Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirecting etc.


  • This topic is locked This topic is locked
8 replies to this topic

#1 wayovermyhead

wayovermyhead

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:02:41 PM

Posted 11 January 2011 - 05:47 PM

I would greatly appreciate any help or information you can give me....The only browser that still responds at all is IE though it's quite often redirected unless I type the entire URL...have had random browser windows opening,also "security warnings" popping up including one that says that my firewall is turned off which it is not..from time to time I can't connect to the internet at all..when I try I either get a message saying that there is no modem installed on this computer..or that it is being used by another program.

Scans by AVG and Housecall have garnered nothing...Advance system care has found and removed several items,to no avail..Malwarebytes found and quarentined numerous infections though it hasn't helped they seem to be reinstalling every time the system reboots .

following this missive are my dds txt,dds attach txt and ard.txt log from gmer..thank you in advance.



DDS (Ver_10-12-12.02) - NTFSx86
Run by beckys at 12:59:31.73 on Tue 01/11/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.495.193 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\beckys\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://att.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
mStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://b.casalemedia.com/V2/57481/124102/index.html?www.funtrivia.com/bb2.cfm
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [GWMDMMSG] GWMDMMSG.exe
mRun: [GWMDMpi] c:\windows\GWMDMpi.exe
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [CapFax] c:\program files\phonetools\CapFax.EXE
mRun: [YBrowser] c:\progra~1\yahoo!\browser\ybrwicon.exe
mRun: [AT&T Yahoo! Dial Connection Manager] c:\program files\sbc yahoo!\connection manager\ConnectionManager.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [<NO NAME>] SBC Yahoo! Connection Manager
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\belkin~1.lnk - c:\documents and settings\all users\documents\wireless folder\Belkinwcui.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.19\amvconverter\grab.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\gateway\do more\DoMoreRunExe.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {E991985B-B890-49D8-A6DC-BD9FC9D13723} = 151.164.1.8 206.13.28.12
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\program files\relevantknowledge\rlai.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 209.44.111.57 alarm-security.microsoft.com
Hosts: 209.44.111.57 inetantivir.com
Hosts: 209.44.111.57 www.inetantivir.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\beckys\applic~1\mozilla\firefox\profiles\5fch9zai.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - plugin: c:\documents and settings\beckys\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-13 24652]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [2008-7-29 29522]

=============== Created Last 30 ================

2011-01-08 19:49:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 19:49:16 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 19:49:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 14:19:09 388096 ----a-r- c:\docume~1\beckys\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-08 14:19:07 -------- d-----w- c:\program files\Trend Micro
2011-01-08 13:33:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-01-08 13:33:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-31 22:42:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Hip Hop
2010-12-31 22:40:49 -------- d-----w- c:\program files\common files\Nikon
2010-12-31 22:40:41 -------- d-----w- c:\program files\Nikon
2010-12-31 22:39:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Galaxy Swirl
2010-12-31 22:37:32 -------- d-----w- c:\docume~1\beckys\locals~1\applic~1\ArcSoft
2010-12-31 22:37:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_2F040L0 rev.VAM51JJ0 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8571B735]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x85721990]; MOV EAX, [0x85721a0c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x857608D8]
3 CLASSPNP[0xF764005B] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000005a[0x857951A8]
5 ACPI[0xF75B6620] -> nt!IofCallDriver[0x804E13B9] -> [0x85761D98]
\Driver\atapi[0x8575F8C0] -> IRP_MJ_CREATE -> 0x8571B735
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskMaxtor_2F040L0__________________________VAM51JJ0#31464742485a4532202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8571B57B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 13:01:19.32 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:41 PM

Posted 13 January 2011 - 05:56 PM

Hello wayovermyhead ,

Posted Image


Download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 wayovermyhead

wayovermyhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:02:41 PM

Posted 13 January 2011 - 07:33 PM

Thank you for your reply Teacup.
I have run TDSSKiller and pasted the log below.


2011/01/13 18:02:10.0750 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
2011/01/13 18:02:10.0750 ================================================================================
2011/01/13 18:02:10.0750 SystemInfo:
2011/01/13 18:02:10.0750
2011/01/13 18:02:10.0750 OS Version: 5.1.2600 ServicePack: 2.0
2011/01/13 18:02:10.0750 Product type: Workstation
2011/01/13 18:02:10.0750 ComputerName: PERSONAL-0598AD
2011/01/13 18:02:10.0750 UserName: beckys
2011/01/13 18:02:10.0750 Windows directory: C:\WINDOWS
2011/01/13 18:02:10.0750 System windows directory: C:\WINDOWS
2011/01/13 18:02:10.0750 Processor architecture: Intel x86
2011/01/13 18:02:10.0750 Number of processors: 2
2011/01/13 18:02:10.0750 Page size: 0x1000
2011/01/13 18:02:10.0750 Boot type: Normal boot
2011/01/13 18:02:10.0750 ================================================================================
2011/01/13 18:02:11.0078 Initialize success
2011/01/13 18:02:20.0343 ================================================================================
2011/01/13 18:02:20.0343 Scan started
2011/01/13 18:02:20.0343 Mode: Manual;
2011/01/13 18:02:20.0343 ================================================================================
2011/01/13 18:02:21.0296 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/01/13 18:02:21.0468 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/01/13 18:02:21.0656 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/01/13 18:02:21.0843 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/01/13 18:02:22.0000 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/01/13 18:02:22.0515 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/01/13 18:02:22.0593 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/01/13 18:02:22.0718 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/01/13 18:02:22.0968 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/01/13 18:02:23.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/01/13 18:02:23.0281 BCMModem (2d39d498108c4810ef8cc1103a2a5b73) C:\WINDOWS\system32\DRIVERS\BCMDM.sys
2011/01/13 18:02:23.0468 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/01/13 18:02:23.0578 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys
2011/01/13 18:02:23.0765 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/01/13 18:02:23.0906 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/01/13 18:02:24.0109 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/01/13 18:02:24.0234 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/01/13 18:02:24.0343 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/01/13 18:02:24.0718 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/01/13 18:02:24.0921 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/01/13 18:02:25.0062 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/01/13 18:02:25.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/01/13 18:02:25.0281 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/01/13 18:02:25.0421 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/01/13 18:02:25.0531 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/01/13 18:02:25.0703 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/01/13 18:02:25.0796 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/01/13 18:02:25.0953 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/01/13 18:02:26.0078 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/01/13 18:02:26.0187 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/01/13 18:02:26.0343 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/01/13 18:02:26.0390 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/01/13 18:02:26.0500 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/01/13 18:02:26.0640 GTWModem (2b34e4aacb5734bfd663c803335b11ea) C:\WINDOWS\system32\DRIVERS\GWMDM.sys
2011/01/13 18:02:26.0828 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/01/13 18:02:27.0031 HSFHWBS2 (3e0b68288e468190a5bf4c2ef5998a18) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/01/13 18:02:27.0125 HSF_DPV (bd2abf12938a2fccc340873412c2b2ab) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/01/13 18:02:27.0343 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/01/13 18:02:27.0578 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/01/13 18:02:27.0687 ialm (a79029861cb69cd3cf4eab9ebfee32dd) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/01/13 18:02:27.0796 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/01/13 18:02:28.0015 InCDfs (2033780b89143e45f56300d8d7d22e7e) C:\WINDOWS\system32\drivers\InCDfs.sys
2011/01/13 18:02:28.0062 InCDPass (400313dc0b230836a4fb64cf3f8f6e59) C:\WINDOWS\system32\DRIVERS\InCDPass.sys
2011/01/13 18:02:28.0125 InCDrec (970208671716754bad77dcf8dff82892) C:\WINDOWS\system32\drivers\InCDrec.sys
2011/01/13 18:02:28.0312 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/01/13 18:02:28.0375 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/01/13 18:02:28.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/01/13 18:02:28.0609 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/01/13 18:02:28.0734 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/01/13 18:02:28.0828 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/01/13 18:02:29.0031 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/01/13 18:02:29.0140 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/01/13 18:02:29.0250 JL2005C (78648c0450b9af8d1bbc5fd86dec1642) C:\WINDOWS\system32\Drivers\jl2005c.sys
2011/01/13 18:02:29.0359 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/01/13 18:02:29.0468 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/01/13 18:02:29.0562 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/01/13 18:02:29.0671 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/01/13 18:02:29.0843 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/01/13 18:02:30.0062 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/01/13 18:02:30.0171 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/01/13 18:02:30.0265 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/01/13 18:02:30.0359 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/01/13 18:02:30.0484 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/01/13 18:02:30.0609 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/01/13 18:02:30.0750 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/01/13 18:02:30.0890 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/01/13 18:02:31.0125 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/01/13 18:02:31.0281 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/01/13 18:02:31.0359 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/01/13 18:02:31.0468 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/01/13 18:02:31.0562 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/01/13 18:02:31.0671 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/01/13 18:02:31.0812 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/01/13 18:02:31.0921 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/01/13 18:02:31.0984 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/01/13 18:02:32.0156 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/01/13 18:02:32.0281 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/01/13 18:02:32.0421 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/01/13 18:02:32.0593 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/01/13 18:02:32.0703 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/01/13 18:02:32.0796 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/01/13 18:02:32.0984 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/01/13 18:02:33.0171 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/01/13 18:02:33.0312 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/01/13 18:02:33.0453 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/01/13 18:02:33.0546 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/01/13 18:02:33.0625 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/01/13 18:02:33.0750 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/01/13 18:02:33.0875 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/01/13 18:02:34.0000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/01/13 18:02:34.0343 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/01/13 18:02:34.0515 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/01/13 18:02:34.0625 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/01/13 18:02:35.0296 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
2011/01/13 18:02:35.0609 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/01/13 18:02:36.0296 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/01/13 18:02:36.0953 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/01/13 18:02:37.0546 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/01/13 18:02:37.0906 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/01/13 18:02:38.0359 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/01/13 18:02:38.0453 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/01/13 18:02:38.0515 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/01/13 18:02:38.0609 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/01/13 18:02:38.0718 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/01/13 18:02:38.0828 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/01/13 18:02:38.0968 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/01/13 18:02:39.0093 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/01/13 18:02:39.0250 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/01/13 18:02:39.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/01/13 18:02:39.0546 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/01/13 18:02:39.0656 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/01/13 18:02:39.0765 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/01/13 18:02:39.0968 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/01/13 18:02:40.0125 smwdm (eba50c8f7efd8178e8c4bde6b74e744c) C:\WINDOWS\system32\drivers\smwdm.sys
2011/01/13 18:02:40.0250 SoC PC-Camera Service (0c9187b87c1fc96d78094bead9b4df3b) C:\WINDOWS\system32\DRIVERS\pfc027.sys
2011/01/13 18:02:40.0390 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/01/13 18:02:40.0531 SQTECH913D (c48495c76a551c1acc0e5ffab0958476) C:\WINDOWS\system32\Drivers\Capt913D.sys
2011/01/13 18:02:40.0656 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/01/13 18:02:40.0781 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/01/13 18:02:40.0968 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/01/13 18:02:41.0093 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/01/13 18:02:41.0203 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/01/13 18:02:41.0500 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/01/13 18:02:41.0640 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/01/13 18:02:41.0765 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/01/13 18:02:41.0843 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/01/13 18:02:41.0921 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/01/13 18:02:42.0093 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/01/13 18:02:42.0250 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/01/13 18:02:42.0437 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/01/13 18:02:42.0640 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/01/13 18:02:42.0796 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/01/13 18:02:42.0937 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/01/13 18:02:43.0078 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys
2011/01/13 18:02:43.0203 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/01/13 18:02:43.0328 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/01/13 18:02:43.0390 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/01/13 18:02:43.0453 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/01/13 18:02:43.0609 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/01/13 18:02:43.0750 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/01/13 18:02:43.0828 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
2011/01/13 18:02:43.0968 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/01/13 18:02:44.0203 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/01/13 18:02:44.0343 winachsf (ea2ab3c94b1aee6aa22d543f1f0c62aa) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/01/13 18:02:44.0484 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.SYS
2011/01/13 18:02:44.0703 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/01/13 18:02:44.0812 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/01/13 18:02:44.0921 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/01/13 18:02:45.0000 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/01/13 18:02:45.0156 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/01/13 18:02:45.0281 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
2011/01/13 18:02:45.0343 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
2011/01/13 18:02:45.0390 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/13 18:02:45.0406 ================================================================================
2011/01/13 18:02:45.0406 Scan finished
2011/01/13 18:02:45.0406 ================================================================================
2011/01/13 18:02:45.0421 Detected object count: 1
2011/01/13 18:03:04.0734 \HardDisk0 - will be cured after reboot
2011/01/13 18:03:04.0734 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/13 18:03:09.0296 Deinitialize success

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:41 PM

Posted 13 January 2011 - 08:00 PM

Hello,

You're welcome. :)

Good. :thumbup2: How is it running now please? Would you please have a quick scan with MBAM and let me know what it found, if anything. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 wayovermyhead

wayovermyhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:02:41 PM

Posted 14 January 2011 - 12:52 AM

Hello again..

The redirecting issue is better but still not gone entirely,though the modem issues seem to have cleared up...ran MBAM it crashed twice before I finally got a scan to finish, citing that a file named ( C:\DOCUME~1\beckys\LOCALS~1\Temp\990_appcompat.txt ) was being sent in the error report .. the log from the MBAM scan is pasted below .:)



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5488

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/13/2011 10:00:54 PM
mbam-log-2011-01-13 (22-00-54).txt

Scan type: Quick scan
Objects scanned: 221031
Time elapsed: 1 hour(s), 24 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Edited by wayovermyhead, 14 January 2011 - 01:02 AM.


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:41 PM

Posted 14 January 2011 - 12:05 PM

Hello there,

Hmmmm......well then, let's do something more aggressive:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If McAfee gives you any problems, you may have to temporarily uninstall it. For some reason, this is common with McAfee. <_<

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to overmyhead.exe and try again.

Also, even thpough you mentioned AVG and other protection programs in your initial post, I don't see anything running. Please install an AntiVirus after you run ComboFix. Avira OR Avast are good FREE antivirus. I use Avira myself.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 wayovermyhead

wayovermyhead
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:texas
  • Local time:02:41 PM

Posted 16 January 2011 - 01:36 PM

Hello again.
No worries about my using combofix without direction,was a wee bit nervous about it even with direction had a bit of trouble getting it to run but was finally successfull the log is posted below,..computer running much better at this point,no idea why my antivirus isnt showing as it's still installed,but am downloading Avira as I type this...would you recommend that I reinstall Avg as well?
thank you for all your help by the way.



ComboFix 11-01-14.01 - beckys 01/14/2011 13:26:48.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.495.179 [GMT -6:00]
Running from: c:\documents and settings\beckys\Local Settings\Temporary Internet Files\Content.IE5\W9IR2ZG5\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~GLHTTP1.TMP
c:\documents and settings\Marie\Start Menu\Programs\InternetGameBox
c:\documents and settings\Marie\Start Menu\Programs\InternetGameBox\InternetGameBox.lnk
c:\documents and settings\Marie\Start Menu\Programs\InternetGameBox\Privacy Policy.lnk
c:\documents and settings\Marie\Start Menu\Programs\InternetGameBox\Terms and conditions.lnk
c:\documents and settings\Marie\Start Menu\Programs\InternetGameBox\Website.lnk
c:\program files\Common Files\mcroso~1.net
c:\program files\Common Files\mcroso~1.net\M?crosoft.NET\ctxad-572.0000
c:\program files\Common Files\mcroso~1.net\M?crosoft.NET\ctxad-572.0001
c:\program files\Common Files\mcroso~1.net\M?crosoft.NET\ctxad-572.0002
c:\program files\Common Files\wkqq
c:\program files\Common Files\wkqq\wkqqd\class-barrel
c:\program files\Common Files\wkqq\wkqqd\vocabulary
c:\program files\Dcads Advanced Toolbar
c:\program files\Dcads Advanced Toolbar\buttons.xml
c:\program files\Dcads Advanced Toolbar\search.xml
c:\program files\filesubmit
c:\program files\filesubmit\Dealio.txt
c:\program files\filesubmit\hotchix2006.zip\fsi_install.ico
c:\program files\filesubmit\hotchix2006.zip\fsi_uninstall.ico
c:\program files\filesubmit\hotchix2006.zip\hotchix2006.zip
c:\program files\filesubmit\hotchix2006.zip\INSTALL.LOG
c:\program files\filesubmit\hotchix2006.zip\UNWISE.EXE
c:\program files\filesubmit\hotchix2006.zip\UNWISE.INI
c:\program files\filesubmit\NewDotNet.txt
c:\program files\filesubmit\NNWDAC638.EXE
c:\program files\filesubmit\WhenU_SaveNow.txt
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
c:\windows\patch.exe
c:\windows\system32\encapi32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NNSERV
-------\Legacy_USNJSVC
-------\Service_usnjsvc


((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.

2011-01-14 18:21 . 2011-01-14 18:22 -------- d-----w- C:\32788R22FWJFW.0.tmp
2011-01-13 21:01 . 2011-01-13 21:01 -------- d-----w- c:\documents and settings\trial
2011-01-13 15:39 . 2011-01-13 15:39 -------- d-----w- C:\found.000
2011-01-12 18:44 . 2011-01-12 18:44 122880 --sha-r- c:\windows\system32\rasmanx.dll
2011-01-12 14:22 . 2011-01-12 14:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-01-08 22:08 . 2011-01-08 22:08 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2011-01-08 19:49 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 19:49 . 2011-01-08 19:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 19:49 . 2010-12-21 00:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 14:19 . 2011-01-08 14:19 388096 ----a-r- c:\documents and settings\beckys\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-08 14:19 . 2011-01-08 14:19 -------- d-----w- c:\program files\Trend Micro
2011-01-08 13:33 . 2011-01-08 13:33 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-31 22:52 . 2010-12-31 23:00 -------- d-----w- c:\documents and settings\beckys\Application Data\Nikon
2010-12-31 22:42 . 2010-12-31 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hip Hop
2010-12-31 22:40 . 2011-01-08 13:32 -------- d-----w- c:\program files\Common Files\Nikon
2010-12-31 22:40 . 2010-12-31 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Nikon
2010-12-31 22:40 . 2010-12-31 22:43 -------- d-----w- c:\program files\Nikon
2010-12-31 22:39 . 2010-12-31 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15
2010-12-31 22:39 . 2010-12-31 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp
2010-12-31 22:39 . 2010-12-31 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Galaxy Swirl
2010-12-31 22:37 . 2010-12-31 22:37 -------- d-----w- c:\documents and settings\beckys\Local Settings\Application Data\ArcSoft
2010-12-31 22:37 . 2011-01-08 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-16 06:35 . 2008-01-01 00:35 66408 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-09-16 06:35 . 2008-01-01 00:35 54112 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-09-16 06:35 . 2008-01-01 00:35 34688 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2007-09-16 06:35 . 2008-01-01 00:35 46456 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2007-09-16 06:35 . 2008-01-01 00:35 171880 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\progra~1\WINDOW~4\MESSEN~1\msnmsgr.exe" [2007-10-18 5724184]
"Aim6"="c:\program files\AIM6\aim6.exe" [2007-10-04 50528]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-10 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-02-22 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-02-22 114688]
"GWMDMMSG"="GWMDMMSG.exe" [2007-02-22 90112]
"GWMDMpi"="c:\windows\GWMDMpi.exe" [2007-02-22 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-02-27 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-27 98304]
"CapFax"="c:\program files\PhoneTools\CapFax.EXE" [2001-11-07 20480]
"YBrowser"="c:\progra~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"AT&T Yahoo! Dial Connection Manager"="c:\program files\SBC Yahoo!\Connection Manager\ConnectionManager.exe" [2007-05-11 1158248]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-17 28672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 53760]

c:\documents and settings\Barry\Start Menu\Programs\Startup\
Sirens DeskMate.LNK - c:\program files\DeskMates\Sirens\Sirens.exe [N/A]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless USB Utility.lnk - c:\documents and settings\All Users\Documents\Wireless Folder\Belkinwcui.exe [2005-10-28 1404928]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/13/2007 4:26 PM 24652]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913D.sys [7/29/2008 9:33 AM 29522]
.
Contents of the 'Scheduled Tasks' folder

2011-01-14 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://att.yahoo.com
mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
uInternet Connection Wizard,ShellNext = hxxp://b.casalemedia.com/V2/57481/124102/index.html?www.funtrivia.com/bb2.cfm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.19\AMVConverter\grab.html
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: {E991985B-B890-49D8-A6DC-BD9FC9D13723} = 151.164.1.8 206.13.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {0F04992B-E661-4DB9-B223-903AB628225D} - file://c:\program files\Gateway\Do More\DoMoreRunExe.CAB
FF - ProfilePath - c:\documents and settings\beckys\Application Data\Mozilla\Firefox\Profiles\5fch9zai.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-InCD - c:\program files\Ahead\InCD\InCD.exe
AddRemove-AOLAntivirus - c:\program files\mcafee.com\antivirus\uninst.exe
AddRemove-BearShare - f:\program files\BearShare Applications\BearShare\UninstallSurvey.exe
AddRemove-hotchix2006.zip - c:\progra~1\FILESU~1\HOTCHI~1.ZIP\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 13:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3396)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\CA\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\windows\GWMDMMSG.exe
c:\progra~1\Yahoo!\browser\ycommon.exe
.
**************************************************************************
.
Completion time: 2011-01-14 13:57:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 19:56

Pre-Run: 19,107,655,680 bytes free
Post-Run: 20,603,084,800 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2B2895127FE30345F56F7ADBFE7FDE92

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:41 PM

Posted 19 January 2011 - 01:41 PM

Hello,

.........but am downloading Avira as I type this...would you recommend that I reinstall Avg as well?

No. More than one AntiVirus causes a lot of problems. Avast! is sufficient. :thumbup2:

Tell you what, some of this stuff has been on your computer a LONG LONG time. :blink: Could you please make sure MBAM is updated and have a run with it for me?

How is it running today?

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:41 PM

Posted 12 February 2011 - 02:57 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users