Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine redirect virus


  • This topic is locked This topic is locked
48 replies to this topic

#1 wpeppers

wpeppers

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 18 December 2011 - 01:37 PM

Hello everyone,

I have developed a search engine redirect.

I have ran several programs to detect this and none have been sucessfull.

1. Avast
2. Malwarebytes
3. Super Antispyware
4. Hitman Pro
5. Esas
6. TDSKiller (it wouldn't run on my system for some reason) never would open, I double clicked and got an hourglass for about 10 seconds and that's where that ended.

Also I have reset my IE to factory default,have checked the windows/system32/drivers/etc/host folder and it looked as all the examples I saw.

I'm kinda at a deadend here and need some advice on what should my next step should be.

Thanks

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 18 December 2011 - 06:31 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 18 December 2011 - 09:05 PM

I am trying to run the dds from link 1 and it returned a bunch of garbage in a notepad form, I will try 2 and see what results i get.

Also, I failed to mention that I had several critical shut downs a few weeks ago, i rolled it back to an earlier date and it seemed to be fine after that.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 18 December 2011 - 09:18 PM

link 2 or 3 should work fine for you


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 18 December 2011 - 10:05 PM

i have tried link 2 twice now and it locks up after about 15 mins, I will try 3 and see what I get.

Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 18 December 2011 - 11:00 PM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 December 2011 - 12:17 PM

Thank you I will run as advised and report back.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 19 December 2011 - 02:56 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 December 2011 - 08:01 PM

Ran TDDS Fix
1 Infected MBS
Ran fix

Ran TDSSKiller
No threats
Report follows

18:52:23.0406 6028 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
18:52:24.0312 6028 ============================================================
18:52:24.0312 6028 Current date / time: 2011/12/19 18:52:24.0312
18:52:24.0312 6028 SystemInfo:
18:52:24.0312 6028
18:52:24.0312 6028 OS Version: 5.1.2600 ServicePack: 3.0
18:52:24.0312 6028 Product type: Workstation
18:52:24.0312 6028 ComputerName: MSP-WXP-LT-024
18:52:24.0312 6028 UserName: WEP0901
18:52:24.0312 6028 Windows directory: C:\WINDOWS
18:52:24.0312 6028 System windows directory: C:\WINDOWS
18:52:24.0312 6028 Processor architecture: Intel x86
18:52:24.0312 6028 Number of processors: 2
18:52:24.0312 6028 Page size: 0x1000
18:52:24.0312 6028 Boot type: Normal boot
18:52:24.0328 6028 ============================================================
18:52:25.0843 6028 Initialize success
18:55:59.0828 4592 ============================================================
18:55:59.0828 4592 Scan started
18:55:59.0828 4592 Mode: Manual;
18:55:59.0828 4592 ============================================================
18:56:00.0406 4592 a320raid - ok
18:56:00.0421 4592 Aavmker4 - ok
18:56:00.0421 4592 Abiosdsk - ok
18:56:00.0421 4592 abp480n5 - ok
18:56:00.0421 4592 ACPI - ok
18:56:00.0437 4592 ACPIEC - ok
18:56:00.0437 4592 acsint - ok
18:56:00.0437 4592 acsmux - ok
18:56:00.0453 4592 ADIHdAudAddService - ok
18:56:00.0453 4592 adpu160m - ok
18:56:00.0453 4592 aec - ok
18:56:00.0453 4592 AegisP - ok
18:56:00.0453 4592 AFD - ok
18:56:00.0468 4592 Aha154x - ok
18:56:00.0468 4592 aic78u2 - ok
18:56:00.0468 4592 aic78xx - ok
18:56:00.0484 4592 AliIde - ok
18:56:00.0484 4592 amsint - ok
18:56:00.0484 4592 ApfiltrService - ok
18:56:00.0500 4592 Arp1394 - ok
18:56:00.0500 4592 asc - ok
18:56:00.0500 4592 asc3350p - ok
18:56:00.0500 4592 asc3550 - ok
18:56:00.0515 4592 aswFsBlk - ok
18:56:00.0515 4592 aswMon2 - ok
18:56:00.0531 4592 aswRdr - ok
18:56:00.0531 4592 aswSnx - ok
18:56:00.0531 4592 aswSP - ok
18:56:00.0531 4592 aswTdi - ok
18:56:00.0531 4592 AsyncMac - ok
18:56:00.0546 4592 atapi - ok
18:56:00.0546 4592 Atdisk - ok
18:56:00.0546 4592 Atmarpc - ok
18:56:00.0562 4592 audstub - ok
18:56:00.0562 4592 b57w2k - ok
18:56:00.0562 4592 Beep - ok
18:56:00.0578 4592 cbidf2k - ok
18:56:00.0578 4592 CCDECODE - ok
18:56:00.0593 4592 cd20xrnt - ok
18:56:00.0593 4592 Cdaudio - ok
18:56:00.0593 4592 Cdfs - ok
18:56:00.0593 4592 Cdrom - ok
18:56:00.0609 4592 Changer - ok
18:56:00.0609 4592 CmBatt - ok
18:56:00.0609 4592 CmdIde - ok
18:56:00.0625 4592 Compbatt - ok
18:56:00.0625 4592 Cpqarray - ok
18:56:00.0640 4592 CVirtA - ok
18:56:00.0640 4592 CVPNDRVA - ok
18:56:00.0640 4592 dac2w2k - ok
18:56:00.0656 4592 dac960nt - ok
18:56:00.0656 4592 Disk - ok
18:56:00.0671 4592 dmboot - ok
18:56:00.0671 4592 dmio - ok
18:56:00.0671 4592 dmload - ok
18:56:00.0671 4592 DMusic - ok
18:56:00.0687 4592 DNE - ok
18:56:00.0687 4592 dpti2o - ok
18:56:00.0687 4592 drmkaud - ok
18:56:00.0703 4592 Fastfat - ok
18:56:00.0703 4592 Fdc - ok
18:56:00.0718 4592 Fips - ok
18:56:00.0718 4592 Flpydisk - ok
18:56:00.0718 4592 FltMgr - ok
18:56:00.0734 4592 Fs_Rec - ok
18:56:00.0734 4592 Ftdisk - ok
18:56:00.0734 4592 GEARAspiWDM - ok
18:56:00.0734 4592 Gpc - ok
18:56:00.0750 4592 GTIPCI21 - ok
18:56:00.0750 4592 guardian2 - ok
18:56:00.0750 4592 HDAudBus - ok
18:56:00.0765 4592 hidusb - ok
18:56:00.0765 4592 hpn - ok
18:56:00.0781 4592 HSFHWAZL - ok
18:56:00.0781 4592 HSFHWICH - ok
18:56:00.0781 4592 HSF_DPV - ok
18:56:00.0796 4592 HTTP - ok
18:56:00.0796 4592 i2omgmt - ok
18:56:00.0796 4592 i2omp - ok
18:56:00.0796 4592 i8042prt - ok
18:56:00.0812 4592 ialm - ok
18:56:00.0812 4592 iaStor - ok
18:56:00.0812 4592 Imapi - ok
18:56:00.0828 4592 ini910u - ok
18:56:00.0828 4592 IntelIde - ok
18:56:00.0828 4592 intelppm - ok
18:56:00.0843 4592 Ip6Fw - ok
18:56:00.0843 4592 iPassP - ok
18:56:00.0843 4592 IpFilterDriver - ok
18:56:00.0859 4592 IpInIp - ok
18:56:00.0859 4592 IpNat - ok
18:56:00.0859 4592 IPSec - ok
18:56:00.0875 4592 IRENUM - ok
18:56:00.0875 4592 isapnp - ok
18:56:00.0875 4592 Kbdclass - ok
18:56:00.0890 4592 kbdhid - ok
18:56:00.0890 4592 kmixer - ok
18:56:00.0890 4592 KSecDD - ok
18:56:00.0906 4592 lbrtfdc - ok
18:56:00.0921 4592 LMIInfo - ok
18:56:00.0921 4592 lmimirr - ok
18:56:00.0921 4592 LMIRfsClientNP - ok
18:56:00.0921 4592 LMIRfsDriver - ok
18:56:00.0937 4592 LVPr2Mon - ok
18:56:00.0953 4592 LVRS - ok
18:56:00.0953 4592 LVUVC - ok
18:56:00.0968 4592 mdmxsdk - ok
18:56:00.0984 4592 mfeapfk - ok
18:56:00.0984 4592 mfeavfk - ok
18:56:00.0984 4592 mfebopk - ok
18:56:00.0984 4592 mfehidk - ok
18:56:01.0000 4592 mferkdet - ok
18:56:01.0000 4592 mferkdk - ok
18:56:01.0000 4592 mfetdik - ok
18:56:01.0015 4592 mnmdd - ok
18:56:01.0015 4592 Modem - ok
18:56:01.0015 4592 Mouclass - ok
18:56:01.0031 4592 mouhid - ok
18:56:01.0031 4592 MountMgr - ok
18:56:01.0031 4592 mraid35x - ok
18:56:01.0046 4592 MRxDAV - ok
18:56:01.0046 4592 MRxSmb - ok
18:56:01.0046 4592 Msfs - ok
18:56:01.0062 4592 MSKSSRV - ok
18:56:01.0062 4592 MSPCLOCK - ok
18:56:01.0078 4592 MSPQM - ok
18:56:01.0078 4592 mssmbios - ok
18:56:01.0078 4592 MSTEE - ok
18:56:01.0078 4592 Mup - ok
18:56:01.0093 4592 NABTSFEC - ok
18:56:01.0093 4592 NDIS - ok
18:56:01.0109 4592 NdisIP - ok
18:56:01.0109 4592 NdisTapi - ok
18:56:01.0109 4592 Ndisuio - ok
18:56:01.0109 4592 NdisWan - ok
18:56:01.0125 4592 NDProxy - ok
18:56:01.0125 4592 NetBIOS - ok
18:56:01.0140 4592 NetBT - ok
18:56:01.0156 4592 NETw4x32 - ok
18:56:01.0156 4592 NIC1394 - ok
18:56:01.0171 4592 nm - ok
18:56:01.0171 4592 NPF - ok
18:56:01.0187 4592 Npfs - ok
18:56:01.0187 4592 Ntfs - ok
18:56:01.0203 4592 Null - ok
18:56:01.0203 4592 NwlnkFlt - ok
18:56:01.0203 4592 NwlnkFwd - ok
18:56:01.0203 4592 ohci1394 - ok
18:56:01.0218 4592 Parport - ok
18:56:01.0218 4592 PartMgr - ok
18:56:01.0234 4592 ParVdm - ok
18:56:01.0234 4592 PCI - ok
18:56:01.0234 4592 PCIDump - ok
18:56:01.0250 4592 PCIIde - ok
18:56:01.0250 4592 Pcmcia - ok
18:56:01.0250 4592 PCTINDIS5 - ok
18:56:01.0265 4592 PDCOMP - ok
18:56:01.0265 4592 PDFRAME - ok
18:56:01.0265 4592 PDRELI - ok
18:56:01.0281 4592 PDRFRAME - ok
18:56:01.0281 4592 perc2 - ok
18:56:01.0281 4592 perc2hib - ok
18:56:01.0312 4592 PptpMiniport - ok
18:56:01.0312 4592 prepdrvr - ok
18:56:01.0328 4592 PSched - ok
18:56:01.0328 4592 Ptilink - ok
18:56:01.0343 4592 PxHelp20 - ok
18:56:01.0343 4592 ql1080 - ok
18:56:01.0343 4592 Ql10wnt - ok
18:56:01.0359 4592 ql12160 - ok
18:56:01.0359 4592 ql1240 - ok
18:56:01.0359 4592 ql1280 - ok
18:56:01.0375 4592 RasAcd - ok
18:56:01.0375 4592 Rasirda - ok
18:56:01.0375 4592 Rasl2tp - ok
18:56:01.0390 4592 RasPppoe - ok
18:56:01.0390 4592 Raspti - ok
18:56:01.0406 4592 Rdbss - ok
18:56:01.0406 4592 RDPCDD - ok
18:56:01.0421 4592 rdpdr - ok
18:56:01.0421 4592 RDPWD - ok
18:56:01.0437 4592 redbook - ok
18:56:01.0453 4592 RemoveAny - ok
18:56:01.0453 4592 rimmptsk - ok
18:56:01.0453 4592 rimsptsk - ok
18:56:01.0468 4592 RimUsb - ok
18:56:01.0468 4592 RimVSerPort - ok
18:56:01.0468 4592 rismxdp - ok
18:56:01.0484 4592 ROOTMODEM - ok
18:56:01.0500 4592 s24trans - ok
18:56:01.0515 4592 SABProcEnum - ok
18:56:01.0515 4592 SASDIFSV - ok
18:56:01.0531 4592 SASKUTIL - ok
18:56:01.0546 4592 sdbus - ok
18:56:01.0546 4592 Secdrv - ok
18:56:01.0562 4592 SenFiltService - ok
18:56:01.0562 4592 Sentinel - ok
18:56:01.0578 4592 Ser2pl - ok
18:56:01.0578 4592 Serenum - ok
18:56:01.0578 4592 Serial - ok
18:56:01.0593 4592 Sfloppy - ok
18:56:01.0609 4592 Simbad - ok
18:56:01.0625 4592 SLIP - ok
18:56:01.0625 4592 SMCIRDA - ok
18:56:01.0625 4592 smsmdd - ok
18:56:01.0656 4592 SNTNLUSB - ok
18:56:01.0656 4592 Sparrow - ok
18:56:01.0656 4592 splitter - ok
18:56:01.0671 4592 sr - ok
18:56:01.0687 4592 Srv - ok
18:56:01.0687 4592 STAC97 - ok
18:56:01.0703 4592 STHDA - ok
18:56:01.0703 4592 StillCam - ok
18:56:01.0718 4592 streamip - ok
18:56:01.0718 4592 swenum - ok
18:56:01.0734 4592 swmidi - ok
18:56:01.0734 4592 SWNC8U12 - ok
18:56:01.0750 4592 swumx12 - ok
18:56:01.0750 4592 symc810 - ok
18:56:01.0765 4592 symc8xx - ok
18:56:01.0765 4592 Symmpi - ok
18:56:01.0765 4592 sym_hi - ok
18:56:01.0781 4592 sym_u3 - ok
18:56:01.0781 4592 sysaudio - ok
18:56:01.0796 4592 Tcpip - ok
18:56:01.0812 4592 TDPIPE - ok
18:56:01.0812 4592 TDTCP - ok
18:56:01.0812 4592 TermDD - ok
18:56:01.0828 4592 TosIde - ok
18:56:01.0843 4592 tosrfbd - ok
18:56:01.0843 4592 Tosrfhid - ok
18:56:01.0859 4592 tosrfusb - ok
18:56:01.0875 4592 Udfs - ok
18:56:01.0875 4592 ultra - ok
18:56:01.0875 4592 Update - ok
18:56:01.0890 4592 USBAAPL - ok
18:56:01.0906 4592 usbaudio - ok
18:56:01.0906 4592 usbccgp - ok
18:56:01.0921 4592 usbehci - ok
18:56:01.0921 4592 usbhub - ok
18:56:01.0921 4592 Usblink - ok
18:56:01.0937 4592 usbprint - ok
18:56:01.0937 4592 usbscan - ok
18:56:01.0953 4592 USBSTOR - ok
18:56:01.0953 4592 usbuhci - ok
18:56:01.0968 4592 usbvideo - ok
18:56:01.0968 4592 VgaSave - ok
18:56:01.0968 4592 ViaIde - ok
18:56:01.0984 4592 VolSnap - ok
18:56:01.0984 4592 vpnva - ok
18:56:02.0000 4592 vsbus - ok
18:56:02.0000 4592 vsdatant - ok
18:56:02.0015 4592 vserial - ok
18:56:02.0015 4592 w29n51 - ok
18:56:02.0046 4592 Wanarp - ok
18:56:02.0046 4592 WDICA - ok
18:56:02.0062 4592 wdmaud - ok
18:56:02.0062 4592 winachsf - ok
18:56:02.0125 4592 WmiAcpi - ok
18:56:02.0140 4592 WpdUsb - ok
18:56:02.0140 4592 WS2IFSL - ok
18:56:02.0156 4592 WSTCODEC - ok
18:56:02.0171 4592 WudfPf - ok
18:56:02.0171 4592 WudfRd - ok
18:56:02.0265 4592 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:56:02.0281 4592 \Device\Harddisk0\DR0 - ok
18:56:02.0281 4592 Boot (0x1200) (fdd57dd9957beab8edbac115955c9be0) \Device\Harddisk0\DR0\Partition0
18:56:02.0281 4592 \Device\Harddisk0\DR0\Partition0 - ok
18:56:02.0281 4592 ============================================================
18:56:02.0281 4592 Scan finished
18:56:02.0281 4592 ============================================================
18:56:02.0296 4620 Detected object count: 0
18:56:02.0296 4620 Actual detected object count: 0
18:56:38.0609 4544 ============================================================
18:56:38.0609 4544 Scan started
18:56:38.0609 4544 Mode: Manual; SigCheck; TDLFS;
18:56:38.0609 4544 ============================================================
18:56:38.0937 4544 a320raid - ok
18:56:38.0937 4544 Aavmker4 - ok
18:56:38.0953 4544 Abiosdsk - ok
18:56:38.0953 4544 abp480n5 - ok
18:56:38.0953 4544 ACPI - ok
18:56:38.0953 4544 ACPIEC - ok
18:56:38.0968 4544 acsint - ok
18:56:38.0968 4544 acsmux - ok
18:56:38.0968 4544 ADIHdAudAddService - ok
18:56:38.0968 4544 adpu160m - ok
18:56:38.0984 4544 aec - ok
18:56:38.0984 4544 AegisP - ok
18:56:38.0984 4544 AFD - ok
18:56:38.0984 4544 Aha154x - ok
18:56:39.0000 4544 aic78u2 - ok
18:56:39.0000 4544 aic78xx - ok
18:56:39.0000 4544 AliIde - ok
18:56:39.0015 4544 amsint - ok
18:56:39.0015 4544 ApfiltrService - ok
18:56:39.0015 4544 Arp1394 - ok
18:56:39.0015 4544 asc - ok
18:56:39.0031 4544 asc3350p - ok
18:56:39.0031 4544 asc3550 - ok
18:56:39.0046 4544 aswFsBlk - ok
18:56:39.0046 4544 aswMon2 - ok
18:56:39.0046 4544 aswRdr - ok
18:56:39.0062 4544 aswSnx - ok
18:56:39.0062 4544 aswSP - ok
18:56:39.0062 4544 aswTdi - ok
18:56:39.0078 4544 AsyncMac - ok
18:56:39.0078 4544 atapi - ok
18:56:39.0093 4544 Atdisk - ok
18:56:39.0093 4544 Atmarpc - ok
18:56:39.0109 4544 audstub - ok
18:56:39.0109 4544 b57w2k - ok
18:56:39.0125 4544 Beep - ok
18:56:39.0140 4544 cbidf2k - ok
18:56:39.0140 4544 CCDECODE - ok
18:56:39.0156 4544 cd20xrnt - ok
18:56:39.0171 4544 Cdaudio - ok
18:56:39.0171 4544 Cdfs - ok
18:56:39.0187 4544 Cdrom - ok
18:56:39.0187 4544 Changer - ok
18:56:39.0203 4544 CmBatt - ok
18:56:39.0203 4544 CmdIde - ok
18:56:39.0218 4544 Compbatt - ok
18:56:39.0234 4544 Cpqarray - ok
18:56:39.0234 4544 CVirtA - ok
18:56:39.0250 4544 CVPNDRVA - ok
18:56:39.0250 4544 dac2w2k - ok
18:56:39.0265 4544 dac960nt - ok
18:56:39.0265 4544 Disk - ok
18:56:39.0281 4544 dmboot - ok
18:56:39.0281 4544 dmio - ok
18:56:39.0281 4544 dmload - ok
18:56:39.0296 4544 DMusic - ok
18:56:39.0296 4544 DNE - ok
18:56:39.0312 4544 dpti2o - ok
18:56:39.0312 4544 drmkaud - ok
18:56:39.0343 4544 Fastfat - ok
18:56:39.0343 4544 Fdc - ok
18:56:39.0343 4544 Fips - ok
18:56:39.0359 4544 Flpydisk - ok
18:56:39.0359 4544 FltMgr - ok
18:56:39.0375 4544 Fs_Rec - ok
18:56:39.0375 4544 Ftdisk - ok
18:56:39.0390 4544 GEARAspiWDM - ok
18:56:39.0390 4544 Gpc - ok
18:56:39.0390 4544 GTIPCI21 - ok
18:56:39.0406 4544 guardian2 - ok
18:56:39.0406 4544 HDAudBus - ok
18:56:39.0421 4544 hidusb - ok
18:56:39.0437 4544 hpn - ok
18:56:39.0437 4544 HSFHWAZL - ok
18:56:39.0453 4544 HSFHWICH - ok
18:56:39.0453 4544 HSF_DPV - ok
18:56:39.0453 4544 HTTP - ok
18:56:39.0468 4544 i2omgmt - ok
18:56:39.0468 4544 i2omp - ok
18:56:39.0484 4544 i8042prt - ok
18:56:39.0484 4544 ialm - ok
18:56:39.0484 4544 iaStor - ok
18:56:39.0500 4544 Imapi - ok
18:56:39.0500 4544 ini910u - ok
18:56:39.0515 4544 IntelIde - ok
18:56:39.0515 4544 intelppm - ok
18:56:39.0531 4544 Ip6Fw - ok
18:56:39.0531 4544 iPassP - ok
18:56:39.0546 4544 IpFilterDriver - ok
18:56:39.0546 4544 IpInIp - ok
18:56:39.0562 4544 IpNat - ok
18:56:39.0562 4544 IPSec - ok
18:56:39.0578 4544 IRENUM - ok
18:56:39.0578 4544 isapnp - ok
18:56:39.0578 4544 Kbdclass - ok
18:56:39.0593 4544 kbdhid - ok
18:56:39.0593 4544 kmixer - ok
18:56:39.0593 4544 KSecDD - ok
18:56:39.0609 4544 lbrtfdc - ok
18:56:39.0625 4544 LMIInfo - ok
18:56:39.0625 4544 lmimirr - ok
18:56:39.0625 4544 LMIRfsClientNP - ok
18:56:39.0640 4544 LMIRfsDriver - ok
18:56:39.0656 4544 LVPr2Mon - ok
18:56:39.0656 4544 LVRS - ok
18:56:39.0656 4544 LVUVC - ok
18:56:39.0671 4544 mdmxsdk - ok
18:56:39.0687 4544 mfeapfk - ok
18:56:39.0687 4544 mfeavfk - ok
18:56:39.0687 4544 mfebopk - ok
18:56:39.0703 4544 mfehidk - ok
18:56:39.0703 4544 mferkdet - ok
18:56:39.0703 4544 mferkdk - ok
18:56:39.0703 4544 mfetdik - ok
18:56:39.0718 4544 mnmdd - ok
18:56:39.0718 4544 Modem - ok
18:56:39.0734 4544 Mouclass - ok
18:56:39.0734 4544 mouhid - ok
18:56:39.0734 4544 MountMgr - ok
18:56:39.0734 4544 mraid35x - ok
18:56:39.0750 4544 MRxDAV - ok
18:56:39.0750 4544 MRxSmb - ok
18:56:39.0765 4544 Msfs - ok
18:56:39.0765 4544 MSKSSRV - ok
18:56:39.0765 4544 MSPCLOCK - ok
18:56:39.0781 4544 MSPQM - ok
18:56:39.0781 4544 mssmbios - ok
18:56:39.0781 4544 MSTEE - ok
18:56:39.0796 4544 Mup - ok
18:56:39.0796 4544 NABTSFEC - ok
18:56:39.0796 4544 NDIS - ok
18:56:39.0812 4544 NdisIP - ok
18:56:39.0812 4544 NdisTapi - ok
18:56:39.0812 4544 Ndisuio - ok
18:56:39.0828 4544 NdisWan - ok
18:56:39.0828 4544 NDProxy - ok
18:56:39.0828 4544 NetBIOS - ok
18:56:39.0843 4544 NetBT - ok
18:56:39.0859 4544 NETw4x32 - ok
18:56:39.0859 4544 NIC1394 - ok
18:56:39.0875 4544 nm - ok
18:56:39.0875 4544 NPF - ok
18:56:39.0890 4544 Npfs - ok
18:56:39.0890 4544 Ntfs - ok
18:56:39.0906 4544 Null - ok
18:56:39.0906 4544 NwlnkFlt - ok
18:56:39.0906 4544 NwlnkFwd - ok
18:56:39.0921 4544 ohci1394 - ok
18:56:39.0921 4544 Parport - ok
18:56:39.0937 4544 PartMgr - ok
18:56:39.0937 4544 ParVdm - ok
18:56:39.0937 4544 PCI - ok
18:56:39.0953 4544 PCIDump - ok
18:56:39.0953 4544 PCIIde - ok
18:56:39.0953 4544 Pcmcia - ok
18:56:39.0953 4544 PCTINDIS5 - ok
18:56:39.0968 4544 PDCOMP - ok
18:56:39.0968 4544 PDFRAME - ok
18:56:39.0968 4544 PDRELI - ok
18:56:39.0984 4544 PDRFRAME - ok
18:56:39.0984 4544 perc2 - ok
18:56:39.0984 4544 perc2hib - ok
18:56:40.0015 4544 PptpMiniport - ok
18:56:40.0015 4544 prepdrvr - ok
18:56:40.0031 4544 PSched - ok
18:56:40.0031 4544 Ptilink - ok
18:56:40.0046 4544 PxHelp20 - ok
18:56:40.0046 4544 ql1080 - ok
18:56:40.0046 4544 Ql10wnt - ok
18:56:40.0062 4544 ql12160 - ok
18:56:40.0062 4544 ql1240 - ok
18:56:40.0062 4544 ql1280 - ok
18:56:40.0078 4544 RasAcd - ok
18:56:40.0078 4544 Rasirda - ok
18:56:40.0078 4544 Rasl2tp - ok
18:56:40.0093 4544 RasPppoe - ok
18:56:40.0093 4544 Raspti - ok
18:56:40.0109 4544 Rdbss - ok
18:56:40.0109 4544 RDPCDD - ok
18:56:40.0125 4544 rdpdr - ok
18:56:40.0125 4544 RDPWD - ok
18:56:40.0140 4544 redbook - ok
18:56:40.0156 4544 RemoveAny - ok
18:56:40.0156 4544 rimmptsk - ok
18:56:40.0156 4544 rimsptsk - ok
18:56:40.0171 4544 RimUsb - ok
18:56:40.0171 4544 RimVSerPort - ok
18:56:40.0171 4544 rismxdp - ok
18:56:40.0187 4544 ROOTMODEM - ok
18:56:40.0203 4544 s24trans - ok
18:56:40.0218 4544 SABProcEnum - ok
18:56:40.0218 4544 SASDIFSV - ok
18:56:40.0234 4544 SASKUTIL - ok
18:56:40.0250 4544 sdbus - ok
18:56:40.0250 4544 Secdrv - ok
18:56:40.0265 4544 SenFiltService - ok
18:56:40.0265 4544 Sentinel - ok
18:56:40.0281 4544 Ser2pl - ok
18:56:40.0281 4544 Serenum - ok
18:56:40.0281 4544 Serial - ok
18:56:40.0296 4544 Sfloppy - ok
18:56:40.0312 4544 Simbad - ok
18:56:40.0328 4544 SLIP - ok
18:56:40.0328 4544 SMCIRDA - ok
18:56:40.0328 4544 smsmdd - ok
18:56:40.0343 4544 SNTNLUSB - ok
18:56:40.0359 4544 Sparrow - ok
18:56:40.0359 4544 splitter - ok
18:56:40.0375 4544 sr - ok
18:56:40.0375 4544 Srv - ok
18:56:40.0390 4544 STAC97 - ok
18:56:40.0406 4544 STHDA - ok
18:56:40.0406 4544 StillCam - ok
18:56:40.0421 4544 streamip - ok
18:56:40.0421 4544 swenum - ok
18:56:40.0421 4544 swmidi - ok
18:56:40.0437 4544 SWNC8U12 - ok
18:56:40.0437 4544 swumx12 - ok
18:56:40.0453 4544 symc810 - ok
18:56:40.0453 4544 symc8xx - ok
18:56:40.0468 4544 Symmpi - ok
18:56:40.0468 4544 sym_hi - ok
18:56:40.0468 4544 sym_u3 - ok
18:56:40.0484 4544 sysaudio - ok
18:56:40.0500 4544 Tcpip - ok
18:56:40.0500 4544 TDPIPE - ok
18:56:40.0515 4544 TDTCP - ok
18:56:40.0515 4544 TermDD - ok
18:56:40.0531 4544 TosIde - ok
18:56:40.0546 4544 tosrfbd - ok
18:56:40.0546 4544 Tosrfhid - ok
18:56:40.0546 4544 tosrfusb - ok
18:56:40.0562 4544 Udfs - ok
18:56:40.0578 4544 ultra - ok
18:56:40.0578 4544 Update - ok
18:56:40.0593 4544 USBAAPL - ok
18:56:40.0593 4544 usbaudio - ok
18:56:40.0609 4544 usbccgp - ok
18:56:40.0609 4544 usbehci - ok
18:56:40.0625 4544 usbhub - ok
18:56:40.0625 4544 Usblink - ok
18:56:40.0625 4544 usbprint - ok
18:56:40.0640 4544 usbscan - ok
18:56:40.0640 4544 USBSTOR - ok
18:56:40.0656 4544 usbuhci - ok
18:56:40.0656 4544 usbvideo - ok
18:56:40.0656 4544 VgaSave - ok
18:56:40.0671 4544 ViaIde - ok
18:56:40.0671 4544 VolSnap - ok
18:56:40.0687 4544 vpnva - ok
18:56:40.0687 4544 vsbus - ok
18:56:40.0703 4544 vsdatant - ok
18:56:40.0703 4544 vserial - ok
18:56:40.0718 4544 w29n51 - ok
18:56:40.0734 4544 Wanarp - ok
18:56:40.0734 4544 WDICA - ok
18:56:40.0750 4544 wdmaud - ok
18:56:40.0750 4544 winachsf - ok
18:56:40.0812 4544 WmiAcpi - ok
18:56:40.0828 4544 WpdUsb - ok
18:56:40.0843 4544 WS2IFSL - ok
18:56:40.0843 4544 WSTCODEC - ok
18:56:40.0859 4544 WudfPf - ok
18:56:40.0875 4544 WudfRd - ok
18:56:40.0921 4544 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
18:56:41.0031 4544 \Device\Harddisk0\DR0 - ok
18:56:41.0046 4544 Boot (0x1200) (fdd57dd9957beab8edbac115955c9be0) \Device\Harddisk0\DR0\Partition0
18:56:41.0046 4544 \Device\Harddisk0\DR0\Partition0 - ok
18:56:41.0046 4544 ============================================================
18:56:41.0046 4544 Scan finished
18:56:41.0046 4544 ============================================================
18:56:41.0046 4532 Detected object count: 0
18:56:41.0046 4532 Actual detected object count: 0

#10 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 19 December 2011 - 08:19 PM

I have tried several searches and they seem to be working as of now, is there anything else that you would like me to run? :thumbsup:

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 20 December 2011 - 12:31 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 20 December 2011 - 12:30 PM

i will do that and report back, thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 20 December 2011 - 02:18 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 wpeppers

wpeppers
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:20 AM

Posted 20 December 2011 - 09:10 PM

I have tried each link and keep getting the

NSIS Error

Any suggestions?

I think all my security software is disabled, this is a work laptop and it could have one running in the background that I don't know about.

Thanks.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:20 PM

Posted 20 December 2011 - 09:51 PM

try downloading from another computer and passing it by pen drive


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users