Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware infection?


  • Please log in to reply
38 replies to this topic

#1 Application

Application

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 01:58 PM

Hi guys,

I've got a bit of a computer problem, and that may be an understatement. My desktop computer hasn't been its usual self for weeks, and I never really got around to doing something about it until now. The other night, I went to turn it on for the first time in a while, I found myself with a blue screen - "unmountable root volume"? Something like that. I couldn't find my Windows Recovery Console CD, so I ended up finding a packaged Windows XP version that I burned to a DVD and ran on the desktop. It seemed to work well enough, as I was able to run a bootfix thing and got to the point where I could log on and get on the internet.

So, from there, I downloaded SuperAntiSpyware and ran a scan. Well, I ended up with 1246 "threats", including like a dozen trojans. I quarantined and removed them, and went to restart. Of course, when I was rebooting, I got another blue screen - "driver unloaded without cancelling pending operations". Now I figured I'd deleted some infected file or driver or something that was critical to the operation of my computer, and I set about fixing it once more. The driver in question, tmtdi.sys, was found easily enough. I renamed it to tmtdi.old and got past the blue screen. When I went to get on the internet, however, I got a "IE cannot display the webpage" error.

And so, here I sit. What do you guys think, do I still have some sort of infection? Did I delete more things that I should not have? How do I proceed? This probably isn't the right forum for getting this sorted out, so if anyone can point me in the right direction, I'd be very appreciative.

Thanks for any help anyone can offer!

Also: for anyone particularly observant, the above is the exact same thing I posted nine days ago in this same forum. This is about my desktop computer, which it was my original intention to fix. However, when I posted the last topic, I decided to try to fix my laptop (same situation) first, and ended up going from there. Now that I've got the laptop up and running, it's time to try to get the desktop running again. Anyways, thanks guys!

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 02:36 PM

Same computer?
http://www.bleepingcomputer.com/forums/topic436873.html

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Application

Application
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 03:12 PM

Different computer. I have two computers that have/had pretty much the exact same problem. I began the first post with the intention of fixing my desktop, but then decided the laptop was the more pressing concern. With your help, the laptop has been fixed and is running great (I also finished out the last few steps, installing a Java update and Secunia: PSI, though it would seem I forgot to post that). Now, I need to get the desktop fixed.

Should I start with the same initial steps as I did the last time, and post the logs?

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 03:22 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Application

Application
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 04:11 PM

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Trend Micro Titanium
Trend Micro™ Titanium™
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 26
Java™ 6 Update 5
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro AMSP coreFrameworkHost.exe
``````````End of Log````````````

Farbar Service Scanner
Ran by Owner (administrator) on 16-01-2012 at 15:38:14
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
Attention! C:\WINDOWS\system32\Drivers\ipsec.sys is missing.
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
Attention! IpSec Tag value should be 4Attention! IpSec Tag value is missing and it should be 4

**** End of log ****


MiniToolBox by Farbar
Ran by Owner (administrator) on 16-01-2012 at 15:36:04
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
Hosts file not detected in the default directory
========================= IP Configuration: ================================

NVIDIA nForce Networking Controller = Local Area Connection (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip



popd
# End of interface IP configuration




Windows IP Configuration



An internal error occurred: The request is not supported.



Please contact Microsoft Product Support Services for further help.



Additional information: Unable to query host name.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host google.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host yahoo.com. Please check the name and try again.

Server: UnKnown
Address: 127.0.0.1

Ping request could not find host bleepingcomputer.com. Please check the name and try again.

Unable to contact IP driver, error code 2,

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/16/2012 01:26:11 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/16/2012 01:26:08 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Error: (01/16/2012 01:26:08 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (01/08/2012 06:58:42 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/05/2012 07:25:25 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/05/2012 07:06:38 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (01/05/2012 07:00:31 PM) (Source: JavaQuickStarterService) (User: )
Description: Unable to create JQS API server: bind() failed (Socket error 10050)

Error: (12/22/2011 08:33:54 AM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00fe0d86.
Processing media-specific event for [ping.exe!ws!]

Error: (12/19/2011 01:39:40 AM) (Source: Bonjour Service) (User: )
Description: 448: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (12/17/2011 05:23:17 PM) (Source: Bonjour Service) (User: )
Description: 436: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (01/16/2012 03:36:18 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/16/2012 03:36:18 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/16/2012 03:36:18 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/16/2012 03:36:18 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/16/2012 03:36:18 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/16/2012 03:36:18 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/16/2012 03:36:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/16/2012 03:36:17 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec

Error: (01/16/2012 03:36:17 PM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness (NLA) service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%1075

Error: (01/16/2012 03:36:17 PM) (Source: Service Control Manager) (User: )
Description: The TCP/IP Protocol Driver service depends on the following nonexistent service: IPSec


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe Flash Player 10 ActiveX (Version: 10.3.183.7)
Adobe Reader 8.1.2 (Version: 8.1.2)
Agere Systems PCI-SV92EX Soft Modem
Apple Application Support (Version: 1.2.1)
Apple Mobile Device Support (Version: 3.0.1.3)
Apple Software Update (Version: 2.1.2.120)
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 2.0.1.2)
BufferChm (Version: 140.0.212.000)
C4700 (Version: 140.0.690.000)
Citrix XenApp Plugin for Hosted Apps (Version: 11.0.0.5357)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CyberLink DVD Suite (Version: 6.0.2110)
CyberLink Power2Go (Version: 6.0.2115)
CyberLink PowerDVD (Version: 7.0.3409.a)
Destinations (Version: 140.0.77.000)
DeviceDiscovery (Version: 140.0.212.000)
GPBaseService2 (Version: 140.0.211.000)
HP Imaging Device Functions 14.0 (Version: 14.0)
HP Photo Creations (Version: 1.0.0.2024)
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6 (Version: 14.0)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 14.0 (Version: 14.0)
HP Update (Version: 5.003.001.001)
HPProductAssistant (Version: 140.0.212.000)
HPSSupply (Version: 140.0.211.000)
IHA_MessageCenter (Version: 1.8.5)
iTunes (Version: 9.1.1.12)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 5 (Version: 1.6.0.50)
LightScribe 1.4.142.1 (Version: 1.4.142.1)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Works (Version: 9.7.0621)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Network (Version: 140.0.215.000)
NTI Backup Now 5 (Version: 5.1.2.503)
NTI Backup Now Standard (Version: 5.1.2.503)
NTI Media Maker 8 (Version: 8.0.12.6325)
NVIDIA Drivers
PS_AIO_06_C4700_SW_Min (Version: 140.0.690.000)
QuickTime (Version: 7.66.71.0)
QuickTransfer (Version: 140.0.98.000)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Scan (Version: 140.0.80.000)
School Tycoon
Shop for HP Supplies (Version: 14.0)
ShopAtHome SelectRebates
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 140.0.213.000)
Status (Version: 140.0.212.000)
SUPERAntiSpyware (Version: 5.0.1142)
Toolbox (Version: 140.0.428.000)
TrayApp (Version: 140.0.212.000)
Trend Micro Titanium (Version: 3.1.1109)
Trend Micro™ Titanium™ (Version: 3.00)
Verizon Download Manager (Version: 15)
Vz In Home Agent (Version: 8.03.41)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 140.0.212.017)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Media Format 11 runtime
Windows Media Player 11
Zoo Tycoon: Complete Collection

========================= Memory info: ===================================

Percentage of memory in use: 58%
Total physical RAM: 894.42 MB
Available physical RAM: 374.43 MB
Total Pagefile: 2168.02 MB
Available Pagefile: 1500.93 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.76 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:69.4 GB) (Free:16.79 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:69.89 GB) (Free:69.52 GB) NTFS
3 Drive e: (Recovery CD) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
4 Drive f: (USB MEMORY) (Removable) (Total:0.01 GB) (Free:0 GB) FAT
6 Drive h: (ALBUS) (Removable) (Total:3.74 GB) (Free:3.46 GB) FAT32

========================= Users: ========================================

User accounts for \\EMACHINE-7AF6B9

Administrator ASPNET Guest
HelpAssistant Owner SUPPORT_388945a0


**** End of log ****


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.24.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: EMACHINE-7AF6B9 [limited]

1/16/2012 3:43:38 PM
mbam-log-2012-01-16 (15-43-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 177173
Time elapsed: 15 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\WINDOWS\Temp\slp7703547195091504599.tmp (Trojan.Exploit.Drop.THPM) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\kna0.9208470855802001.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gggf0.658850753696115.exe (Exploit.Drop.6) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_ex-08.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

(end)


aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-16 16:05:39
-----------------------------
16:05:39.500 OS Version: Windows 5.1.2600 Service Pack 3
16:05:39.500 Number of processors: 1 586 0x7F02
16:05:39.500 ComputerName: EMACHINE-7AF6B9 UserName: Owner
16:05:40.078 Initialize success
16:05:51.046 AVAST engine download error: 0
16:06:01.687 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-7
16:06:01.687 Disk 0 Vendor: WDC_WD1600AAJS-22L7A0 01.03E01 Size: 152627MB BusType: 3
16:06:01.734 Disk 0 MBR read successfully
16:06:01.734 Disk 0 MBR scan
16:06:01.734 Disk 0 unknown MBR code
16:06:01.750 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 9993 MB offset 63
16:06:01.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 71068 MB offset 20466810
16:06:01.812 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 71562 MB offset 166015710
16:06:01.828 Disk 0 scanning sectors +312576705
16:06:01.921 Disk 0 scanning C:\WINDOWS\system32\drivers
16:06:11.328 File: C:\WINDOWS\system32\drivers\volsnap.sys **SUSPICIOUS**
16:06:11.750 Disk 0 trace - called modules:
16:06:11.781 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x851671ed]<<
16:06:11.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85189ab8]
16:06:11.812 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\00000067[0x852f9700]
16:06:11.828 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-7[0x851db030]
16:06:11.843 \Driver\atapi[0x8527f3b0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x851671ed
16:06:11.859 Scan finished successfully
16:06:35.000 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
16:06:35.078 The log file has been saved successfully to "F:\aswMBR.txt"

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 04:18 PM

OK, we have several issues there.

1. Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

2. Update MBAM manually...
To manually update MBAM, download this file: http://data.mbamupdates.com/tools/mbam-rules.exe
Double click on downloaded file to update the program.
Run another scan and post new log.

3. Please run Farbar Service Scanner.
Type the following in the edit box after "Search:".

ipsec.sys

Click Search Files button and post the log (FSS.txt) it makes to your reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Application

Application
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 04:46 PM

16:27:09.0453 2172 TDSS rootkit removing tool 2.7.2.0 Jan 14 2012 20:07:30
16:27:09.0687 2172 ============================================================
16:27:09.0687 2172 Current date / time: 2012/01/16 16:27:09.0687
16:27:09.0687 2172 SystemInfo:
16:27:09.0687 2172
16:27:09.0687 2172 OS Version: 5.1.2600 ServicePack: 3.0
16:27:09.0687 2172 Product type: Workstation
16:27:09.0687 2172 ComputerName: EMACHINE-7AF6B9
16:27:09.0687 2172 UserName: Owner
16:27:09.0687 2172 Windows directory: C:\WINDOWS
16:27:09.0687 2172 System windows directory: C:\WINDOWS
16:27:09.0687 2172 Processor architecture: Intel x86
16:27:09.0687 2172 Number of processors: 1
16:27:09.0687 2172 Page size: 0x1000
16:27:09.0687 2172 Boot type: Normal boot
16:27:09.0703 2172 ============================================================
16:27:11.0718 2172 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000, SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000054
16:27:11.0750 2172 Drive \Device\Harddisk1\DR12 - Size: 0xF40000, SectorSize: 0x200, Cylinders: 0x1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:27:11.0812 2172 Initialize success
16:27:27.0718 0904 ============================================================
16:27:27.0718 0904 Scan started
16:27:27.0718 0904 Mode: Manual;
16:27:27.0718 0904 ============================================================
16:27:28.0031 0904 Abiosdsk - ok
16:27:28.0046 0904 abp480n5 - ok
16:27:28.0093 0904 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:27:28.0093 0904 ACPI - ok
16:27:28.0156 0904 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:27:28.0156 0904 ACPIEC - ok
16:27:28.0171 0904 adpu160m - ok
16:27:28.0234 0904 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:27:28.0234 0904 aec - ok
16:27:28.0296 0904 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
16:27:28.0296 0904 AFD - ok
16:27:28.0359 0904 AgereSoftModem (acc50f43d9e764d364173b9858d3e940) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
16:27:28.0390 0904 AgereSoftModem - ok
16:27:28.0406 0904 Aha154x - ok
16:27:28.0421 0904 aic78u2 - ok
16:27:28.0437 0904 aic78xx - ok
16:27:28.0484 0904 AliIde - ok
16:27:28.0515 0904 amsint - ok
16:27:28.0546 0904 asc - ok
16:27:28.0562 0904 asc3350p - ok
16:27:28.0578 0904 asc3550 - ok
16:27:28.0625 0904 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:27:28.0625 0904 AsyncMac - ok
16:27:28.0687 0904 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:27:28.0687 0904 atapi - ok
16:27:28.0718 0904 Atdisk - ok
16:27:28.0765 0904 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:27:28.0765 0904 Atmarpc - ok
16:27:28.0812 0904 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:27:28.0828 0904 audstub - ok
16:27:28.0859 0904 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:27:28.0859 0904 Beep - ok
16:27:28.0921 0904 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
16:27:28.0921 0904 BVRPMPR5 - ok
16:27:28.0953 0904 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:27:28.0953 0904 cbidf2k - ok
16:27:28.0984 0904 cd20xrnt - ok
16:27:29.0031 0904 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:27:29.0031 0904 Cdaudio - ok
16:27:29.0046 0904 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:27:29.0062 0904 Cdfs - ok
16:27:29.0109 0904 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:27:29.0109 0904 Cdrom - ok
16:27:29.0140 0904 Changer - ok
16:27:29.0171 0904 CmdIde - ok
16:27:29.0203 0904 Cpqarray - ok
16:27:29.0218 0904 dac2w2k - ok
16:27:29.0265 0904 dac960nt - ok
16:27:29.0296 0904 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:27:29.0296 0904 Disk - ok
16:27:29.0406 0904 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:27:29.0421 0904 dmboot - ok
16:27:29.0453 0904 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:27:29.0453 0904 dmio - ok
16:27:29.0500 0904 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:27:29.0500 0904 dmload - ok
16:27:29.0546 0904 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:27:29.0562 0904 DMusic - ok
16:27:29.0609 0904 dpti2o - ok
16:27:29.0656 0904 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:27:29.0656 0904 drmkaud - ok
16:27:29.0734 0904 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:27:29.0734 0904 Fastfat - ok
16:27:29.0796 0904 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:27:29.0796 0904 Fdc - ok
16:27:29.0828 0904 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:27:29.0828 0904 Fips - ok
16:27:29.0859 0904 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:27:29.0859 0904 Flpydisk - ok
16:27:29.0875 0904 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
16:27:29.0906 0904 FltMgr - ok
16:27:29.0921 0904 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:27:29.0921 0904 Fs_Rec - ok
16:27:29.0984 0904 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:27:29.0984 0904 Ftdisk - ok
16:27:30.0031 0904 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:27:30.0031 0904 GEARAspiWDM - ok
16:27:30.0093 0904 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:27:30.0093 0904 Gpc - ok
16:27:30.0125 0904 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
16:27:30.0156 0904 HDAudBus - ok
16:27:30.0218 0904 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:27:30.0218 0904 HidUsb - ok
16:27:30.0250 0904 hpn - ok
16:27:30.0312 0904 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
16:27:30.0312 0904 HPZid412 - ok
16:27:30.0375 0904 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
16:27:30.0375 0904 HPZipr12 - ok
16:27:30.0421 0904 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
16:27:30.0421 0904 HPZius12 - ok
16:27:30.0468 0904 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:27:30.0484 0904 HTTP - ok
16:27:30.0515 0904 i2omgmt - ok
16:27:30.0531 0904 i2omp - ok
16:27:30.0593 0904 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:27:30.0593 0904 i8042prt - ok
16:27:30.0640 0904 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:27:30.0640 0904 Imapi - ok
16:27:30.0671 0904 ini910u - ok
16:27:30.0734 0904 int15.sys (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Acer\Empowering Technology\eRecovery\int15.sys
16:27:30.0781 0904 int15.sys - ok
16:27:30.0906 0904 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
16:27:31.0031 0904 IntcAzAudAddService - ok
16:27:31.0062 0904 IntelIde - ok
16:27:31.0109 0904 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
16:27:31.0109 0904 Ip6Fw - ok
16:27:31.0140 0904 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:27:31.0140 0904 IpInIp - ok
16:27:31.0156 0904 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:27:31.0171 0904 IpNat - ok
16:27:31.0390 0904 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:27:31.0406 0904 IRENUM - ok
16:27:31.0468 0904 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:27:31.0468 0904 isapnp - ok
16:27:31.0515 0904 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:27:31.0531 0904 Kbdclass - ok
16:27:31.0562 0904 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:27:31.0562 0904 kbdhid - ok
16:27:31.0593 0904 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:27:31.0593 0904 kmixer - ok
16:27:31.0640 0904 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:27:31.0656 0904 KSecDD - ok
16:27:31.0687 0904 lbrtfdc - ok
16:27:31.0750 0904 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:27:31.0750 0904 mnmdd - ok
16:27:31.0812 0904 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:27:31.0812 0904 Modem - ok
16:27:31.0843 0904 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:27:31.0843 0904 Mouclass - ok
16:27:31.0890 0904 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:27:31.0906 0904 mouhid - ok
16:27:31.0921 0904 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:27:31.0921 0904 MountMgr - ok
16:27:31.0937 0904 mraid35x - ok
16:27:31.0953 0904 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:27:31.0968 0904 MRxDAV - ok
16:27:32.0046 0904 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:27:32.0062 0904 MRxSmb - ok
16:27:32.0109 0904 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:27:32.0109 0904 Msfs - ok
16:27:32.0140 0904 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:27:32.0156 0904 MSKSSRV - ok
16:27:32.0187 0904 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:27:32.0187 0904 MSPCLOCK - ok
16:27:32.0218 0904 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:27:32.0218 0904 MSPQM - ok
16:27:32.0234 0904 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:27:32.0250 0904 mssmbios - ok
16:27:32.0265 0904 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:27:32.0281 0904 Mup - ok
16:27:32.0328 0904 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:27:32.0343 0904 NDIS - ok
16:27:32.0359 0904 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:27:32.0375 0904 NdisTapi - ok
16:27:32.0390 0904 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:27:32.0390 0904 Ndisuio - ok
16:27:32.0437 0904 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:27:32.0437 0904 NdisWan - ok
16:27:32.0484 0904 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:27:32.0484 0904 NDProxy - ok
16:27:32.0531 0904 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:27:32.0531 0904 NetBIOS - ok
16:27:32.0593 0904 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:27:32.0593 0904 NetBT - ok
16:27:32.0687 0904 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\NPF.sys
16:27:32.0687 0904 NPF - ok
16:27:32.0718 0904 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:27:32.0718 0904 Npfs - ok
16:27:32.0765 0904 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:27:32.0781 0904 Ntfs - ok
16:27:32.0828 0904 NTIDrvr (5535174933a08bb8f1cee26dffb930e4) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
16:27:32.0828 0904 NTIDrvr - ok
16:27:32.0875 0904 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:27:32.0875 0904 Null - ok
16:27:33.0062 0904 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
16:27:33.0203 0904 nv - ok
16:27:33.0234 0904 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
16:27:33.0234 0904 NVENETFD - ok
16:27:33.0265 0904 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
16:27:33.0265 0904 nvnetbus - ok
16:27:33.0328 0904 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:27:33.0328 0904 NwlnkFlt - ok
16:27:33.0343 0904 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:27:33.0359 0904 NwlnkFwd - ok
16:27:33.0406 0904 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
16:27:33.0406 0904 Parport - ok
16:27:33.0484 0904 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:27:33.0484 0904 PartMgr - ok
16:27:33.0546 0904 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:27:33.0546 0904 ParVdm - ok
16:27:33.0578 0904 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:27:33.0578 0904 PCI - ok
16:27:33.0593 0904 PCIDump - ok
16:27:33.0625 0904 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
16:27:33.0625 0904 PCIIde - ok
16:27:33.0656 0904 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:27:33.0671 0904 Pcmcia - ok
16:27:33.0703 0904 PDCOMP - ok
16:27:33.0718 0904 PDFRAME - ok
16:27:33.0750 0904 PDRELI - ok
16:27:33.0765 0904 PDRFRAME - ok
16:27:33.0781 0904 perc2 - ok
16:27:33.0812 0904 perc2hib - ok
16:27:33.0875 0904 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:27:33.0890 0904 PptpMiniport - ok
16:27:33.0921 0904 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
16:27:33.0921 0904 Processor - ok
16:27:33.0937 0904 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:27:33.0953 0904 PSched - ok
16:27:33.0968 0904 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:27:33.0984 0904 Ptilink - ok
16:27:34.0015 0904 ql1080 - ok
16:27:34.0031 0904 Ql10wnt - ok
16:27:34.0062 0904 ql12160 - ok
16:27:34.0093 0904 ql1240 - ok
16:27:34.0109 0904 ql1280 - ok
16:27:34.0156 0904 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:27:34.0156 0904 RasAcd - ok
16:27:34.0203 0904 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:27:34.0218 0904 Rasl2tp - ok
16:27:34.0250 0904 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:27:34.0250 0904 RasPppoe - ok
16:27:34.0312 0904 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:27:34.0312 0904 Raspti - ok
16:27:34.0343 0904 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:27:34.0359 0904 Rdbss - ok
16:27:34.0375 0904 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:27:34.0390 0904 RDPCDD - ok
16:27:34.0468 0904 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
16:27:34.0468 0904 RDPWD - ok
16:27:34.0531 0904 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:27:34.0531 0904 redbook - ok
16:27:34.0640 0904 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
16:27:34.0656 0904 SASDIFSV - ok
16:27:34.0703 0904 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
16:27:34.0734 0904 SASKUTIL - ok
16:27:34.0812 0904 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:27:34.0812 0904 Secdrv - ok
16:27:34.0875 0904 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
16:27:34.0875 0904 Serial - ok
16:27:34.0906 0904 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:27:34.0921 0904 Sfloppy - ok
16:27:34.0937 0904 Simbad - ok
16:27:34.0968 0904 Sparrow - ok
16:27:35.0000 0904 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:27:35.0000 0904 splitter - ok
16:27:35.0078 0904 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:27:35.0078 0904 sr - ok
16:27:35.0125 0904 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:27:35.0156 0904 Srv - ok
16:27:35.0218 0904 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
16:27:35.0218 0904 StillCam - ok
16:27:35.0250 0904 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:27:35.0250 0904 swenum - ok
16:27:35.0281 0904 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:27:35.0296 0904 swmidi - ok
16:27:35.0328 0904 symc810 - ok
16:27:35.0359 0904 symc8xx - ok
16:27:35.0375 0904 SymIM - ok
16:27:35.0406 0904 SymIMMP - ok
16:27:35.0421 0904 sym_hi - ok
16:27:35.0437 0904 sym_u3 - ok
16:27:35.0484 0904 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:27:35.0484 0904 sysaudio - ok
16:27:35.0562 0904 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:27:35.0562 0904 Tcpip - ok
16:27:35.0625 0904 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:27:35.0625 0904 TDPIPE - ok
16:27:35.0656 0904 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:27:35.0656 0904 TDTCP - ok
16:27:35.0687 0904 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:27:35.0703 0904 TermDD - ok
16:27:35.0765 0904 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
16:27:35.0765 0904 tmactmon - ok
16:27:35.0812 0904 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
16:27:35.0812 0904 tmcomm - ok
16:27:35.0890 0904 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
16:27:35.0890 0904 tmevtmgr - ok
16:27:35.0921 0904 tmtdi - ok
16:27:35.0937 0904 TosIde - ok
16:27:36.0015 0904 UBHelper (5e3966a0d9b57531264fc0c835021fa1) C:\WINDOWS\system32\drivers\UBHelper.sys
16:27:36.0015 0904 UBHelper - ok
16:27:36.0062 0904 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:27:36.0062 0904 Udfs - ok
16:27:36.0093 0904 ultra - ok
16:27:36.0140 0904 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:27:36.0156 0904 Update - ok
16:27:36.0218 0904 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:27:36.0218 0904 USBAAPL - ok
16:27:36.0265 0904 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:27:36.0265 0904 usbccgp - ok
16:27:36.0281 0904 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:27:36.0296 0904 usbehci - ok
16:27:36.0343 0904 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:27:36.0343 0904 usbhub - ok
16:27:36.0390 0904 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
16:27:36.0390 0904 usbohci - ok
16:27:36.0437 0904 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
16:27:36.0437 0904 usbprint - ok
16:27:36.0484 0904 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
16:27:36.0484 0904 usbscan - ok
16:27:36.0500 0904 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:27:36.0515 0904 USBSTOR - ok
16:27:36.0546 0904 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:27:36.0546 0904 VgaSave - ok
16:27:36.0578 0904 ViaIde - ok
16:27:36.0609 0904 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
16:27:36.0609 0904 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
16:27:36.0609 0904 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - infected
16:27:36.0609 0904 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
16:27:36.0687 0904 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:27:36.0687 0904 Wanarp - ok
16:27:36.0734 0904 WDICA - ok
16:27:36.0765 0904 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:27:36.0765 0904 wdmaud - ok
16:27:36.0828 0904 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
16:27:36.0843 0904 WmiAcpi - ok
16:27:36.0921 0904 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
16:27:36.0937 0904 WpdUsb - ok
16:27:36.0984 0904 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:27:37.0000 0904 WudfPf - ok
16:27:37.0062 0904 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:27:37.0062 0904 WudfRd - ok
16:27:37.0109 0904 MBR (0x1B8) (3b00354a3923e2550a9af30ada33077f) \Device\Harddisk0\DR0
16:27:41.0031 0904 \Device\Harddisk0\DR0 - ok
16:27:41.0093 0904 MBR (0x1B8) (20c15ef2111b8472bbfe5e65b7c949e6) \Device\Harddisk1\DR12
16:27:41.0812 0904 \Device\Harddisk1\DR12 - ok
16:27:41.0828 0904 Boot (0x1200) (07f8303ba30ec945cf0347208697a936) \Device\Harddisk0\DR0\Partition0
16:27:41.0828 0904 \Device\Harddisk0\DR0\Partition0 - ok
16:27:41.0875 0904 Boot (0x1200) (e6f8bc25f1ab7e3cef7fccaf749ac056) \Device\Harddisk0\DR0\Partition1
16:27:41.0875 0904 \Device\Harddisk0\DR0\Partition1 - ok
16:27:41.0906 0904 Boot (0x1200) (cd5fa471bdae05201844768d92780a3f) \Device\Harddisk1\DR12\Partition0
16:27:41.0906 0904 \Device\Harddisk1\DR12\Partition0 - ok
16:27:41.0906 0904 ============================================================
16:27:41.0906 0904 Scan finished
16:27:41.0906 0904 ============================================================
16:27:41.0921 0536 Detected object count: 1
16:27:41.0921 0536 Actual detected object count: 1
16:27:51.0703 0536 Backup copy found, using it..
16:27:51.0796 0536 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured on reboot
16:27:51.0796 0536 VolSnap ( Rootkit.Win32.TDSS.tdl3 ) - User select action: Cure
16:27:58.0968 2188 Deinitialize success

Farbar Service Scanner
Ran by Owner (administrator) on 16-01-2012 at 16:35:28
Microsoft Windows XP Service Pack 3 (X86)

************************************************
================== Search: "ipsec.sys" ===================

C:\WINDOWS\system32\dllcache\ipsec.sys
[2008-04-14 17:00] - [2008-04-14 17:00] - 0075264 ___AC (Microsoft Corporation) 23C74D75E36E7158768DD63D92789A91

====== End Of Search ======

I was unable to run the MBAM scan because when I attempted to update the program, it gave me an error message, saying: "The Malwarebytes Anti-Malware database is missing or corrupt. Would you like to download a copy?" Of course, I can't do that without an Internet connection, and repeated attempts to reinstall were fruitless.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 05:16 PM

I was unable to run the MBAM

Was it after of before TDSSKiller run?
Did you?

Update MBAM manually...
To manually update MBAM, download this file: http://data.mbamupdates.com/tools/mbam-rules.exe
Double click on downloaded file to update the program.


Download following batch file: http://www.bleepstatic.com/fhost/uploads/0/80-fix.bat
Double click on it to run the fix.
Restart computer, check on internet connection and post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Application

Application
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 05:32 PM

I couldn't get it to run properly before or after. I was using two separate flash drives to transfer files. On one drive was the original mbam-setup file, and on the other the new manual update. By this time, MBAM was already installed on the infected desktop, so I just double-clicked on the new manual update file, from the flash drive, and it came up with an installation message and ran smoothly. Then, when I clicked to run MBAM, it gave me the error message. I attempted to reinstall from the original set-up file, then run the manual update and try again, still nothing. I moved the files over to one flash drive and tried again, nothing. Then, I ran TDSSkiller, rebooted, and saved the log. I reinstalled MBAM and ran the manual update, and got the same error message once more.

Was the batch file supposed to do anything noticeable? When I clicked on it a command prompt window popped up very briefly then disappeared. I clicked again, and got the same thing. I restarted, but still no network connection. Here's the log:

Farbar Service Scanner
Ran by Owner (administrator) on 16-01-2012 at 17:31:25
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is OK.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Tcpip Service is not running. Checking service configuration:
The start type of Tcpip service is OK.
The ImagePath of Tcpip service is OK.

IpSec Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open IpSec registry key. The service key does not exist.
Checking LEGACY_IpSec: Attention! Unable to open LEGACY_IpSec\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is blocked.
There is no connection to network.
Attempt to access Google IP returned error: Other errors
Attempt to access Yahoo IP returend error: Other errors


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) NetBT(5) PSched(7) Tcpip(3)
0x080000000400000001000000020000000300000005000000060000000700000008000000
Attention! IpSec Tag value should be 4Attention! IpSec Tag value is missing and it should be 4

**** End of log ****

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 05:43 PM

We only replaced missing system file.
We still have to work on missing registry keys.
Hold on....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 05:49 PM

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/windows-vista/create-a-restore-point-for-windows-vistas-system-restore/



Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download XP.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_wuauserv.reg and confirm the prompt.
Double-click wuauserv.reg and confirm the prompt.
Double-click legacy_ipsec.reg and confirm the prompt.
Double-click ipsec.reg and confirm the prompt.


Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.

Restart computer.
Check on internet connection and post new FSS log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 Application

Application
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 05:57 PM

Hmm...I went to follow the steps on the Microsoft support page to create a system restore point, and the only program in my system tools folder is a shortcut to Internet Explorer (no add-ons). Probably the result of some virus or other. Is there another way I can create a system restore point, or should I just proceed with the other steps?

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 06:04 PM

the only program in my system tools folder is a shortcut to Internet Explorer (no add-ons)

We have to fix it.

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 Application

Application
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 16 January 2012 - 06:28 PM

Awesome, everything is visible again. Thanks so much!

Shall I proceed with the system restore point and the step that follow after?

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,679 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:33 AM

Posted 16 January 2012 - 06:39 PM

Yes, please.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users