Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer has a browser hijacker iexplorer


  • This topic is locked This topic is locked
18 replies to this topic

#1 rjunior

rjunior

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 20 October 2011 - 03:36 AM

Hi There,
hopefully someone can help me.

My system was infected 5 days ago, and all my files were 'deleted' and after I ran Malwarebytes, I got them all back... and Malwarebytes said it removed a malware called MyWebsearch and FunWebProducts.

BUT now my internet explorer still opens up in the background and starts playing music, advertisements (all in the background).

Eventually Malwarebytes detects this and stops it and a pop up message says "Malwarebytes stopped iexplorer.exe from going to a malicious site."

I have also ran HiJackThis and Malwarebites and none of them have found this virus either. I currently have music playing in my background and internet explorer is constantly opening and closing by itself. The random music is like ads and music and much more that plays such as commercials and sometimes what sound like live sports or concerts. Also when this happen the internet will run slower and it will sometimes close then open back up by itself and the music is gone.Please some one help me with this issue thanks so much.

I have attached the logs as requested in preparation for placement of logs on this forum.

Also, the GMER log produced no alterations and therefore produced no logs...

I also placed the logs for Hijack This on the attached file.

Thank you!

Attached Files

  • Attached File  Logs.txt   52.91KB   5 downloads


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 24 October 2011 - 10:35 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 27 October 2011 - 01:14 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 rjunior

rjunior
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 27 October 2011 - 04:10 AM

Hi There, thank you for the response.

so all my browsers are begin hijacked.

Whenever I CLICK on a link it takes me to another page.

Also iexplorer sometimes loads by itself in the background and start going to random websites.

Let me know what I need to do.
Thanks
Richard.

#5 rjunior

rjunior
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 27 October 2011 - 05:07 AM

Here are the attached files from the logs
Attached File  DDS.txt   23.2KB   2 downloads

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 27 October 2011 - 07:21 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 30 October 2011 - 02:55 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 rjunior

rjunior
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 01 November 2011 - 02:00 AM

Hi guys, thank you for doing this for me.

# Log from Combofix - attached

# let me know of any problems you may have had

- no problems, except that iexplorer.exe kept starting in the background (as it usually does because of this bug) and I had to keep on shutting it down by starting task manager and manually stopping the iexplorer.exe process.

# How is the computer doing now?

- browsers still being hijacked, iexplorer still lauching in the background and trying to initiate online processes.

Thanks again
Richard.

Attached Files



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 01 November 2011 - 02:27 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 04 November 2011 - 05:20 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 rjunior

rjunior
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 06 November 2011 - 03:32 PM

Hi guys,

I ran the scan but it said nothing found.

Attached is the log.

Browsers continue to be highjacked. Now Firefox has stopped browsing completetly. It takes forever just to complete one website.
I am using Chrome in the meantime.

Internet Explorer does not diplay images any longer...

=( losing hope.

Thanks for your efforts!
Richard.

#12 rjunior

rjunior
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 06 November 2011 - 03:47 PM

Browser will no longer upload file to forum.

I am pasting log here (sorry):

12:21:14.0147 2904 TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
12:21:14.0612 2904 ============================================================
12:21:14.0612 2904 Current date / time: 2011/11/06 12:21:14.0612
12:21:14.0612 2904 SystemInfo:
12:21:14.0612 2904
12:21:14.0612 2904 OS Version: 6.0.6001 ServicePack: 1.0
12:21:14.0612 2904 Product type: Workstation
12:21:14.0612 2904 ComputerName: FRANCIE-PC
12:21:14.0613 2904 UserName: Richard
12:21:14.0613 2904 Windows directory: C:\Windows
12:21:14.0613 2904 System windows directory: C:\Windows
12:21:14.0613 2904 Running under WOW64
12:21:14.0613 2904 Processor architecture: Intel x64
12:21:14.0613 2904 Number of processors: 2
12:21:14.0613 2904 Page size: 0x1000
12:21:14.0613 2904 Boot type: Normal boot
12:21:14.0613 2904 ============================================================
12:21:16.0452 2904 Initialize success
12:21:18.0983 4852 ============================================================
12:21:18.0983 4852 Scan started
12:21:18.0984 4852 Mode: Manual;
12:21:18.0984 4852 ============================================================
12:21:21.0282 4852 ACPI (af3a1aa81f875169dd9e55b1320057d6) C:\Windows\system32\drivers\acpi.sys
12:21:21.0298 4852 ACPI - ok
12:21:21.0485 4852 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
12:21:21.0501 4852 adp94xx - ok
12:21:21.0657 4852 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
12:21:21.0672 4852 adpahci - ok
12:21:21.0797 4852 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
12:21:21.0813 4852 adpu160m - ok
12:21:21.0920 4852 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
12:21:21.0924 4852 adpu320 - ok
12:21:22.0251 4852 AFD (9bb97042fa331a0fb4bdd98b9280a50a) C:\Windows\system32\drivers\afd.sys
12:21:22.0259 4852 AFD - ok
12:21:22.0408 4852 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
12:21:22.0410 4852 agp440 - ok
12:21:22.0551 4852 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
12:21:22.0554 4852 aic78xx - ok
12:21:22.0739 4852 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
12:21:22.0741 4852 aliide - ok
12:21:22.0880 4852 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
12:21:22.0880 4852 amdide - ok
12:21:23.0004 4852 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
12:21:23.0004 4852 AmdK8 - ok
12:21:23.0207 4852 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
12:21:23.0207 4852 arc - ok
12:21:23.0395 4852 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
12:21:23.0395 4852 arcsas - ok
12:21:23.0541 4852 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
12:21:23.0543 4852 AsyncMac - ok
12:21:23.0697 4852 atapi (f988bb0690cd660318037908e9b8dbf7) C:\Windows\system32\drivers\atapi.sys
12:21:23.0698 4852 atapi - ok
12:21:23.0905 4852 BCM42RLY (a7c9995ba861fce78b2ceaae61d39fd7) C:\Windows\system32\drivers\BCM42RLY.sys
12:21:23.0906 4852 BCM42RLY - ok
12:21:24.0144 4852 BCM43XX (912012b708a7d8e8ce2ee55afb663dff) C:\Windows\system32\DRIVERS\bcmwl664.sys
12:21:24.0162 4852 BCM43XX - ok
12:21:24.0304 4852 Beep - ok
12:21:24.0507 4852 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
12:21:24.0511 4852 blbdrive - ok
12:21:24.0654 4852 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
12:21:24.0656 4852 bowser - ok
12:21:24.0809 4852 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
12:21:24.0810 4852 BrFiltLo - ok
12:21:24.0931 4852 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
12:21:24.0933 4852 BrFiltUp - ok
12:21:25.0127 4852 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
12:21:25.0130 4852 Brserid - ok
12:21:25.0263 4852 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
12:21:25.0265 4852 BrSerWdm - ok
12:21:25.0386 4852 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
12:21:25.0388 4852 BrUsbMdm - ok
12:21:25.0553 4852 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
12:21:25.0555 4852 BrUsbSer - ok
12:21:25.0688 4852 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
12:21:25.0690 4852 BTHMODEM - ok
12:21:25.0877 4852 catchme - ok
12:21:26.0035 4852 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
12:21:26.0037 4852 cdfs - ok
12:21:26.0415 4852 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
12:21:26.0424 4852 cdrom - ok
12:21:26.0575 4852 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
12:21:26.0577 4852 circlass - ok
12:21:26.0794 4852 CLFS (c12c4ee07843b595036da0baa6317936) C:\Windows\system32\CLFS.sys
12:21:26.0801 4852 CLFS - ok
12:21:27.0091 4852 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
12:21:27.0092 4852 CmBatt - ok
12:21:27.0278 4852 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
12:21:27.0279 4852 cmdide - ok
12:21:27.0466 4852 Compbatt (34a6aa82aa36c87fc8816f2097efa345) C:\Windows\system32\DRIVERS\compbatt.sys
12:21:27.0466 4852 Compbatt - ok
12:21:27.0626 4852 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
12:21:27.0627 4852 crcdisk - ok
12:21:27.0877 4852 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
12:21:27.0880 4852 CtClsFlt - ok
12:21:28.0205 4852 DfsC (3725c43c9e90731eca651d506cc599a3) C:\Windows\system32\Drivers\dfsc.sys
12:21:28.0207 4852 DfsC - ok
12:21:28.0498 4852 DgiVecp (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
12:21:28.0499 4852 DgiVecp - ok
12:21:28.0651 4852 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
12:21:28.0652 4852 disk - ok
12:21:29.0020 4852 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
12:21:29.0024 4852 Dot4 - ok
12:21:29.0176 4852 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
12:21:29.0178 4852 Dot4Print - ok
12:21:29.0328 4852 Dot4Scan (8b73ca3010d7c5c5cb939686c637e5d1) C:\Windows\system32\DRIVERS\Dot4Scan.sys
12:21:29.0329 4852 Dot4Scan - ok
12:21:29.0504 4852 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
12:21:29.0506 4852 dot4usb - ok
12:21:29.0790 4852 drmkaud (97dc2a789c1be458976507846a1a8ced) C:\Windows\system32\drivers\drmkaud.sys
12:21:29.0791 4852 drmkaud - ok
12:21:30.0032 4852 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
12:21:30.0049 4852 DXGKrnl - ok
12:21:30.0422 4852 e1express (17d40652ef3e55eeae187a89df40965a) C:\Windows\system32\DRIVERS\e1e6032e.sys
12:21:30.0589 4852 e1express - ok
12:21:30.0767 4852 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
12:21:30.0771 4852 E1G60 - ok
12:21:31.0213 4852 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
12:21:31.0216 4852 Ecache - ok
12:21:31.0358 4852 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
12:21:31.0366 4852 elxstor - ok
12:21:31.0798 4852 ErrDev (991fab6aa066e1214efb5b496fb7959a) C:\Windows\system32\drivers\errdev.sys
12:21:31.0799 4852 ErrDev - ok
12:21:32.0107 4852 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
12:21:32.0112 4852 exfat - ok
12:21:32.0321 4852 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
12:21:32.0326 4852 fastfat - ok
12:21:32.0561 4852 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
12:21:32.0563 4852 fdc - ok
12:21:32.0821 4852 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
12:21:32.0823 4852 FileInfo - ok
12:21:32.0976 4852 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
12:21:32.0978 4852 Filetrace - ok
12:21:33.0210 4852 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
12:21:33.0212 4852 flpydisk - ok
12:21:33.0461 4852 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
12:21:33.0467 4852 FltMgr - ok
12:21:33.0618 4852 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
12:21:33.0619 4852 Fs_Rec - ok
12:21:33.0793 4852 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
12:21:33.0796 4852 gagp30kx - ok
12:21:34.0631 4852 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:21:34.0632 4852 GEARAspiWDM - ok
12:21:35.0054 4852 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
12:21:35.0055 4852 HDAudBus - ok
12:21:35.0376 4852 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
12:21:35.0378 4852 HidBth - ok
12:21:35.0568 4852 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
12:21:35.0569 4852 HidIr - ok
12:21:35.0777 4852 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
12:21:35.0778 4852 HidUsb - ok
12:21:35.0993 4852 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
12:21:35.0995 4852 HpCISSs - ok
12:21:36.0230 4852 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
12:21:36.0275 4852 HTTP - ok
12:21:36.0427 4852 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
12:21:36.0429 4852 i2omp - ok
12:21:37.0180 4852 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
12:21:37.0198 4852 i8042prt - ok
12:21:37.0554 4852 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
12:21:37.0587 4852 iaStorV - ok
12:21:38.0249 4852 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
12:21:38.0505 4852 igfx - ok
12:21:38.0613 4852 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
12:21:38.0615 4852 iirsp - ok
12:21:38.0731 4852 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys
12:21:38.0734 4852 IntcHdmiAddService - ok
12:21:38.0858 4852 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
12:21:38.0860 4852 intelide - ok
12:21:38.0972 4852 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
12:21:38.0973 4852 intelppm - ok
12:21:39.0095 4852 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:21:39.0100 4852 IpFilterDriver - ok
12:21:39.0192 4852 IpInIp - ok
12:21:39.0319 4852 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
12:21:39.0326 4852 IPMIDRV - ok
12:21:39.0431 4852 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
12:21:39.0434 4852 IPNAT - ok
12:21:39.0566 4852 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
12:21:39.0568 4852 IRENUM - ok
12:21:39.0780 4852 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
12:21:39.0782 4852 isapnp - ok
12:21:39.0903 4852 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
12:21:39.0906 4852 iScsiPrt - ok
12:21:40.0003 4852 iteatapi (63c766cdc609ff8206cb447a65abba4a) C%

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 07 November 2011 - 12:56 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 rjunior

rjunior
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:54 PM

Posted 07 November 2011 - 03:24 AM

when I tried running the aswMBR.exe my windows crashes and all I see is the blue screen of death.
I tried even on safe mode and the same happened.
I also downloaded aswMBR.exe from other sources and the same thing keeps happening...

Thank you.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:54 PM

Posted 07 November 2011 - 07:13 PM

Fix MBR Vista

1.Start your computer from the Windows Vista Installation DVD
2.Press a key when prompted to continue
3.Choose your language, time, keyboard and click Next:
4.Next, click "Repair your Computer":
5.Now, from the System Recovery Options dialog, select the "Operating System" you want to repair, then click Next:
6.From the "Choose a Recovery Tool" dialog menu, select "Command Prompt":
7.Type the following into the "Command Prompt Window": and press enter after each line
bootrec.exe /fixmbr

[/list]
If you have problems booting the computer after you have run that command boot back into the System Recovery Environment and Type the following into the "Command Prompt Window": and press enter

bootrec.exe /fixboot

[/list]8.Remove the Vista Installation DVD and restart your PC.
[/list]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users