Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with system fix and browser hijack problem


  • This topic is locked This topic is locked
23 replies to this topic

#1 schwoch1

schwoch1

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 21 December 2011 - 12:32 AM

I want to thank everyone in advance for the help I will receive with my problem. I am running Vista X64 on the computer in question. I believe that the computer contracted Systemfix, but one of my employees mistakenly tried to fix it himself and ran every program under the sun, but was able to get the desktop icons back and start menu items. The computer is working now, although not very well. When you attempt to use the internet, the browser gets hijacked and you never get where you want to actually go. I have unplugged computer from the internet for now as to hopefully keep the problem at a minimum ( I hope). I have tried running Malwarebytes Anti-malware (awesome program) and it detects no problems. I am also missing the quicklaunch icons at the bottom of the screen and the computer is always thinking (for lack of better wording) and the process svchost.exe is always over 300,000+ on memory. The computer was a fairly quick computer that has turned almost useless in the click of a mouse... I have attached the DDS. txt file and the Attach file as requested by the preparation guide. Again, thanks in advance and looking forwards to getting a response!!!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_16
Run by Doug's Auto Service at 23:04:01 on 2011-12-20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2044.608 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uPolicies-system: puussneujnpxyfdigpkrTaskMgr = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: alldatapro.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{2E1D128E-F676-45ED-9CA5-A6883A1A73A8} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{B08312A0-821C-4692-951A-B6E002627B3C} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Doug's Auto Service\AppData\Roaming\Mozilla\Firefox\Profiles\omb06mgd.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - component: C:\Program Files (x86)\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: C:\Users\Doug's Auto Service\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-5-29 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-5-29 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-12-21 04:40:29 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-12-21 04:39:26 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-12-21 04:37:07 345984 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-12-21 04:09:15 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE9369D7-7A9C-42D7-AB6B-D15B42D52011}\offreg.dll
2011-12-21 03:20:41 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE9369D7-7A9C-42D7-AB6B-D15B42D52011}\mpengine.dll
2011-12-18 00:13:59 -------- d-----w- C:\$RECYCLE.BIN
2011-12-17 23:59:08 -------- d-----w- C:\Users\Doug's Auto Service\AppData\Local\temp
2011-12-17 23:07:12 98816 ----a-w- C:\Windows\sed.exe
2011-12-17 23:07:12 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-17 23:07:12 256000 ----a-w- C:\Windows\PEV.exe
2011-12-17 23:07:12 208896 ----a-w- C:\Windows\MBR.exe
2011-12-17 23:06:05 -------- d-----w- C:\ComboFix
2011-12-15 19:19:25 677136 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 14:29:21 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-14 14:29:18 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-14 14:29:18 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-14 14:29:12 559616 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-14 14:29:12 429056 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-14 14:29:10 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-12-14 14:29:09 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-12-14 14:29:09 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-12-06 04:09:29 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2011-12-06 04:09:29 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2011-12-06 04:09:29 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2011-12-06 04:08:19 -------- d-----w- C:\Program Files (x86)\iPod
2011-12-06 04:08:17 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-06 04:08:17 -------- d-----w- C:\Program Files\iTunes
2011-12-06 04:08:17 -------- d-----w- C:\Program Files (x86)\iTunes
2011-12-06 03:59:01 -------- d-----w- C:\Program Files\Bonjour
.
==================== Find3M ====================
.
2011-12-05 16:09:18 286720 ----a-w- C:\Windows\iun507.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-14 19:08:37 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 23:15:05.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 24 December 2011 - 11:34 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 26 December 2011 - 12:20 AM

Gringo...

Ran ComboFix as requested. Computer still works pretty much the same as it did before, slow and very lethargic, seems to be 'thinking' all the time. I still have browser hijacks in all three browsers (IE, Firefox and Chrome) and still are missing the quick launch icons next to the windows 'start' icon. It also seemed to take a LONG time to run ComboFix, at least 40 min or so!! I have pasted the ComboFix log to the reply here. Again, thanks in advance, looking forwards to getting this straightened out!!

Mike



ComboFix 11-12-24.10 - Doug's Auto Service 12/25/2011 12:42:25.2.2 - x64
MicrosoftÆ Windows Vistaô Home Premium 6.0.6002.2.1252.1.1033.18.2044.920 [GMT -6:00]
Running from: c:\users\Doug's Auto Service\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~mLDD1w4pIPMGV4
c:\programdata\~mLDD1w4pIPMGV4r
c:\programdata\mLDD1w4pIPMGV4
c:\users\Doug's Auto Service\AppData\Roaming\AdobeDLM.log
.
---- Previous Run -------
.
c:\programdata\mLDD1w4pIPMGV4.exe
c:\programdata\POLStitgmwobI.exe
c:\users\Doug's Auto Service\AppData\Local\{E3A5926B-496D-4C69-BCD7-716D171545A1}\chrome.manifest
c:\users\Doug's Auto Service\AppData\Local\{E3A5926B-496D-4C69-BCD7-716D171545A1}\chrome\content\_cfg.js
c:\users\Doug's Auto Service\AppData\Local\{E3A5926B-496D-4C69-BCD7-716D171545A1}\chrome\content\overlay.xul
c:\users\Doug's Auto Service\AppData\Local\{E3A5926B-496D-4C69-BCD7-716D171545A1}\install.rdf
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Windows\Recent\pal.tmp
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\System Fix.lnk
c:\users\Doug's Auto Service\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix\Uninstall System Fix.lnk
c:\users\Doug's Auto Service\Desktop\System Fix.lnk
c:\windows\UNWISE.EXE
.
.
((((((((((((((((((((((((( Files Created from 2011-11-25 to 2011-12-25 )))))))))))))))))))))))))))))))
.
.
2011-12-25 19:16 . 2011-12-25 19:54 -------- d-----w- c:\users\Doug's Auto Service\AppData\Local\temp
2011-12-25 19:16 . 2011-12-25 19:16 -------- d-----w- c:\users\Mike\AppData\Local\temp
2011-12-25 19:16 . 2011-12-25 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-24 20:07 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09D1FC0B-FBFB-4DEB-BD1A-DC12E0D52430}\mpengine.dll
2011-12-21 04:37 . 2010-04-06 08:34 345984 ----a-w- c:\windows\system32\drivers\netio.sys
2011-12-18 02:21 . 2011-12-18 02:21 -------- d-----w- c:\program files\DIFX
2011-12-17 00:01 . 2011-12-17 00:01 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2011-12-15 19:19 . 2011-12-15 19:19 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-14 14:29 . 2011-10-25 16:09 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 14:29 . 2011-11-08 14:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-14 14:29 . 2011-11-08 14:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-14 14:29 . 2011-10-14 17:30 559616 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 14:29 . 2011-10-14 16:02 429056 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-14 14:29 . 2011-11-23 13:57 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 14:29 . 2011-11-08 12:10 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 14:29 . 2011-11-08 12:10 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-12-06 04:09 . 2009-05-18 19:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-12-06 04:09 . 2008-04-17 18:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-12-06 04:09 . 2008-04-17 18:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-12-06 04:08 . 2011-12-06 04:08 -------- d-----w- c:\program files (x86)\iPod
2011-12-06 04:08 . 2011-12-06 04:09 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-12-06 04:08 . 2011-12-06 04:09 -------- d-----w- c:\program files\iTunes
2011-12-06 04:08 . 2011-12-06 04:09 -------- d-----w- c:\program files (x86)\iTunes
2011-12-06 04:00 . 2011-12-06 04:00 -------- d-----w- c:\program files\Common Files\Apple
2011-12-06 03:59 . 2011-12-06 03:59 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-05 16:09 . 2011-04-06 22:39 286720 ----a-w- c:\windows\iun507.exe
2011-10-14 19:08 . 2011-06-28 13:22 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-9-28 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"puussneujnpxyfdigpkrTaskMgr"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 14:49]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 14:49]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583823543-371912130-2219661374-1000Core.job
- c:\users\Doug's Auto Service\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-02 18:45]
.
2011-12-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583823543-371912130-2219661374-1000UA.job
- c:\users\Doug's Auto Service\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-02 18:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: alldatapro.com\www
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Doug's Auto Service\AppData\Roaming\Mozilla\Firefox\Profiles\omb06mgd.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-SheetCam - c:\program files (x86)\SheetCam\Setup.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Completion time: 2011-12-25 14:16:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-25 20:16
.
Pre-Run: 74,939,265,024 bytes free
Post-Run: 74,902,900,736 bytes free
.
- - End Of File - - 72C08AB5B167C1195CFEDAE20177B002

Edited by schwoch1, 26 December 2011 - 12:21 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 26 December 2011 - 12:27 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 26 December 2011 - 01:04 AM

Gringo......

I have tried to run TDSSkiller and it will not run. I have tried redownloading it several times, rebooting computer to no avail. All I get is the windows thinking spinning circle, than nothing happens after that. Have also tried running as administrator which also produced no results. What is the next step?

Thanks in advance!
Mike

#6 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 26 December 2011 - 01:07 AM

Gringo...

I believe that TDSSkiller will not run because I have a 64 bit OS..... but I could be wrong... just shooting an idea.

Mike

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 26 December 2011 - 01:12 AM

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun TDSSKiller for me and send me the report

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 26 December 2011 - 05:22 PM

Gringo....

Ran the second TDSS (symantec version) and I was informed that the MBR was infected (master boot record?)
Followed on screen directions and program repaired MBR.
Checked all browsers, all hijacks were gone.
Restarted computer and reran TDSS and said no problems were found.
Quick launch icons are still missing though, previous person who tried to repair PC already ran unhide multiple times in attempt to get the quick launch icons to reappear.
Computer seems to be operating correctly for now, except for the missing quick launch icons!

Keep me posted!!!

Mike

#9 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 26 December 2011 - 05:29 PM

also ran the first TDSS program , which was able to run now and here is the log, said no problems were found!!!


16:24:30.0235 3924 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
16:24:30.0262 3924 ============================================================
16:24:30.0262 3924 Current date / time: 2011/12/26 16:24:30.0262
16:24:30.0262 3924 SystemInfo:
16:24:30.0262 3924
16:24:30.0262 3924 OS Version: 6.0.6002 ServicePack: 2.0
16:24:30.0262 3924 Product type: Workstation
16:24:30.0262 3924 ComputerName: DOUGSAUTOSER-PC
16:24:30.0263 3924 UserName: Doug's Auto Service
16:24:30.0263 3924 Windows directory: C:\Windows
16:24:30.0263 3924 System windows directory: C:\Windows
16:24:30.0263 3924 Running under WOW64
16:24:30.0263 3924 Processor architecture: Intel x64
16:24:30.0263 3924 Number of processors: 2
16:24:30.0263 3924 Page size: 0x1000
16:24:30.0263 3924 Boot type: Normal boot
16:24:30.0263 3924 ============================================================
16:24:30.0745 3924 Initialize success
16:24:36.0812 1348 ============================================================
16:24:36.0812 1348 Scan started
16:24:36.0812 1348 Mode: Manual;
16:24:36.0812 1348 ============================================================
16:24:37.0724 1348 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:24:37.0736 1348 ACPI - ok
16:24:37.0836 1348 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
16:24:37.0856 1348 adp94xx - ok
16:24:37.0932 1348 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
16:24:37.0946 1348 adpahci - ok
16:24:37.0993 1348 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
16:24:38.0001 1348 adpu160m - ok
16:24:38.0044 1348 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
16:24:38.0052 1348 adpu320 - ok
16:24:38.0218 1348 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
16:24:38.0235 1348 AFD - ok
16:24:38.0320 1348 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
16:24:38.0324 1348 agp440 - ok
16:24:38.0407 1348 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:24:38.0411 1348 aic78xx - ok
16:24:38.0530 1348 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
16:24:38.0532 1348 aliide - ok
16:24:38.0659 1348 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:24:38.0661 1348 amdide - ok
16:24:38.0715 1348 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
16:24:38.0718 1348 AmdK8 - ok
16:24:38.0820 1348 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
16:24:38.0824 1348 arc - ok
16:24:38.0877 1348 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
16:24:38.0881 1348 arcsas - ok
16:24:38.0956 1348 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:24:38.0958 1348 AsyncMac - ok
16:24:39.0037 1348 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:24:39.0038 1348 atapi - ok
16:24:39.0106 1348 Beep - ok
16:24:39.0147 1348 blbdrive - ok
16:24:39.0263 1348 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:24:39.0267 1348 bowser - ok
16:24:39.0340 1348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:24:39.0342 1348 BrFiltLo - ok
16:24:39.0392 1348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:24:39.0393 1348 BrFiltUp - ok
16:24:39.0469 1348 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:24:39.0474 1348 Brserid - ok
16:24:39.0509 1348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:24:39.0512 1348 BrSerWdm - ok
16:24:39.0564 1348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:24:39.0565 1348 BrUsbMdm - ok
16:24:39.0609 1348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:24:39.0611 1348 BrUsbSer - ok
16:24:39.0666 1348 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:24:39.0669 1348 BTHMODEM - ok
16:24:39.0721 1348 catchme - ok
16:24:39.0855 1348 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:24:39.0860 1348 cdfs - ok
16:24:39.0972 1348 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:24:39.0976 1348 cdrom - ok
16:24:40.0041 1348 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
16:24:40.0043 1348 circlass - ok
16:24:40.0172 1348 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:24:40.0188 1348 CLFS - ok
16:24:40.0414 1348 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:24:40.0416 1348 cmdide - ok
16:24:40.0466 1348 Compbatt (0e77a445640bf310817f60941c50560c) C:\Windows\system32\drivers\compbatt.sys
16:24:40.0468 1348 Compbatt - ok
16:24:40.0515 1348 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
16:24:40.0517 1348 crcdisk - ok
16:24:40.0665 1348 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:24:40.0669 1348 DfsC - ok
16:24:40.0799 1348 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:24:40.0802 1348 disk - ok
16:24:40.0869 1348 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:24:40.0870 1348 drmkaud - ok
16:24:40.0979 1348 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:24:41.0032 1348 DXGKrnl - ok
16:24:41.0164 1348 E100B (f20bd86632bc1f7222e154559974f63f) C:\Windows\system32\DRIVERS\efe5b32e.sys
16:24:41.0172 1348 E100B - ok
16:24:41.0298 1348 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:24:41.0382 1348 E1G60 - ok
16:24:41.0611 1348 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:24:41.0618 1348 Ecache - ok
16:24:41.0710 1348 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
16:24:41.0725 1348 elxstor - ok
16:24:41.0820 1348 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:24:41.0829 1348 exfat - ok
16:24:41.0907 1348 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:24:41.0915 1348 fastfat - ok
16:24:41.0981 1348 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
16:24:41.0983 1348 fdc - ok
16:24:42.0077 1348 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:24:42.0081 1348 FileInfo - ok
16:24:42.0202 1348 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:24:42.0204 1348 Filetrace - ok
16:24:42.0297 1348 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
16:24:42.0299 1348 flpydisk - ok
16:24:42.0392 1348 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:24:42.0404 1348 FltMgr - ok
16:24:42.0505 1348 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
16:24:42.0506 1348 Fs_Rec - ok
16:24:42.0562 1348 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\Windows\system32\drivers\ftdibus.sys
16:24:42.0566 1348 FTDIBUS - ok
16:24:42.0718 1348 FTSER2K (121af3148cdda212cffbc4f6240699c2) C:\Windows\system32\drivers\ftser2k.sys
16:24:42.0722 1348 FTSER2K - ok
16:24:42.0807 1348 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
16:24:42.0810 1348 gagp30kx - ok
16:24:42.0907 1348 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:24:42.0909 1348 GEARAspiWDM - ok
16:24:43.0011 1348 Hardlock (091582da724f54830012e3faaf2f1d1a) C:\Windows\system32\drivers\hardlock.sys
16:24:43.0022 1348 Hardlock - ok
16:24:43.0160 1348 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
16:24:43.0171 1348 HdAudAddService - ok
16:24:43.0303 1348 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:24:43.0343 1348 HDAudBus - ok
16:24:43.0415 1348 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:24:43.0418 1348 HidBth - ok
16:24:43.0462 1348 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
16:24:43.0464 1348 HidIr - ok
16:24:43.0564 1348 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:24:43.0566 1348 HidUsb - ok
16:24:43.0763 1348 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
16:24:43.0765 1348 HpCISSs - ok
16:24:43.0886 1348 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:24:43.0921 1348 HTTP - ok
16:24:43.0983 1348 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
16:24:43.0986 1348 i2omp - ok
16:24:44.0072 1348 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:24:44.0075 1348 i8042prt - ok
16:24:44.0191 1348 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
16:24:44.0203 1348 iaStorV - ok
16:24:44.0289 1348 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:24:44.0292 1348 iirsp - ok
16:24:44.0446 1348 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:24:44.0447 1348 intelide - ok
16:24:44.0513 1348 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:24:44.0515 1348 intelppm - ok
16:24:44.0635 1348 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:24:44.0638 1348 IpFilterDriver - ok
16:24:44.0692 1348 IpInIp - ok
16:24:44.0764 1348 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
16:24:44.0770 1348 IPMIDRV - ok
16:24:44.0854 1348 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:24:44.0860 1348 IPNAT - ok
16:24:44.0975 1348 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:24:44.0977 1348 IRENUM - ok
16:24:45.0088 1348 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
16:24:45.0095 1348 isapnp - ok
16:24:45.0229 1348 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:24:45.0237 1348 iScsiPrt - ok
16:24:45.0281 1348 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:24:45.0284 1348 iteatapi - ok
16:24:45.0516 1348 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:24:45.0563 1348 iteraid - ok
16:24:45.0838 1348 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:24:45.0868 1348 kbdclass - ok
16:24:46.0069 1348 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:24:46.0141 1348 kbdhid - ok
16:24:46.0444 1348 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
16:24:46.0480 1348 KSecDD - ok
16:24:46.0735 1348 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:24:46.0737 1348 ksthunk - ok
16:24:46.0826 1348 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
16:24:46.0828 1348 L8042Kbd - ok
16:24:46.0895 1348 L8042mou (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
16:24:46.0900 1348 L8042mou - ok
16:24:47.0723 1348 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:24:47.0726 1348 LHidFilt - ok
16:24:47.0815 1348 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:24:47.0818 1348 lltdio - ok
16:24:47.0893 1348 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:24:47.0896 1348 LMouFilt - ok
16:24:47.0962 1348 LMouKE (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
16:24:47.0967 1348 LMouKE - ok
16:24:48.0085 1348 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
16:24:48.0090 1348 LSI_FC - ok
16:24:48.0165 1348 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
16:24:48.0169 1348 LSI_SAS - ok
16:24:48.0215 1348 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
16:24:48.0219 1348 LSI_SCSI - ok
16:24:48.0277 1348 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:24:48.0283 1348 luafv - ok
16:24:48.0425 1348 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
16:24:48.0427 1348 megasas - ok
16:24:48.0577 1348 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:24:48.0580 1348 Modem - ok
16:24:48.0641 1348 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:24:48.0641 1348 monitor - ok
16:24:48.0705 1348 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:24:48.0707 1348 mouclass - ok
16:24:48.0755 1348 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:24:48.0756 1348 mouhid - ok
16:24:48.0843 1348 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:24:48.0847 1348 MountMgr - ok
16:24:48.0926 1348 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
16:24:48.0934 1348 MpFilter - ok
16:24:49.0035 1348 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
16:24:49.0039 1348 mpio - ok
16:24:49.0141 1348 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:24:49.0143 1348 MpNWMon - ok
16:24:49.0224 1348 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:24:49.0227 1348 mpsdrv - ok
16:24:49.0307 1348 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:24:49.0310 1348 Mraid35x - ok
16:24:49.0413 1348 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:24:49.0420 1348 MRxDAV - ok
16:24:49.0484 1348 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:24:49.0490 1348 mrxsmb - ok
16:24:49.0569 1348 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:24:49.0580 1348 mrxsmb10 - ok
16:24:49.0693 1348 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:24:49.0698 1348 mrxsmb20 - ok
16:24:49.0758 1348 msahci (eeadf970795148bfbb1db3abcc89c16b) C:\Windows\system32\drivers\msahci.sys
16:24:49.0760 1348 msahci - ok
16:24:49.0824 1348 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
16:24:49.0828 1348 msdsm - ok
16:24:49.0904 1348 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:24:49.0905 1348 Msfs - ok
16:24:49.0973 1348 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:24:49.0975 1348 msisadrv - ok
16:24:50.0071 1348 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:24:50.0073 1348 MSKSSRV - ok
16:24:50.0168 1348 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:24:50.0170 1348 MSPCLOCK - ok
16:24:50.0218 1348 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:24:50.0220 1348 MSPQM - ok
16:24:50.0302 1348 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:24:50.0315 1348 MsRPC - ok
16:24:50.0424 1348 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:24:50.0425 1348 mssmbios - ok
16:24:50.0505 1348 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:24:50.0506 1348 MSTEE - ok
16:24:50.0578 1348 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:24:50.0581 1348 Mup - ok
16:24:50.0673 1348 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:24:50.0681 1348 NativeWifiP - ok
16:24:50.0795 1348 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:24:50.0823 1348 NDIS - ok
16:24:50.0902 1348 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:24:50.0903 1348 NdisTapi - ok
16:24:50.0981 1348 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:24:50.0983 1348 Ndisuio - ok
16:24:51.0076 1348 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:24:51.0084 1348 NdisWan - ok
16:24:51.0195 1348 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:24:51.0198 1348 NDProxy - ok
16:24:51.0291 1348 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:24:51.0293 1348 NetBIOS - ok
16:24:51.0392 1348 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:24:51.0402 1348 netbt - ok
16:24:51.0522 1348 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:24:51.0525 1348 nfrd960 - ok
16:24:51.0562 1348 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:24:51.0566 1348 NisDrv - ok
16:24:51.0663 1348 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:24:51.0665 1348 Npfs - ok
16:24:51.0787 1348 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:24:51.0788 1348 nsiproxy - ok
16:24:51.0937 1348 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:24:52.0006 1348 Ntfs - ok
16:24:52.0049 1348 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:24:52.0050 1348 Null - ok
16:24:52.0713 1348 nvlddmkm (feffc8474be060ea7349a172b9810415) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:24:53.0211 1348 nvlddmkm - ok
16:24:53.0333 1348 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
16:24:53.0338 1348 nvraid - ok
16:24:53.0397 1348 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
16:24:53.0400 1348 nvstor - ok
16:24:53.0471 1348 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
16:24:53.0477 1348 nv_agp - ok
16:24:53.0518 1348 NwlnkFlt - ok
16:24:53.0553 1348 NwlnkFwd - ok
16:24:53.0630 1348 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
16:24:53.0634 1348 ohci1394 - ok
16:24:53.0839 1348 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
16:24:53.0844 1348 Parport - ok
16:24:53.0935 1348 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:24:53.0938 1348 partmgr - ok
16:24:54.0037 1348 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:24:54.0045 1348 pci - ok
16:24:54.0143 1348 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:24:54.0144 1348 pciide - ok
16:24:54.0202 1348 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:24:54.0211 1348 pcmcia - ok
16:24:54.0336 1348 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:24:54.0375 1348 PEAUTH - ok
16:24:54.0444 1348 Point64 - ok
16:24:54.0562 1348 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:24:54.0567 1348 PptpMiniport - ok
16:24:54.0656 1348 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
16:24:54.0679 1348 Processor - ok
16:24:54.0798 1348 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:24:54.0825 1348 PSched - ok
16:24:54.0954 1348 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
16:24:55.0025 1348 ql2300 - ok
16:24:55.0177 1348 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:24:55.0184 1348 ql40xx - ok
16:24:55.0286 1348 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:24:55.0317 1348 QWAVEdrv - ok
16:24:55.0491 1348 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:24:55.0535 1348 RasAcd - ok
16:24:55.0758 1348 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:24:55.0764 1348 Rasl2tp - ok
16:24:55.0927 1348 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:24:55.0976 1348 RasPppoe - ok
16:24:56.0427 1348 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:24:56.0474 1348 RasSstp - ok
16:24:56.0922 1348 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:24:56.0965 1348 rdbss - ok
16:24:57.0266 1348 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:24:57.0297 1348 RDPCDD - ok
16:24:57.0612 1348 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
16:24:57.0629 1348 rdpdr - ok
16:24:57.0758 1348 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:24:57.0905 1348 RDPENCDD - ok
16:24:58.0183 1348 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
16:24:58.0192 1348 RDPWD - ok
16:24:58.0816 1348 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:24:58.0819 1348 rspndr - ok
16:24:59.0258 1348 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:24:59.0289 1348 sbp2port - ok
16:24:59.0796 1348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:24:59.0798 1348 secdrv - ok
16:25:00.0227 1348 Ser2pl (2cd118925f9cdf665f7c08aecd8177ef) C:\Windows\system32\DRIVERS\ser2pl64.sys
16:25:00.0232 1348 Ser2pl - ok
16:25:00.0543 1348 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
16:25:00.0573 1348 Serenum - ok
16:25:00.0657 1348 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
16:25:00.0690 1348 Serial - ok
16:25:00.0755 1348 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:25:00.0757 1348 sermouse - ok
16:25:00.0977 1348 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
16:25:00.0980 1348 sffdisk - ok
16:25:01.0223 1348 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
16:25:01.0225 1348 sffp_mmc - ok
16:25:01.0386 1348 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
16:25:01.0398 1348 sffp_sd - ok
16:25:01.0498 1348 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:25:01.0500 1348 sfloppy - ok
16:25:01.0648 1348 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
16:25:01.0651 1348 SiSRaid2 - ok
16:25:01.0728 1348 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
16:25:01.0732 1348 SiSRaid4 - ok
16:25:01.0840 1348 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:25:01.0844 1348 Smb - ok
16:25:01.0932 1348 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:25:01.0934 1348 spldr - ok
16:25:02.0053 1348 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:25:02.0072 1348 srv - ok
16:25:02.0170 1348 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:25:02.0177 1348 srv2 - ok
16:25:02.0342 1348 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:25:02.0349 1348 srvnet - ok
16:25:02.0463 1348 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:25:02.0465 1348 swenum - ok
16:25:02.0522 1348 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:25:02.0525 1348 Symc8xx - ok
16:25:02.0585 1348 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:25:02.0588 1348 Sym_hi - ok
16:25:02.0631 1348 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:25:02.0634 1348 Sym_u3 - ok
16:25:02.0790 1348 Tcpip (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\drivers\tcpip.sys
16:25:02.0853 1348 Tcpip - ok
16:25:03.0016 1348 Tcpip6 (73bed5067ed53a9df05fa8eab42578d0) C:\Windows\system32\DRIVERS\tcpip.sys
16:25:03.0026 1348 Tcpip6 - ok
16:25:03.0325 1348 tcpipreg (848f87c604b5e674602498cb51067db6) C:\Windows\system32\drivers\tcpipreg.sys
16:25:03.0328 1348 tcpipreg - ok
16:25:03.0406 1348 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:25:03.0407 1348 TDPIPE - ok
16:25:03.0459 1348 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:25:03.0462 1348 TDTCP - ok
16:25:03.0551 1348 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:25:03.0555 1348 tdx - ok
16:25:03.0637 1348 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:25:03.0640 1348 TermDD - ok
16:25:03.0761 1348 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:03.0763 1348 tssecsrv - ok
16:25:03.0853 1348 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
16:25:03.0855 1348 tunmp - ok
16:25:03.0966 1348 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:25:03.0968 1348 tunnel - ok
16:25:04.0017 1348 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
16:25:04.0021 1348 uagp35 - ok
16:25:04.0155 1348 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:25:04.0168 1348 udfs - ok
16:25:04.0308 1348 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
16:25:04.0312 1348 uliagpkx - ok
16:25:04.0379 1348 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
16:25:04.0391 1348 uliahci - ok
16:25:04.0466 1348 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:25:04.0472 1348 UlSata - ok
16:25:04.0555 1348 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:25:04.0563 1348 ulsata2 - ok
16:25:04.0641 1348 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:25:04.0644 1348 umbus - ok
16:25:04.0730 1348 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:04.0735 1348 usbccgp - ok
16:25:04.0801 1348 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:25:04.0806 1348 usbcir - ok
16:25:04.0902 1348 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:25:04.0905 1348 usbehci - ok
16:25:04.0979 1348 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:25:04.0990 1348 usbhub - ok
16:25:05.0078 1348 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
16:25:05.0080 1348 usbohci - ok
16:25:05.0171 1348 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:25:05.0173 1348 usbprint - ok
16:25:05.0260 1348 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:25:05.0262 1348 usbscan - ok
16:25:05.0347 1348 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:05.0348 1348 USBSTOR - ok
16:25:05.0415 1348 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:25:05.0418 1348 usbuhci - ok
16:25:05.0521 1348 USB_RNDIS (f4f8d86e6fcab839438b23dfafc7951f) C:\Windows\system32\DRIVERS\usb8023.sys
16:25:05.0523 1348 USB_RNDIS - ok
16:25:05.0658 1348 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:05.0660 1348 vga - ok
16:25:05.0724 1348 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:25:05.0726 1348 VgaSave - ok
16:25:05.0773 1348 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:25:05.0775 1348 viaide - ok
16:25:05.0861 1348 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:25:05.0865 1348 volmgr - ok
16:25:05.0949 1348 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:25:05.0965 1348 volmgrx - ok
16:25:06.0046 1348 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:25:06.0057 1348 volsnap - ok
16:25:06.0147 1348 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
16:25:06.0153 1348 vsmraid - ok
16:25:06.0219 1348 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:25:06.0221 1348 WacomPen - ok
16:25:06.0306 1348 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:06.0310 1348 Wanarp - ok
16:25:06.0319 1348 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:06.0320 1348 Wanarpv6 - ok
16:25:06.0381 1348 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
16:25:06.0383 1348 Wd - ok
16:25:06.0482 1348 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:25:06.0527 1348 Wdf01000 - ok
16:25:06.0723 1348 WmiAcpi (ae34218455d5dc12d1e45de85f160346) C:\Windows\system32\drivers\wmiacpi.sys
16:25:06.0726 1348 WmiAcpi - ok
16:25:06.0861 1348 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:25:06.0864 1348 WpdUsb - ok
16:25:06.0945 1348 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:25:06.0947 1348 ws2ifsl - ok
16:25:07.0077 1348 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:07.0083 1348 WUDFRd - ok
16:25:07.0226 1348 zntport - ok
16:25:07.0306 1348 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
16:25:07.0360 1348 \Device\Harddisk0\DR0 - ok
16:25:07.0368 1348 Boot (0x1200) (3d06d74c7bff0d20d3d89df461d32be9) \Device\Harddisk0\DR0\Partition0
16:25:07.0370 1348 \Device\Harddisk0\DR0\Partition0 - ok
16:25:07.0373 1348 ============================================================
16:25:07.0373 1348 Scan finished
16:25:07.0373 1348 ============================================================
16:25:07.0394 3868 Detected object count: 0
16:25:07.0394 3868 Actual detected object count: 0

Mike

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 26 December 2011 - 08:18 PM

Hello Mike


when you say quick launch do you mean next to the start orb or in the start mnu?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 26 December 2011 - 11:08 PM

Gringo...

I am referring to the items next to the start 'orb' on the taskbar!!!

Mike

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 26 December 2011 - 11:50 PM

Hello


right click on the task bar and then go to toolbars and see if quick launch has a checkmark


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 27 December 2011 - 10:39 AM

Gringo.....

It does have the checkmark...

Mike

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:36 PM

Posted 27 December 2011 - 06:32 PM

hello


run this and see if it helped

http://download.bleepingcomputer.com/grinler/fakehdd/vista-32-sm-reset.exe


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 schwoch1

schwoch1
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 28 December 2011 - 10:46 AM

Gringo.....

Ran the program as instructed, still missing the quick launch icons. I hate to be a pain about this, but most of my employees (all 2) are computer illiterate and use the quick launch ALL the time, and are lost without it!!!

Thanks in advance and what would be the next step!!!???

Mike

Edited by schwoch1, 28 December 2011 - 10:47 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users