size: 53248 File Visible: - Signed: Yes
Status: -

Name: cmdguard.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdguard.sys
Address: 0xB5D7C000 Size: 72448 File Visible: - Signed: Yes
Status: -

Name: cmdhlp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
Address: 0xF7797000 Size: 17024 File Visible: - Signed: Yes
Status: -

Name: ctac32k.sys
Image Path: C:\WINDOWS\system32\drivers\ctac32k.sys
Address: 0xB6DC8000 Size: 131744 File Visible: - Signed: Yes
Status: -

Name: ctaud2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctaud2k.sys
Address: 0xB9203000 Size: 449920 File Visible: - Signed: Yes
Status: -

Name: ctoss2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctoss2k.sys
Address: 0xB91A3000 Size: 102080 File Visible: - Signed: Yes
Status: -

Name: ctprxy2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctprxy2k.sys
Address: 0xF79A9000 Size: 5632 File Visible: - Signed: Yes
Status: -

Name: ctsfm2k.sys
Image Path: C:\WINDOWS\system32\drivers\ctsfm2k.sys
Address: 0xB6D8E000 Size: 124704 File Visible: - Signed: Yes
Status: -

Name: ctxpidmn.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ctxpidmn.sys
Address: 0xB5785000 Size: 16128 File Visible: - Signed: Yes
Status: -

Name: CtxSbx.sys
Image Path: C:\WINDOWS\system32\DRIVERS\CtxSbx.sys
Address: 0xB5641000 Size: 196608 File Visible: - Signed: Yes
Status: -

Name: CVPNDRVA.sys
Image Path: C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
Address: 0xB521F000 Size: 544768 File Visible: - Signed: No
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xF7627000 Size: 36352 File Visible: - Signed: Yes
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xF74B2000 Size: 153344 File Visible: - Signed: Yes
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xF798D000 Size: 5888 File Visible: - Signed: Yes
Status: -

Name: dne2000.sys
Image Path: C:\WINDOWS\system32\DRIVERS\dne2000.sys
Address: 0xB90B4000 Size: 110080 File Visible: - Signed: Yes
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\drivers\drmk.sys
Address: 0xF7537000 Size: 61440 File Visible: - Signed: Yes
Status: -

Name: drvmcdb.sys
Image Path: drvmcdb.sys
Address: 0xF7466000 Size: 80704 File Visible: - Signed: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5A12000 Size: 98304 File Visible: No Signed: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A09000 Size: 8192 File Visible: No Signed: No
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB5D70000 Size: 12288 File Visible: - Signed: Yes
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: Yes
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xF7A5D000 Size: 4096 File Visible: - Signed: Yes
Status: -

Name: emupia2k.sys
Image Path: C:\WINDOWS\system32\drivers\emupia2k.sys
Address: 0xB6DAD000 Size: 107744 File Visible: - Signed: Yes
Status: -

Name: EvcapMau.sys
Image Path: C:\WINDOWS\System32\DRIVERS\EvcapMau.sys
Address: 0xB9178000 Size: 172160 File Visible: - Signed: Yes
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xB5C87000 Size: 143744 File Visible: - Signed: Yes
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys
Address: 0xF77DF000 Size: 27392 File Visible: - Signed: Yes
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xF7567000 Size: 44544 File Visible: - Signed: Yes
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\System32\DRIVERS\flpydisk.sys
Address: 0xF780F000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xF747A000 Size: 129792 File Visible: - Signed: Yes
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xF79B9000 Size: 7936 File Visible: - Signed: Yes
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xF74D8000 Size: 125056 File Visible: - Signed: Yes
Status: -

Name: gameenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\gameenum.sys
Address: 0xBA1BD000 Size: 10624 File Visible: - Signed: Yes
Status: -

Name: GEARAspiWDM.sys
Image Path: C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys
Address: 0xBAFE0000 Size: 40960 File Visible: - Signed: Yes
Status: -

Name: ha10kx2k.sys
Image Path: C:\WINDOWS\system32\drivers\ha10kx2k.sys
Address: 0xB6DE9000 Size: 766592 File Visible: - Signed: Yes
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806FF000 Size: 134400 File Visible: - Signed: Yes
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDCLASS.SYS
Address: 0xBAD38000 Size: 36864 File Visible: - Signed: Yes
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\HIDPARSE.SYS
Address: 0xF774F000 Size: 28672 File Visible: - Signed: Yes
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\hidusb.sys
Address: 0xBADDC000 Size: 10368 File Visible: - Signed: Yes
Status: -

Name: HPZid412.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys
Address: 0xBAA52000 Size: 49920 File Visible: - Signed: Yes
Status: -

Name: HPZipr12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
Address: 0xBADD0000 Size: 16224 File Visible: - Signed: Yes
Status: -

Name: HPZius12.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys
Address: 0xF775F000 Size: 21568 File Visible: - Signed: Yes
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB3773000 Size: 264832 File Visible: - Signed: Yes
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys
Address: 0xBAFC0000 Size: 52480 File Visible: - Signed: Yes
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys
Address: 0xF7517000 Size: 42112 File Visible: - Signed: Yes
Status: -

Name: inspect.sys
Image Path: inspect.sys
Address: 0xF743E000 Size: 67968 File Visible: - Signed: Yes
Status: -

Name: intelide.sys
Image Path: intelide.sys
Address: 0xF798B000 Size: 5504 File Visible: - Signed: Yes
Status: -

Name: intelppm.sys
Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys
Address: 0xF7547000 Size: 36352 File Visible: - Signed: Yes
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys
Address: 0xB5AF2000 Size: 152832 File Visible: - Signed: Yes
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys
Address: 0xB5C56000 Size: 75264 File Visible: - Signed: Yes
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xF75F7000 Size: 37248 File Visible: - Signed: Yes
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys
Address: 0xF77E7000 Size: 24576 File Visible: - Signed: Yes
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xF7987000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\drivers\ks.sys
Address: 0xB91BC000 Size: 143360 File Visible: - Signed: Yes
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xF744F000 Size: 92928 File Visible: - Signed: Yes
Status: -

Name: Lbd.sys
Image Path: Lbd.sys
Address: 0xF7647000 Size: 57472 File Visible: - Signed: Yes
Status: -

Name: lmimirr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\lmimirr.sys
Address: 0xBA85A000 Size: 3200 File Visible: - Signed: Yes
Status: -

Name: LMIRfsDriver.sys
Image Path: C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
Address: 0xB51EF000 Size: 40960 File Visible: - Signed: Yes
Status: -

Name: ltmdmnt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
Address: 0xB90E3000 Size: 606656 File Visible: - Signed: Yes
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xF79BD000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xF77D7000 Size: 30080 File Visible: - Signed: Yes
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys
Address: 0xF7807000 Size: 23040 File Visible: - Signed: Yes
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mouhid.sys
Address: 0xBADD4000 Size: 12160 File Visible: - Signed: Yes
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xF7607000 Size: 42368 File Visible: - Signed: Yes
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys
Address: 0xB5434000 Size: 180608 File Visible: - Signed: Yes
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
Address: 0xB5B18000 Size: 455296 File Visible: - Signed: Yes
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xF7737000 Size: 19072 File Visible: - Signed: Yes
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys
Address: 0xBAF80000 Size: 35072 File Visible: - Signed: Yes
Status: -

Name: MSPQM.sys
Image Path: C:\WINDOWS\system32\drivers\MSPQM.sys
Address: 0xF79EB000 Size: 4992 File Visible: - Signed: Yes
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys
Address: 0xBAF12000 Size: 15488 File Visible: - Signed: Yes
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xBAF46000 Size: 105344 File Visible: - Signed: Yes
Status: -

Name: NDIS.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\NDIS.SYS
Address: 0xF7411000 Size: 182656 File Visible: - Signed: Yes
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys
Address: 0xBA1A1000 Size: 10112 File Visible: - Signed: Yes
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys
Address: 0xB5675000 Size: 14592 File Visible: - Signed: Yes
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys
Address: 0xB909D000 Size: 91520 File Visible: - Signed: Yes
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBAF60000 Size: 40576 File Visible: - Signed: Yes
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys
Address: 0xF7587000 Size: 34688 File Visible: - Signed: Yes
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys
Address: 0xB5BD5000 Size: 162816 File Visible: - Signed: Yes
Status: -

Name: nic1394.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys
Address: 0xF76C7000 Size: 61824 File Visible: - Signed: Yes
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xF773F000 Size: 30848 File Visible: - Signed: Yes
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xF7B52000 Size: 574976 File Visible: - Signed: Yes
Status: -

Name: ntoskrnl.exe
Image Path: C:\WINDOWS\system32\ntoskrnl.exe
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA271000 Size: 2944 File Visible: - Signed: Yes
Status: -

Name: nv4_disp.dll
Image Path: C:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF9D5000 Size: 5775360 File Visible: - Signed: Yes
Status: -

Name: nv4_mini.sys
Image Path: C:\WINDOWS\System32\DRIVERS\nv4_mini.sys
Address: 0xB92A9000 Size: 7435392 File Visible: - Signed: Yes
Status: -

Name: nvoclock.sys
Image Path: C:\WINDOWS\nvoclock.sys
Address: 0xF781F000 Size: 29696 File Visible: - Signed: No
Status: -

Name: ohci1394.sys
Image Path: ohci1394.sys
Address: 0xF7667000 Size: 61696 File Visible: - Signed: Yes
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\System32\DRIVERS\parport.sys
Address: 0xB90CF000 Size: 80128 File Visible: - Signed: Yes
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xF770F000 Size: 19712 File Visible: - Signed: Yes
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xF79C9000 Size: 6784 File Visible: - Signed: Yes
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xF7597000 Size: 68224 File Visible: - Signed: Yes
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
Address: 0xF7707000 Size: 28672 File Visible: - Signed: Yes
Status: -

Name: pfc.sys
Image Path: C:\WINDOWS\system32\drivers\pfc.sys
Address: 0xBA1B9000 Size: 9856 File Visible: - Signed: No
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB91DF000 Size: 147456 File Visible: - Signed: Yes
Status: -

Name: PS2.sys
Image Path: C:\WINDOWS\System32\DRIVERS\PS2.sys
Address: 0xBA1A9000 Size: 14112 File Visible: - Signed: Yes
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys
Address: 0xB908C000 Size: 69120 File Visible: - Signed: Yes
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys
Address: 0xF77F7000 Size: 17792 File Visible: - Signed: Yes
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xF789B000 Size: 15808 File Visible: - Signed: No
Status: -

Name: radpms.sys
Image Path: C:\WINDOWS\system32\DRIVERS\radpms.sys
Address: 0xBA9B4000 Size: 5248 File Visible: - Signed: Yes
Status: -

Name: RaInfo.sys
Image Path: C:\Program Files\LogMeIn\x86\RaInfo.sys
Address: 0xBA9A6000 Size: 6144 File Visible: - Signed: Yes
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys
Address: 0xB8FC9000 Size: 8832 File Visible: - Signed: Yes
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys
Address: 0xBAFB0000 Size: 51328 File Visible: - Signed: Yes
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys
Address: 0xBAFA0000 Size: 41472 File Visible: - Signed: Yes
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys
Address: 0xBAF90000 Size: 48384 File Visible: - Signed: Yes
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys
Address: 0xF77FF000 Size: 16512 File Visible: - Signed: Yes
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys
Address: 0xB5B88000 Size: 175744 File Visible: - Signed: Yes
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xF79BF000 Size: 4224 File Visible: - Signed: Yes
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\System32\DRIVERS\rdpdr.sys
Address: 0xB905C000 Size: 196224 File Visible: - Signed: Yes
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys
Address: 0xBAFF0000 Size: 57600 File Visible: - Signed: Yes
Status: -

Name: sbp2port.sys
Image Path: sbp2port.sys
Address: 0xF7657000 Size: 43904 File Visible: - Signed: Yes
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serenum.sys
Address: 0xBA1AD000 Size: 15744 File Visible: - Signed: Yes
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\System32\DRIVERS\serial.sys
Address: 0xBAFD0000 Size: 64512 File Visible: - Signed: Yes
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys
Address: 0xB4F38000 Size: 333952 File Visible: - Signed: Yes
Status: -

Name: STREAM.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\STREAM.SYS
Address: 0xF7527000 Size: 53248 File Visible: - Signed: Yes
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys
Address: 0xF79AD000 Size: 4352 File Visible: - Signed: Yes
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB49F8000 Size: 60800 File Visible: - Signed: Yes
Status: -

Name: tatertot.scr.sys
Image Path: C:\WINDOWS\system32\drivers\tatertot.scr.sys
Address: 0xB39A4000 Size: 49152 File Visible: No Signed: No
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys
Address: 0xB5BFD000 Size: 361600 File Visible: - Signed: Yes
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS
Address: 0xF77EF000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys
Address: 0xBAF70000 Size: 40704 File Visible: - Signed: Yes
Status: -

Name: update.sys
Image Path: C:\WINDOWS\System32\DRIVERS\update.sys
Address: 0xB8FFE000 Size: 384768 File Visible: - Signed: Yes
Status: -

Name: usbccgp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys
Address: 0xF7717000 Size: 32128 File Visible: - Signed: Yes
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS
Address: 0xF79B3000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys
Address: 0xF77CF000 Size: 30208 File Visible: - Signed: Yes
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys
Address: 0xBADA8000 Size: 59520 File Visible: - Signed: Yes
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS
Address: 0xB9271000 Size: 147456 File Visible: - Signed: Yes
Status: -

Name: usbprint.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys
Address: 0xF7757000 Size: 25856 File Visible: - Signed: Yes
Status: -

Name: usbscan.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbscan.sys
Address: 0xBADD8000 Size: 15104 File Visible: - Signed: Yes
Status: -

Name: USBSTOR.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
Address: 0xBA235000 Size: 26368 File Visible: - Signed: Yes
Status: -

Name: usbuhci.sys
Image Path: C:\WINDOWS\System32\DRIVERS\usbuhci.sys
Address: 0xF77C7000 Size: 20608 File Visible: - Signed: Yes
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xF772F000 Size: 20992 File Visible: - Signed: Yes
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS
Address: 0xB9295000 Size: 81920 File Visible: - Signed: Yes
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xF7617000 Size: 52352 File Visible: - Signed: Yes
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys
Address: 0xF7557000 Size: 34560 File Visible: - Signed: Yes
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xF779F000 Size: 20480 File Visible: - Signed: Yes
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB49AB000 Size: 83072 File Visible: - Signed: Yes
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1847296 File Visible: - Signed: Yes
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS
Address: 0xF7989000 Size: 8192 File Visible: - Signed: Yes
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2260992 File Visible: - Signed: Yes
Status: -

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 23 September 2009 - 07:03 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.




Please download and run Win32kDiag:
Download and run a batch file (peek.bat):
  • Download peek.bat from the download link below and save it to your Desktop.
  • Double-click peek.bat to run it.A black Command Prompt window will appear shortly: the program is running.
  • Once it is finished, copy and paste the entire contents of the Log.txt file it creates as a reply to this post.
==========

Please post the following logs in your next reply:

* Win32kDiag.txt
* Log.txt
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 02 October 2009 - 05:04 AM

Thank you for the reply. Attached are the two log files you requested:

Win32Diag.txt
-------------------------------------------------------------------------------------------------------
Running from: C:\Documents and Settings\Devon.MONTY.000\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Devon.MONTY.000\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...



Cannot access: C:\WINDOWS\$NtUninstallKB833330$\Blastcln\blastcln.exe

[1] 2003-12-29 12:19:12 77072 C:\WINDOWS\$NtUninstallKB833330$\Blastcln\blastcln.exe ()

[1] 2008-04-13 20:12:13 71680 C:\WINDOWS\ServicePackFiles\i386\blastcln.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:13 71680 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\blastcln.exe (Microsoft Corporation)

[1] 2008-04-13 20:12:13 71680 C:\WINDOWS\system32\blastcln.exe (Microsoft Corporation)



Cannot access: C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx

[1] 2002-08-29 08:00:00 842268 C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx ()

[1] 2004-08-04 01:51:02 844314 C:\WINDOWS\ServicePackFiles\i386\msdxm.ocx ()

[1] 2008-04-13 20:10:08 844314 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msdxm.ocx ()

[1] 2008-04-13 20:10:08 844314 C:\WINDOWS\system32\msdxm.ocx ()



Cannot access: C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll

[1] 2002-08-29 08:00:00 1298432 C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll ()

[1] 2004-09-22 19:46:20 20480 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:46 20480 C:\WINDOWS\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll (Microsoft Corporation)

[1] 2004-08-04 03:56:46 20480 C:\WINDOWS\ServicePackFiles\i386\wmpcore.dll (Microsoft Corporation)

[1] 2004-09-22 19:46:20 20480 C:\WINDOWS\system32\dllcache\wmpcore.dll (Microsoft Corporation)

[1] 2004-09-22 19:46:20 20480 C:\WINDOWS\system32\wmpcore.dll (Microsoft Corporation)





Finished!

-------------------------------------------------------------------------------------------------------




Peek.txt
-------------------------------------------------------------------------------------------------------
Volume in drive C is HP_PAVILION
Volume Serial Number is 7016-6AC2

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:56 AM 180,224 scecli.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:56 AM 407,040 netlogon.dll

Directory of C:\WINDOWS\$NtServicePackUninstall$

08/04/2004 03:56 AM 55,808 eventlog.dll
3 File(s) 643,072 bytes

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\ServicePackFiles\i386

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 181,248 scecli.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:12 PM 407,040 netlogon.dll

Directory of C:\WINDOWS\system32

04/13/2008 08:11 PM 56,320 eventlog.dll
3 File(s) 644,608 bytes

Total Files Listed:
12 File(s) 2,576,896 bytes
0 Dir(s) 83,888,324,608 bytes free

-------------------------------------------------------------------------------------------------------

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 02 October 2009 - 10:09 AM

After this much time has passed from your initial post it's hard to say what issues you are still having. Both of those scans came negative for the infection that was showing up before. Can you update on your current status?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 02 October 2009 - 03:05 PM

Same issues.

My XP Professional system is experiencing issues with accessing the internet. Firefox and IE will load but any Google search will return a blank screen only. MSNExplorer will work and I can surf the web. However, whenever I get to any registration form (like I did for BleepingComputer.com), I am unable to enter text into the registration form. Similarly, I cannot enter the password to my Trend Internet Security. I have run AdAware and it keeps finding a trojan identified as Win32Trojan.tdss. I follow the Recommended action - it suggests a reboot but the trojan appears again with the associated problems. In addition, I also experience the dialog box that pops saying that the Google installer could not complete its install.

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 02 October 2009 - 03:50 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 03 October 2009 - 06:00 PM

I downloaded combofix as instructed. When it is double-clicked it will not run. An hour glass appears but nothing further. I can see it running as a process within Task Manager but no dialog box appears and no log report is created.

? Is there another method to get this to work ?

Thank you
:(

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 04 October 2009 - 09:29 AM

Let's try this. Delete combofix.exe from your desktop.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 04 October 2009 - 11:35 PM

Buckeye_Sam,

Thank you for the instructions for the ComboFix download and execution. It was successful and below is the log.

* Please note, that I am currently not using this computer unless instructed to do so or asked for fear of further complicating the situation. Please respond with any instructions or with any wrap-up.

Thanks, Again

-----------------------------------------------------------------------------------------------------------


ComboFix 09-10-04.01 - Devon 10/04/2009 23:54.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1127 [GMT -4:00]
Running from: c:\documents and settings\Devon.MONTY.000\Desktop\Combo-Fix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Devon.MONTY\My Documents\registry_07232006.reg
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1005
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1008
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1009
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1010
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1013
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1015
c:\recycler\S-1-5-21-1651704803-2377678370-215132491-1016
c:\recycler\S-1-5-21-3576601872-4047381149-3482093143-1005
c:\recycler\S-1-5-21-3576601872-4047381149-3482093143-1006
c:\recycler\S-1-5-21-3576601872-4047381149-3482093143-1007
C:\setup.exe
c:\windows\desktop
c:\windows\Installer\1000929.msi
c:\windows\Installer\100092f.msi
c:\windows\Installer\1000935.msi
c:\windows\Installer\100093b.msi
c:\windows\Installer\100094a.msi
c:\windows\Installer\1000964.msi
c:\windows\Installer\100096a.msi
c:\windows\Installer\10ccff0.msi
c:\windows\Installer\111260d.msi
c:\windows\Installer\111f79af.msp
c:\windows\Installer\1135ed5.msi
c:\windows\Installer\11653a.msi
c:\windows\Installer\116551.msi
c:\windows\Installer\11655c.msi
c:\windows\Installer\116562.msi
c:\windows\Installer\116589.msi
c:\windows\Installer\1171c5.msi
c:\windows\Installer\12200.msi
c:\windows\Installer\12995872.msi
c:\windows\Installer\12995879.msi
c:\windows\Installer\1441eb.msi
c:\windows\Installer\14f2a2.msi
c:\windows\Installer\17c854.msi
c:\windows\Installer\18bdfe6.msp
c:\windows\Installer\18be011.msp
c:\windows\Installer\1df44.msi
c:\windows\Installer\1df64.msi
c:\windows\Installer\1e99fc.msi
c:\windows\Installer\1e9a04.msi
c:\windows\Installer\1e9a13.msi
c:\windows\Installer\1e9a19.msi
c:\windows\Installer\1e9a8c.msi
c:\windows\Installer\1e9aab.msi
c:\windows\Installer\1e9ab8.msi
c:\windows\Installer\1e9ae9.msi
c:\windows\Installer\1e9af0.msi
c:\windows\Installer\1e9af6.msi
c:\windows\Installer\1e9afc.msi
c:\windows\Installer\1e9b02.msi
c:\windows\Installer\1e9b09.msi
c:\windows\Installer\1e9b37.msi
c:\windows\Installer\1e9b3f.msi
c:\windows\Installer\1e9b49.msi
c:\windows\Installer\1e9b50.msi
c:\windows\Installer\1e9b57.msi
c:\windows\Installer\1e9b5d.msi
c:\windows\Installer\1e9b63.msi
c:\windows\Installer\1e9b70.msi
c:\windows\Installer\1e9b79.msi
c:\windows\Installer\1e9c25.msi
c:\windows\Installer\1e9c2b.msi
c:\windows\Installer\1e9c32.msi
c:\windows\Installer\1e9c39.msi
c:\windows\Installer\1e9c3f.msi
c:\windows\Installer\231f8.msi
c:\windows\Installer\231fe.msi
c:\windows\Installer\23204.msi
c:\windows\Installer\2320a.msi
c:\windows\Installer\2727a.msi
c:\windows\Installer\28b76.msi
c:\windows\Installer\2cfad.msi
c:\windows\Installer\2ec8e2.msi
c:\windows\Installer\311af.msi
c:\windows\Installer\31ab4066.msp
c:\windows\Installer\31c3bfaf.msp
c:\windows\Installer\34c64cb.msp
c:\windows\Installer\34c64d2.msp
c:\windows\Installer\34c6596.msp
c:\windows\Installer\3853a02.msp
c:\windows\Installer\3853a17.msp
c:\windows\Installer\3853a2b.msp
c:\windows\Installer\3853a3f.msp
c:\windows\Installer\39f12b90.msi
c:\windows\Installer\3e3d0.msi
c:\windows\Installer\3e3d6.msi
c:\windows\Installer\3e3d9.msi
c:\windows\Installer\42082.msi
c:\windows\Installer\4208c.msi
c:\windows\Installer\42096.msi
c:\windows\Installer\420b4.msi
c:\windows\Installer\436d0.msi
c:\windows\Installer\441c2c0b.msp
c:\windows\Installer\441c2c2a.msp
c:\windows\Installer\441c2c3f.msp
c:\windows\Installer\441c2c49.msp
c:\windows\Installer\441c2c5c.msp
c:\windows\Installer\441c2c65.msp
c:\windows\Installer\45515.msi
c:\windows\Installer\49984.msi
c:\windows\Installer\4b7d76.msp
c:\windows\Installer\4c3df.msi
c:\windows\Installer\538a5.msi
c:\windows\Installer\56032f.msi
c:\windows\Installer\560362.msi
c:\windows\Installer\62462b7.msp
c:\windows\Installer\6246356.msp
c:\windows\Installer\6246369.msp
c:\windows\Installer\624637e.msp
c:\windows\Installer\6246392.msp
c:\windows\Installer\62463ad.msp
c:\windows\Installer\62463c2.msp
c:\windows\Installer\62463d6.msp
c:\windows\Installer\62463ea.msp
c:\windows\Installer\62463ff.msp
c:\windows\Installer\6246413.msp
c:\windows\Installer\6246427.msp
c:\windows\Installer\624643b.msp
c:\windows\Installer\6246444.msp
c:\windows\Installer\62466b6.msp
c:\windows\Installer\628ff.msi
c:\windows\Installer\6339ff.msi
c:\windows\Installer\676e28.msp
c:\windows\Installer\676e40.msp
c:\windows\Installer\676e6c.msp
c:\windows\Installer\676efe.msp
c:\windows\Installer\676f16.msp
c:\windows\Installer\676f28.msp
c:\windows\Installer\676f40.msp
c:\windows\Installer\676f55.msp
c:\windows\Installer\676f6a.msp
c:\windows\Installer\676f7b.msp
c:\windows\Installer\7681d9.msi
c:\windows\Installer\80551a.msp
c:\windows\Installer\8055c6.msp
c:\windows\Installer\80562e.msp
c:\windows\Installer\805643.msp
c:\windows\Installer\805657.msp
c:\windows\Installer\80566b.msp
c:\windows\Installer\805680.msp
c:\windows\Installer\805694.msp
c:\windows\Installer\80569d.msp
c:\windows\Installer\8148f4.msi
c:\windows\Installer\814913.msi
c:\windows\Installer\83053.msi
c:\windows\Installer\8ba504.msi
c:\windows\Installer\9aced.msp
c:\windows\Installer\9ad36.msp
c:\windows\Installer\9ecea.msi
c:\windows\Installer\bd9ed40.msp
c:\windows\Installer\c74cc.msi
c:\windows\Installer\d3c3f8.msi
c:\windows\Installer\d3d396d.msp
c:\windows\Installer\d3d3981.msp
c:\windows\Installer\df7bc.msi
c:\windows\Installer\df7c5.msi
c:\windows\Installer\df7ce.msi
c:\windows\Installer\df7d4.msi
c:\windows\Installer\df7dd.msi
c:\windows\Installer\ea557.msp
c:\windows\Installer\ea560.msp
c:\windows\Installer\ea574.msp
c:\windows\Installer\ed310a5.msi
c:\windows\Installer\fb7e67.msi
c:\windows\system32\_007037_.tmp.dll
c:\windows\system32\_007038_.tmp.dll
c:\windows\system32\_007039_.tmp.dll
c:\windows\system32\_007040_.tmp.dll
c:\windows\system32\_007047_.tmp.dll
c:\windows\system32\_007048_.tmp.dll
c:\windows\system32\_007049_.tmp.dll
c:\windows\system32\_007050_.tmp.dll
c:\windows\system32\_007052_.tmp.dll
c:\windows\system32\_007053_.tmp.dll
c:\windows\system32\_007056_.tmp.dll
c:\windows\system32\_007057_.tmp.dll
c:\windows\system32\_007059_.tmp.dll
c:\windows\system32\_007060_.tmp.dll
c:\windows\system32\_007061_.tmp.dll
c:\windows\system32\_007063_.tmp.dll
c:\windows\system32\_007066_.tmp.dll
c:\windows\system32\_007067_.tmp.dll
c:\windows\system32\_007071_.tmp.dll
c:\windows\system32\_007072_.tmp.dll
c:\windows\system32\_007074_.tmp.dll
c:\windows\system32\_007077_.tmp.dll
c:\windows\system32\_007079_.tmp.dll
c:\windows\system32\_007080_.tmp.dll
c:\windows\system32\_007081_.tmp.dll
c:\windows\system32\_007082_.tmp.dll
c:\windows\system32\_007083_.tmp.dll
c:\windows\system32\_007086_.tmp.dll
c:\windows\system32\_007087_.tmp.dll
c:\windows\system32\_007088_.tmp.dll
c:\windows\system32\_007089_.tmp.dll
c:\windows\system32\_007090_.tmp.dll
c:\windows\system32\_007095_.tmp.dll
c:\windows\system32\_007097_.tmp.dll
c:\windows\system32\AVR09.exe
c:\windows\system32\drivers\SKYNETsaowkmlr.sys
c:\windows\system32\drivers\UACkycdvyiuxd.sys
c:\windows\system32\ps2.bat
c:\windows\system32\SKYNEToqodlnha.dat
c:\windows\system32\SKYNETunlrvcig.dat
c:\windows\system32\UACaqgrrsdele.dll
c:\windows\system32\UACblhprsdmyx.db
c:\windows\system32\UACemtetmnaum.dat
c:\windows\system32\UACfynsdtufyx.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACiucdeklxku.dll
c:\windows\system32\UACkseyarmkki.log
c:\windows\system32\UACltpawiiyxd.dll
c:\windows\system32\UACtrsacvjlab.dll
c:\windows\system32\winhelper.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETyoviteix
-------\Legacy_SKYNETyoviteix
-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.

2009-09-18 02:14 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-09-18 02:14 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-18 02:14 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-09-18 02:14 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-09-17 03:56 . 2009-09-17 03:56 -------- d-----w- c:\program files\Alwil Software
2009-09-17 02:22 . 2009-09-17 02:22 -------- d-----w- C:\Trend Info
2009-09-17 02:14 . 2009-09-17 02:14 -------- d-----w- c:\documents and settings\Devon.MONTY.000\Application Data\MSNInstaller
2009-09-14 02:32 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 01:43 . 2009-09-08 01:43 -------- d-----w- c:\program files\ACW
2009-09-08 01:26 . 2009-09-08 01:37 -------- d-----w- c:\program files\RegCure
2009-09-08 01:26 . 2009-09-08 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-09-07 15:34 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-05 13:47 . 2009-09-05 14:01 -------- d--h--w- c:\windows\system32\GroupPolicy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-05 04:00 . 2007-11-13 02:19 -------- d-----w- c:\program files\LogMeIn
2009-10-05 03:50 . 2007-01-13 18:52 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
2009-10-05 03:50 . 2007-01-13 18:52 288 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000009-00001102-00000004-00541102}.dat
2009-09-19 13:18 . 2005-05-12 23:03 -------- d-----w- c:\program files\Trend Micro
2009-09-19 05:47 . 2007-02-05 22:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-19 05:46 . 2007-02-05 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-14 23:09 . 2009-08-29 22:37 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-14 02:28 . 2007-01-13 18:52 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\MSN6
2009-09-03 13:17 . 2009-09-03 13:17 -------- d-----w- c:\program files\CCleaner
2009-09-03 12:16 . 2007-01-13 19:00 -------- d-----w- c:\documents and settings\Devon.MONTY.000\Application Data\MSN6
2009-09-03 11:39 . 2009-09-03 11:39 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Comodo
2009-09-02 23:12 . 2007-07-12 19:56 0 ----a-w- C:\temp.dat
2009-08-28 20:40 . 2008-08-26 23:49 -------- d-----w- c:\program files\Sound Club
2009-08-22 03:46 . 2007-04-09 03:17 -------- d-----w- c:\program files\NEXON
2009-08-21 13:32 . 2009-06-08 12:04 -------- d-----w- c:\documents and settings\Devon.MONTY.000\Application Data\Corel
2009-08-18 00:31 . 2009-08-18 00:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-18 00:30 . 2004-04-09 03:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-07 22:43 . 2009-08-07 22:43 -------- d-----w- c:\program files\AskBarDis
2009-08-07 21:09 . 2009-08-07 21:09 10752 ----a-w- c:\windows\DCEBoot.exe
2009-08-05 09:01 . 2003-01-23 04:57 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2003-01-23 04:54 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2007-01-14 15:09 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2008-08-16 22:42 . 2008-08-16 22:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 22:42 . 2008-08-16 22:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 21:42 . 2008-08-16 21:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 21:42 . 2008-08-16 21:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 22:43 . 2008-08-16 22:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 22:42 . 2008-08-16 22:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 22:42 . 2008-08-16 22:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 13:41 . 2008-05-21 13:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 13:41 . 2008-05-21 13:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 13:41 . 2008-05-21 13:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 18:58 . 2008-06-05 18:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 22:42 . 2008-08-16 22:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2007-11-23 1481984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-26 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

c:\documents and settings\Samuel.MONTY_1.000\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2004-9-23 225280]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 23:25 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56707:TCP"= 56707:TCP:Pando Media Booster
"56707:UDP"= 56707:UDP:Pando Media Booster
"58093:TCP"= 58093:TCP:Pando Media Booster
"58093:UDP"= 58093:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/17/2009 8:33 PM 64160]
R1 cdfdrv;cdfdrv;c:\windows\system32\drivers\cdfdrv.sys [7/27/2008 7:14 PM 27672]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [11/23/2007 7:11 PM 79096]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/23/2007 7:11 PM 23672]
R2 ctxpidmn;ctxpidmn;c:\windows\system32\drivers\ctxpidmn.sys [5/5/2009 10:36 AM 22816]
R2 CtxSbx;CtxSbx;c:\windows\system32\drivers\CtxSbx.sys [5/5/2009 10:36 AM 186912]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 10:49 AM 1029456]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 11:21 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/12/2007 10:20 PM 47640]
R3 EvcapMaui;Emuzed EvcapMaui Device;c:\windows\system32\drivers\EvcapMau.sys [1/31/2003 1:01 AM 172160]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [9/12/2007 11:20 AM 12192]
S2 gupdate1c99526263331f8;Google Update Service (gupdate1c99526263331f8);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 3:45 PM 133104]
S2 mrtRate;mrtRate; [x]
S2 RadeSvc;Citrix Streaming Service;c:\program files\Citrix\Streaming Client\RadeSvc.exe [5/5/2009 10:45 AM 410952]
S3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [4/3/2009 10:37 AM 17280]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-09-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-09-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 19:45]

2009-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 19:45]

2009-10-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-10-05 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-08 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-09-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-01-31 00:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
Trusted Zone: tfsi1.com\secure
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\I386\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\I386\xmldso.cab
FF - ProfilePath - c:\documents and settings\Devon.MONTY.000\Application Data\Mozilla\Firefox\Profiles\6t2joits.default\
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF - plugin: c:\program files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nprade.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-UfSeAgnt.exe - c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe
AddRemove-SimTown95v1 - c:\program files\Maxis\SimTown\DeIsL3.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-05 00:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3988789455-986792447-873116461-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3988789455-986792447-873116461-1005\Software\SecuROM\License information*]
"datasecu"=hex:07,45,ee,0a,f0,68,d1,9c,78,72,83,a7,19,15,b0,29,d3,fe,20,7d,fa,
68,6c,ff,9b,6a,bb,e8,26,e5,51,8a,d4,16,12,fb,f6,b6,fd,90,38,93,9a,07,80,5a,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-10-05 0:26
ComboFix-quarantined-files.txt 2009-10-05 04:26

Pre-Run: 83,803,643,904 bytes free
Post-Run: 85,832,622,080 bytes free

425 --- E O F --- 2009-09-18 03:48

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 05 October 2009 - 07:44 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 08 October 2009 - 02:21 AM

Below is the Malwarebytes log:

-------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

10/8/2009 2:14:35 AM
mbam-log-2009-10-08 (02-14-35).txt

Scan type: Quick Scan
Objects scanned: 241266
Time elapsed: 11 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------


I am able to browse the internet successfully. I am not receiving messages about 'Google Installer encountered a problem...'

* * * However, after re-insalling Trend Internet Security, I am still prevented from entering a password when attempting to activate password protection.

I am still receiving a message that new hardware was found (even though no new hardware has been added, attached, etc.).

Lastly, when setting which areas to scan with Trend Internet Security Custom Scan Option, an error appears (attached)Attached File  Errors_with_Trend.doc   287.5KB   10 downloads:

When the scan is attempted, the following appears. Although I reboot, this error still appears after trying to start a scan with Trend Internet Security. It appears that the scan is proceeding but the error message still pops-up.
Attached File  When_the_scan_is_attempted.doc   27.5KB   13 downloads


Otherwise, so far, the problems seem to have been fixed. Thank you!

* * * * I am still concerned about the random errors and not being able to enter information into a dialog box. Is there anything that could be done for this problem?

Thanks Again

Edited by brother_dev, 08 October 2009 - 03:13 AM.


#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 08 October 2009 - 07:20 AM

Please clarify the issue with not being able to enter passwords. Are you finding this when using your internet browser? Or is it a variety of programs?


We need to scan the system with this special tool.
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 brother_dev

brother_dev
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:47 PM

Posted 08 October 2009 - 04:02 PM

The problem with entering into text fields applies to Trend Internet Security but was also experienced when attempting to enter information into the registration form for Bleeping Computer. So, to what extent the problem occurs, I do not know. These were two separate cases both an application and a web form. However, I could go to PayPal and modify my profile on the form they provided or go to Hotmail and enter a user name and password, etc. So, I am assuming that it is the type of form or its identification, possibly.


Below is the log report - THANKS


---------------------------------------------------------------------------------------------------------------------------------------------


Junction v1.05 - Windows junction creator and reparse point viewer
Copyright 2000-2007 Mark Russinovich
Systems Internals - http://www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


.
Failed to open \\?\c:\\54deada9130a9115a76158d630\hpothb07.dat: Access is denied.



Failed to open \\?\c:\\54deada9130a9115a76158d630\hpothb07.tif: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\$shtdwn$.req: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\accwiz.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\crypt32.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\cryptsvc.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\hh.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\hhctrl.ocx: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\hhsetup.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\hpothb07.dat: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\hpothb07.tif: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\html32.cnv: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\itircl.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\itss.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\locator.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\magnify.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\migwiz.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\mrxsmb.sys: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\msconv97.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\narrator.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\newdev.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\ntdll.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\ntkrnlmp.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\ntkrnlpa.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\ntkrpamp.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\ntoskrnl.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\ole32.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\osk.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\pchshell.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\raspptp.sys: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\rpcrt4.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\rpcss.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\shdocvw.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\shell32.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\shmedia.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\spmsg.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\spuninst.exe: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\srrstr.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\srv.sys: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\sysmain.sdb: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\update: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\urlmon.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\user32.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\win32k.sys: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\winsrv.dll: Access is denied.



Failed to open \\?\c:\\ba38375fc0234b88f2e03c\zipfldr.dll: Access is denied.


..
Failed to open \\?\c:\\Documents and Settings\Administrator\Cookies: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Favorites: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\My Documents: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\NetHood: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\Microsoft\Credentials\S-1-5-21-1651704803-2377678370-215132491-500\Credentials: Access is denied.





Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\Microsoft\Crypto\RSA\S-1-5-21-1651704803-2377678370-215132491-500\a18ca4003deb042bbee7a40f15e1970b_93f3e948-d04f-44df-b248-ea282a3746b5: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1651704803-2377678370-215132491-500\f651cd85-8c67-4f98-ab92-fea798172d67: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\Microsoft\Protect\S-1-5-21-1651704803-2377678370-215132491-500\Preferred: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\fastsettings.dat: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\favcache.xml: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\favorites.xml: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\localsettings.xml: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\msnuser.dat: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\settings.xml: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Archived Mail.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Bulk Mail.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\contacts.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Drafts.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\folders.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Inbox.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\MSN Announcements.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\offline.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Outbox.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Sent Messages(1).dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Sent Messages.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Trash(1).dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Application Data\MSN6\UserData\{163D71CE-9A94-01C3-0000-0000464064C1}\Hotmail\Trash.dbx: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Local Settings\History: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Local Settings\Temp: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Local Settings\Temporary Internet Files: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\UserData\index.dat: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Administrator\UserData\BAG7MPFC\oWindowsUpdate[1].xml: Access is denied.


...

...

...

...

..
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0603e8e3e8f88e2f04dfc6aadeaea94d_ea6f48df-cdd9-45bc-84d4-3fab00b42ce7: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\06c4e47662dcaeac2228d936bd1fa8de_ea6f48df-cdd9-45bc-84d4-3fab00b42ce7: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\123858b762ae9e88cf0fe3821c2c8543_ea6f48df-cdd9-45bc-84d4-3fab00b42ce7: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\415e064b6f554e8d6b533ee2426ca995_ea6f48df-cdd9-45bc-84d4-3fab00b42ce7: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c7cf73e0884bfddfd76c9dc23f6b13a5_ea6f48df-cdd9-45bc-84d4-3fab00b42ce7: Access is denied.



Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\e2f60376a16cb6acf10cefc2e9948e2a_ea6f48df-cdd9-45bc-84d4-3fab00b42ce7: Access is denied.


.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...
Failed to open \\?\c:\\System Volume Information\MountPointManagerRemoteDatabase: Access is denied.




...

...

...

...
Failed to open \\?\c:\\WINDOWS\$NtUninstallKB833330$\Blastcln: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallQ828026$\msdxm.ocx: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallQ828026$\wmpcore.dll: Access is denied.




...\\?\c:\\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790
Substitute Name: C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790

\\?\c:\\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e
Substitute Name: C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\2.1.72.10__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.10_x-ww_a732e08
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_2.1.72.10_x-ww_a732e08

\\?\c:\\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\2.1.72.10__540d4816ead86321: JUNCTION
Print Name : C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.10_x-ww_c5e9e600
Substitute Name: C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_2.1.72.10_x-ww_c5e9e600



...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..

Edited by brother_dev, 08 October 2009 - 04:05 PM.


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 08 October 2009 - 05:59 PM

I'm not seeing any more indication of malware or anything malware related. I recommend troubleshooting your issue with Trendmicro at their support site.

http://esupport.trendmicro.com/consumer/default.aspx
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:03:47 PM

Posted 01 November 2009 - 09:49 AM

Now that your problem appears to be resolved, this topic will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this topic in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users