Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting after system restore


  • This topic is locked This topic is locked
15 replies to this topic

#1 ksd1998

ksd1998

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 07 July 2011 - 10:21 AM

A few days ago malwarebytes picked up several infections on my computer in safe mode. On restart my desktop was nearly void of shortcuts, so I did a system restore, which seemed to fix the problem however....now all my google and yahoo searches are being redirected. Occasionally I will get a message that "When you send information to the internet it might be possible for others to see that information. Do you want to continue?" If you click yes, you are redirected, if you click no, nothing loads. I have done everything I know to do and have gotten nowhere on this. Any ideas??

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 09 July 2011 - 01:46 PM

Hi,

Please do the following:

Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.


NEXT

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 11 July 2011 - 05:12 PM

Hi, Thanks for your help. Here are the logs you requested.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 14:48:35 on 2011-07-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.430 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Acer\Bio-Protection fingerprint solution\FPLaunch.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Preload] c:\windows\RUNXMLPL.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\bio-protection fingerprint solution\PdtWzd.exe" show
mRun: [Acer ePresentation HPD] c:\acer\empowering technology\epresentation\ePresentation.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Boot] c:\acer\empowering technology\epower\Boot.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe 1
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD05] c:\program files\hewlett-packard\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon05] c:\windows\system32\hphmon05.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\bio-protection fingerprint solution\PwdBank.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {2FF8D282-F78A-4A33-ABC2-49E72A341482} - hxxp://riteaid.storefront.com/images/global/activex/SFImageUpload1_10.CAB
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E63C7077-78D5-4215-901C-62C001E46361} : DhcpNameServer = 192.168.2.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\bio-protection fingerprint solution\WinNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl8d441c50;MpKsl8d441c50;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65e84eca-d585-4831-a269-5d5f2bea50c3}\MpKsl8d441c50.sys [2011-7-11 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-6-24 92008]
S1 MpKslb8e9b334;MpKslb8e9b334;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a58ba47-6fa7-44ca-8f03-f9f5c3c9206b}\mpkslb8e9b334.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{4a58ba47-6fa7-44ca-8f03-f9f5c3c9206b}\MpKslb8e9b334.sys [?]
.
=============== File Associations ===============
.
.txt=
.
=============== Created Last 30 ================
.
2011-07-11 07:57:47 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65e84eca-d585-4831-a269-5d5f2bea50c3}\MpKsl8d441c50.sys
2011-07-11 07:57:42 7074640 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{65e84eca-d585-4831-a269-5d5f2bea50c3}\mpengine.dll
2011-07-06 01:59:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-06 01:59:04 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 01:37:35 -------- d-sha-r- C:\cmdcons
2011-07-04 01:32:31 98816 ----a-w- c:\windows\sed.exe
2011-07-04 01:32:31 518144 ----a-w- c:\windows\SWREG.exe
2011-07-04 01:32:31 256000 ----a-w- c:\windows\PEV.exe
2011-07-04 01:32:31 208896 ----a-w- c:\windows\MBR.exe
2011-07-04 01:31:14 -------- d-----w- C:\kahdah
2011-07-04 00:01:35 302592 ----a-w- C:\4l5v6kci.exe
2011-07-03 18:49:38 -------- d-----w- c:\documents and settings\owner\application data\SUPERAntiSpyware.com
2011-07-03 12:50:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-03 12:50:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-14 19:23:07 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 14:54:43.21 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/19/2009 7:56:32 PM
System Uptime: 7/10/2011 4:19:52 PM (22 hours ago)
.
Motherboard: Acer | | Columbia
Processor: Intel® Core™2 Duo CPU T7100 @ 1.80GHz | U2E1 | 1795/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 53.463 GiB free.
D: is FIXED (FAT32) - 72 GiB total, 71.887 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom NetLink ™ Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&23F5EDAD&0&00E0
Manufacturer: Broadcom
Name: Broadcom NetLink ™ Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&23F5EDAD&0&00E0
Service: b57w2k
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3661163AAE407
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3661163AAE407
Service: NIC1394
.
==== System Restore Points ===================
.
RP695: 7/5/2011 3:10:22 PM - Installed Microsoft Fix it 50267
RP696: 7/5/2011 3:27:03 PM - Installed Microsoft Fix it 50267
RP697: 7/5/2011 4:01:05 PM - Installed Microsoft Fix it 50267
RP698: 7/5/2011 4:08:43 PM - Restore Operation
RP699: 7/5/2011 9:50:18 PM - Removed Java™ 6 Update 7
RP700: 7/5/2011 9:50:48 PM - Removed iSEEK AnswerWorks English Runtime
RP701: 7/5/2011 9:51:33 PM - Removed Java™ 6 Update 11
RP702: 7/5/2011 9:58:40 PM - Installed Java™ 6 Update 26
RP703: 7/5/2011 10:01:22 PM - Installed Microsoft Fix it 50267
RP704: 7/7/2011 11:14:09 AM - Software Distribution Service 3.0
RP705: 7/7/2011 1:37:24 PM - Removed Patterson EagleSoft
RP706: 7/7/2011 1:57:20 PM - Installed Microsoft Fix it 50267
RP707: 7/10/2011 4:48:16 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acer Bio-Protection fingerprint solution 3.0.1.1
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.4088
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer ScreenSaver
AdMission Photo Uploader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec Fingerprint Sensor Minimum Install
Bodog Poker
Broadcom Gigabit Integrated Controller
Clone Wars
Critical Update for Windows Media Player 11 (KB959772)
DigitImg
Facebook Plug-In
FileZilla Client 3.2.4.1
Full Tilt Poker
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® PROSet/Wireless Software
iTunes
Java Auto Updater
Java™ 6 Update 26
Launch Manager
LibreOffice 3.3
LightScribe 1.4.142.1
Malwarebytes' Anti-Malware version 1.51.0.1200
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mMHouse
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser
mWlsSafe
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
NTI Shadow
Photosmart 140,240,7200,7600,7700,7900 Series
Picasa 3
PowerDVD
PS7600
PSShortcuts
PSUsage
Quicken 2011
Quicken WillMaker Plus 2011
QuickTime
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SUPERAntiSpyware
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TomTom HOME 2.7.5.2014
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 12:35:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter SASKUTIL
7/7/2011 11:04:36 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
7/5/2011 9:45:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
7/5/2011 9:31:24 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/4/2011 10:22:11 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.950.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/4/2011 10:22:11 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/4/2011 10:13:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter SASDIFSV SASKUTIL
7/4/2011 10:12:42 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/10/2011 4:17:20 PM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.107.1258.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7000.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
7/10/2011 4:12:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
.
==== End Of File ===========================


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 15:02:25
-----------------------------
15:02:25.515 OS Version: Windows 5.1.2600 Service Pack 3
15:02:25.515 Number of processors: 2 586 0xF0D
15:02:25.515 ComputerName: ACER-47CBE8A5ED UserName: Owner
15:02:26.125 Initialize success
15:04:44.562 AVAST engine defs: 11071101
15:19:12.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:19:12.390 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
15:19:12.453 Disk 0 MBR read successfully
15:19:12.453 Disk 0 MBR scan
15:19:12.453 Disk 0 unknown MBR code
15:19:12.453 Disk 0 MBR hidden
15:19:12.468 Disk 0 scanning sectors +312576705
15:19:12.578 Disk 0 scanning C:\WINDOWS\system32\drivers
15:19:28.906 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
15:20:21.312 Service scanning
15:20:22.296 Disk 0 trace - called modules:
15:20:22.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f0ff16]<<
15:20:22.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1cab8]
15:20:22.359 3 CLASSPNP.SYS[f765dfd7] -> nt!IofCallDriver -> \Device\000000b9[0x86f4f158]
15:20:22.375 5 ACPI.sys[f7454620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f4a030]
15:20:22.375 \Driver\iaStor[0x86f4f658] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86f0ff16
15:20:22.765 AVAST engine scan C:\WINDOWS
15:57:37.234 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
16:06:50.250 AVAST engine scan C:\Documents and Settings\Owner
16:23:22.812 AVAST engine scan C:\Documents and Settings\All Users
16:26:05.906 Scan finished successfully
18:00:25.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:00:25.875 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 15:02:25
-----------------------------
15:02:25.515 OS Version: Windows 5.1.2600 Service Pack 3
15:02:25.515 Number of processors: 2 586 0xF0D
15:02:25.515 ComputerName: ACER-47CBE8A5ED UserName: Owner
15:02:26.125 Initialize success
15:04:44.562 AVAST engine defs: 11071101
15:19:12.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:19:12.390 Disk 0 Vendor: WDC_WD16 11.0 Size: 152627MB BusType: 3
15:19:12.453 Disk 0 MBR read successfully
15:19:12.453 Disk 0 MBR scan
15:19:12.453 Disk 0 unknown MBR code
15:19:12.453 Disk 0 MBR hidden
15:19:12.468 Disk 0 scanning sectors +312576705
15:19:12.578 Disk 0 scanning C:\WINDOWS\system32\drivers
15:19:28.906 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
15:20:21.312 Service scanning
15:20:22.296 Disk 0 trace - called modules:
15:20:22.343 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f0ff16]<<
15:20:22.343 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1cab8]
15:20:22.359 3 CLASSPNP.SYS[f765dfd7] -> nt!IofCallDriver -> \Device\000000b9[0x86f4f158]
15:20:22.375 5 ACPI.sys[f7454620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x86f4a030]
15:20:22.375 \Driver\iaStor[0x86f4f658] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x86f0ff16
15:20:22.765 AVAST engine scan C:\WINDOWS
15:57:37.234 File: C:\WINDOWS\system32\drivers\cdrom.sys **SUSPICIOUS**
16:06:50.250 AVAST engine scan C:\Documents and Settings\Owner
16:23:22.812 AVAST engine scan C:\Documents and Settings\All Users
16:26:05.906 Scan finished successfully
18:00:25.859 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:00:25.875 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
18:09:25.906 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
18:09:25.921 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 11 July 2011 - 05:36 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • Press Start Scan
    • Only if Malicious objects are found then ensure Cure is selected
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)


NEXT


I see you have run ComboFix, could you please post the log(s)


are you now or have you been helped at another forum very recently?

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 11 July 2011 - 06:04 PM

I could not get TDSSkiller to run. The zip file downloaded and files were extracted but when I double click the program I only get the hourglass for a split second then it goes away.

Combo Fix was sent to me in a link as a recommendation from a friend as a tool that could fix this. I have since seen that you dont recommend using this alone, I was not aware of this at the time. I do not have a shortcut for combo fix on my desktop and dont really even know where to look for any log that was generated by it.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 11 July 2011 - 08:27 PM

Please take a look for the log at c:\combofix.txt


if there is no log then please run it again - here are the instructions


Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 12 July 2011 - 01:22 PM

Ok I downloaded combo fix here is the log:
ComboFix 11-07-12.05 - Owner 07/12/2011 13:33:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.483 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Ijl11.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-12 to 2011-07-12 )))))))))))))))))))))))))))))))
.
.
2011-07-12 14:45 . 2011-06-07 15:55 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BF596DD7-6942-4DE6-BC71-B763B11AA716}\mpengine.dll
2011-07-06 01:59 . 2011-07-06 01:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-06 01:59 . 2011-07-06 01:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-04 01:31 . 2011-07-05 20:07 -------- d-----w- C:\kahdah
2011-07-04 00:01 . 2011-07-04 00:01 302592 ----a-w- C:\4l5v6kci.exe
2011-07-03 18:49 . 2011-07-03 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-07-03 12:50 . 2011-07-03 12:50 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-17 04:04 . 2011-06-17 04:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-06-14 19:23 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 15:55 . 2011-04-15 14:05 7074640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-29 13:11 . 2011-01-22 04:02 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-01-22 04:02 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-02 15:31 . 2007-05-16 15:12 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2007-04-25 14:21 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-05 03:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11 . 2007-04-18 12:31 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2004-08-05 03:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2004-08-05 03:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01 . 2004-08-05 03:00 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2004-08-05 03:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-04_02.18.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-10 20:20 . 2011-07-10 20:20 16384 c:\windows\Temp\Perflib_Perfdata_cc.dat
+ 2011-07-10 20:20 . 2011-07-10 20:20 16384 c:\windows\Temp\Perflib_Perfdata_8ac.dat
+ 2011-07-06 01:59 . 2011-07-06 01:58 157472 c:\windows\system32\javaws.exe
+ 2011-07-06 01:59 . 2011-07-06 01:58 145184 c:\windows\system32\javaw.exe
- 2010-01-27 23:28 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
+ 2011-07-06 01:59 . 2011-07-06 01:58 145184 c:\windows\system32\java.exe
- 2010-01-27 23:28 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2007-08-27 19:47 . 2011-07-07 18:02 200936 c:\windows\system32\FNTCACHE.DAT
+ 2011-07-06 01:58 . 2011-07-06 01:58 675840 c:\windows\Installer\2a440.msi
+ 2010-03-27 01:17 . 2011-07-05 20:07 5218036 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-06-24 247144]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-07 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Preload"="c:\windows\RUNXMLPL.exe" [2007-04-21 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-09 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Bio-Protection fingerprint solution\PdtWzd.exe" [2009-03-20 3805184]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-16 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-06-14 850704]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2009-3-19 45056]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2009-03-20 00:00 2803200 ----a-w- c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\kompozer-0.7.10-win32\\KompoZer 0.7.10\\kompozer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:DCOM
"135:UDP"= 135:UDP:DCOM2
"4878:TCP"= 4878:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [6/24/2010 10:41 AM 92008]
S1 MpKslb8e9b334;MpKslb8e9b334;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A58BA47-6FA7-44CA-8F03-F9F5C3C9206B}\MpKslb8e9b334.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A58BA47-6FA7-44CA-8F03-F9F5C3C9206B}\MpKslb8e9b334.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*NewlyCreated* - MPKSL8D441C50
*Deregistered* - aswMBR
*Deregistered* - awtcraow
*Deregistered* - MpKsl8d441c50
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-06-07 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-6002003-08-20 18:57Y39U3203FK3.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2011-07-12 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2009-05-07 21:23]
.
2011-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 16:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8D3314D6-5914-46C1-9F3D-9F14B6A305F1} - hxxp://www.mytpi.com/mytpi05/eval/ectuploader.cab
.
.
------- File Associations -------
.
.txt=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-12 14:03
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Acer\Bio-Protection fingerprint solution\WinNotify.dll
c:\program files\Acer\Bio-Protection fingerprint solution\CustomRes.dll
c:\windows\system32\ATSC70.DLL
c:\windows\system32\ATSC70PBA.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2011-07-12 14:18:30
ComboFix-quarantined-files.txt 2011-07-12 18:18
ComboFix2.txt 2011-07-04 02:35
.
Pre-Run: 57,488,465,920 bytes free
Post-Run: 57,595,006,976 bytes free
.
- - End Of File - - 34CA5E2E8CB52BF9087C180C1BCD42A1

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 12 July 2011 - 02:34 PM

Please download FixTDSS by Symantec to your desktop and run it > follow the prompts

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe


NEXT



  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan" box on the top of the page:
    • C:\4l5v6kci.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 12 July 2011 - 02:59 PM

After I ran the VirSCAN, my security essentials popped up a message that said it had cleaned my computer. Here is the VirSCAN results:

VirSCAN.org Scanned Report :
Scanned time : 2011/07/12 15:54:10 (EDT)
Scanner results: 3% Scanner(s) (1/37) found malware!
File Name : 4l5v6kci.exe
File Size : 302592 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : b83cd19b824c5112fdccf35ba590af32
SHA1 : e3e6c868b5f905de92a957a5d74e82edff219740
Online report : http://file.virscan.org/report/50de4cd4be31f8a113bd5418be21252f.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 5.1.0.3 20110713020918 2011-07-13 5.94 -
AhnLab V3 2011.07.12.02 2011.07.12 2011-07-12 1.78 -
AntiVir 8.2.6.6 7.11.11.93 2011-07-12 0.32 -
Antiy 2.0.18 20110205.7694535 2011-02-05 0.02 -
Arcavir 2011 201105080215 2011-05-08 0.00 -
Authentium 5.1.1 201107121853 2011-07-12 3.18 -
AVAST! 4.7.4 110712-1 2011-07-12 0.10 -
AVG 8.5.850 271.1.1/3760 2011-07-12 2.05 -
BitDefender 7.90123.8496145 7.38271 2011-07-13 4.24 -
ClamAV 0.96.5 13313 2011-07-12 0.25 -
Comodo 4.0 9362 2011-07-12 1.34 -
CP Secure 1.3.0.5 2011.07.12 2011-07-12 0.19 -
Dr.Web 5.0.2.3300 2011.07.13 2011-07-13 13.84 -
F-Prot 4.4.4.56 20110712 2011-07-12 3.12 -
F-Secure 7.02.73807 2011.07.12.07 2011-07-12 5.16 -
Fortinet 4.2.257 13.427 2011-07-12 0.30 -
GData 22.896/22.220 20110712 2011-07-12 8.37 -
ViRobot 20110712 2011.07.12 2011-07-12 0.34 -
Ikarus T3.1.32.20.0 2011.07.12.78814 2011-07-12 4.93 -
JiangMin 13.0.900 2011.07.11 2011-07-11 1.65 -
Kaspersky 5.5.10 2011.07.12 2011-07-12 0.32 -
KingSoft 2009.2.5.15 2011.7.12.18 2011-07-12 0.80 -
McAfee 5400.1158 6405 2011-07-12 10.05 -
Microsoft 1.7000 2011.07.12 2011-07-12 5.60 -
NOD32 3.0.21 6287 2011-07-12 0.48 -
Norman 6.07.10 6.07.00 2011-07-12 14.02 -
Panda 9.05.01 2011.07.11 2011-07-11 2.14 -
Trend Micro 9.200-1012 8.284.04 2011-07-12 0.12 -
Quick Heal 11.00 2011.07.11 2011-07-11 1.21 -
Rising 20.0 23.66.00.03 2011-07-11 3.15 [Suspicious]
Sophos 3.20.2 4.66 2011-07-13 3.87 -
Sunbelt 3.9.2497.2 9844 2011-07-12 1.34 -
Symantec 1.3.0.24 20110712.002 2011-07-12 0.16 -
nProtect 20110601.01 3460661 2011-06-01 6.55 -
The Hacker 6.7.0.1 v00253 2011-07-12 0.55 -
VBA32 3.12.16.4 20110711.2117 2011-07-11 5.21 -
VirusBuster 5.3.0.4 14.0.121.0/56172152011-07-12 0.00 -

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 12 July 2011 - 06:42 PM

see if TDSSKiller will run now


next


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish



NEXT

Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 12 July 2011 - 06:55 PM

Tdsskiller worked fine with nothing found

During MBAM scan Microsft security essentials popped up a message that it found Trojan:DOS/Alureon.C...Should I have MSE clean computer? MBAM scan just finished and found nothing. I will wait for your reply on this. Thanks

UPDATE: MSE removed this threat automatically, I am now using ESET Online scanner and will post agon when complete.

Edited by ksd1998, 12 July 2011 - 07:12 PM.


#12 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 12 July 2011 - 08:14 PM

Woohoo!! It is good to have my searches back!!

Here are my last two logs..

Is there any cleanup or deletions that need to be made of these programs??

Any recommended updates of software.

Thanks for your help...I will gladly donate to the cause

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7092

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/12/2011 7:54:35 PM
mbam-log-2011-07-12 (19-54-35).txt

Scan type: Quick scan
Objects scanned: 168824
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\12\51076d8c-7733fb2a multiple threats deleted - quarantined
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\16\11721e10-6afe1ba7 multiple threats deleted - quarantined
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\29\6fa8e19d-19272769 multiple threats deleted - quarantined
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-54a8045d Java/TrojanDownloader.Agent.ME trojan cleaned by deleting - quarantined
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\45\1673b0ed-3646d88b a variant of Java/Agent.AR trojan deleted - quarantined

#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 13 July 2011 - 08:56 AM

Hi,

Just some housekeeping to do now,

Please do the following:


Visit ADOBEand download the latest version of Acrobat Reader (version X)
Having the latest updates ensures there are no security vulnerabilities in your system.



NEXT


  • Go to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window. Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
  • Click OK to leave the Temporary Files Window.
  • Click OK to leave the Java Control Panel.



NEXT


You can delete the DDS and aswMBR logs and programs from your desktop.


NEXT


Follow these steps to uninstall Combofix

  • Make sure your security programs are totally disabled.
  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image


NEXT


If there are any logs/tools remaining on your desktop > right click and delete them.


NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    It's normal after running TFC cleaner that the PC will be slower to boot the first time.

  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at this well written article:
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you

Edited by CatByte, 13 July 2011 - 08:57 AM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#14 ksd1998

ksd1998
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 13 July 2011 - 03:08 PM

Thanks for helping. Everything seems to be resolved!

#15 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:24 PM

Posted 13 July 2011 - 06:19 PM

you are welcome

stay safe :hello:

~CB

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users