Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Check Virus on XP; ran Malwarebytes and still there


  • Please log in to reply
15 replies to this topic

#1 k-tray

k-tray

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 19 January 2012 - 02:19 PM

Hi,

I am looking for some guidance in getting rid of the System Check virus on XP. I got the virus yester day and found this step by step guide for uninstalling it http://www.bleepingcomputer.com/virus-removal/remove-system-fix. I followed the steps successfully. Malwarebytes ran and seemed to quarantine the virus, but I am still having several problems with my computer: (1) Malwarebytes is telling me via popups that it is block threats from websites, (2) When i use google to find webpages i am redirected to the yellowpages.ca website (e.g. i googled skype and click on it and was redirected) and (3) Some programs bring up error messages that they have to shut down immediately after opening - Office 2007 programs are working fine but Skype shuts down. Also, the System check icon is styill on the desktop. I read another step by step guide which said to run Combofix - which I did. After doing so it appeared to hang-up in the scanning process so I did a bit more looking around and got scared at what I saw! I ended the scan, rebooted and uninstalled Combofix. It does not appear to have caused any additional damage.

I would appreciate any advice possible - please be aware that I am not technologically inclined, so go slow :)

Many thanks

Edited by hamluis, 19 January 2012 - 02:32 PM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:45 AM

Posted 19 January 2012 - 03:48 PM

Please post your MBAM clean log

and

Download

TDSSkiller

Launch it Click on "Scan".Post the LOG report


Please download GMER from here

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.

Edited by narenxp, 19 January 2012 - 03:48 PM.


#3 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 24 January 2012 - 12:41 PM

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.18.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 6.0.2900.5512
Kelsey :: ROSIE [administrator]

Protection: Disabled

18/01/2012 11:26:39 AM
mbam-log-2012-01-18 (11-26-39).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204683
Time elapsed: 27 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cDNVHQQjYlda.exe (Trojan.FakeAV) -> Data: C:\Documents and Settings\All Users\Application Data\cDNVHQQjYlda.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Documents and Settings\All Users\Application Data\cDNVHQQjYlda.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\93AzRYoYqiMsJJ.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kelsey\My Documents\Downloads\DownloadSetup (3).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)

#4 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 24 January 2012 - 01:03 PM

TDSS ran then found a rootkit and required a reboot to cure - I did that then manually reopened the program because nothing open. I think this is the log from after the reboot, and i'm not sure how to find the other...

10:59:18.0765 2748 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
10:59:19.0531 2748 ============================================================
10:59:19.0531 2748 Current date / time: 2012/01/24 10:59:19.0531
10:59:19.0531 2748 SystemInfo:
10:59:19.0531 2748
10:59:19.0531 2748 OS Version: 5.1.2600 ServicePack: 3.0
10:59:19.0531 2748 Product type: Workstation
10:59:19.0531 2748 ComputerName: ROSIE
10:59:19.0531 2748 UserName: Kelsey
10:59:19.0531 2748 Windows directory: C:\WINDOWS
10:59:19.0531 2748 System windows directory: C:\WINDOWS
10:59:19.0531 2748 Processor architecture: Intel x86
10:59:19.0531 2748 Number of processors: 2
10:59:19.0531 2748 Page size: 0x1000
10:59:19.0531 2748 Boot type: Normal boot
10:59:19.0531 2748 ============================================================
10:59:22.0906 2748 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
10:59:22.0984 2748 Initialize success
10:59:34.0937 3704 ============================================================
10:59:34.0937 3704 Scan started
10:59:34.0937 3704 Mode: Manual;
10:59:34.0937 3704 ============================================================
10:59:36.0312 3704 Abiosdsk - ok
10:59:36.0390 3704 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
10:59:36.0390 3704 abp480n5 - ok
10:59:36.0453 3704 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
10:59:36.0453 3704 ACPI - ok
10:59:36.0468 3704 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
10:59:36.0484 3704 ACPIEC - ok
10:59:36.0593 3704 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
10:59:36.0593 3704 adpu160m - ok
10:59:36.0671 3704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
10:59:36.0687 3704 aec - ok
10:59:37.0203 3704 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
10:59:37.0218 3704 AFD - ok
10:59:37.0390 3704 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
10:59:37.0406 3704 agp440 - ok
10:59:37.0531 3704 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
10:59:37.0578 3704 agpCPQ - ok
10:59:37.0781 3704 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
10:59:37.0828 3704 Aha154x - ok
10:59:37.0953 3704 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
10:59:37.0953 3704 aic78u2 - ok
10:59:37.0984 3704 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
10:59:37.0984 3704 aic78xx - ok
10:59:38.0062 3704 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
10:59:38.0062 3704 AliIde - ok
10:59:38.0109 3704 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
10:59:38.0109 3704 alim1541 - ok
10:59:38.0156 3704 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
10:59:38.0156 3704 amdagp - ok
10:59:38.0187 3704 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
10:59:38.0187 3704 amsint - ok
10:59:38.0218 3704 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
10:59:38.0218 3704 asc - ok
10:59:38.0234 3704 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
10:59:38.0250 3704 asc3350p - ok
10:59:38.0265 3704 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
10:59:38.0265 3704 asc3550 - ok
10:59:38.0328 3704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
10:59:38.0328 3704 AsyncMac - ok
10:59:38.0375 3704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
10:59:38.0375 3704 atapi - ok
10:59:38.0390 3704 Atdisk - ok
10:59:38.0437 3704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
10:59:38.0437 3704 Atmarpc - ok
10:59:38.0484 3704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
10:59:38.0484 3704 audstub - ok
10:59:38.0578 3704 BCM43XX (9208c78bd9283f79a30252ad954c77a2) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
10:59:38.0625 3704 BCM43XX - ok
10:59:38.0656 3704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
10:59:38.0671 3704 Beep - ok
10:59:38.0765 3704 BTKRNL (b4355289cb2ebcc91ae995f916d271b7) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
10:59:38.0796 3704 BTKRNL - ok
10:59:38.0828 3704 BTWUSB (fac7e5965162c70d184dfe92b4bcbd1b) C:\WINDOWS\system32\Drivers\btwusb.sys
10:59:38.0828 3704 BTWUSB - ok
10:59:38.0968 3704 catchme - ok
10:59:39.0015 3704 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
10:59:39.0031 3704 cbidf - ok
10:59:39.0046 3704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
10:59:39.0046 3704 cbidf2k - ok
10:59:39.0109 3704 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
10:59:39.0109 3704 CCDECODE - ok
10:59:39.0125 3704 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
10:59:39.0125 3704 cd20xrnt - ok
10:59:39.0171 3704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
10:59:39.0171 3704 Cdaudio - ok
10:59:39.0218 3704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
10:59:39.0218 3704 Cdfs - ok
10:59:39.0250 3704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
10:59:39.0250 3704 Cdrom - ok
10:59:39.0265 3704 Changer - ok
10:59:39.0328 3704 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
10:59:39.0328 3704 CmBatt - ok
10:59:39.0359 3704 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
10:59:39.0359 3704 CmdIde - ok
10:59:39.0390 3704 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
10:59:39.0406 3704 Compbatt - ok
10:59:39.0437 3704 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
10:59:39.0437 3704 Cpqarray - ok
10:59:39.0500 3704 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
10:59:39.0500 3704 dac2w2k - ok
10:59:39.0531 3704 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
10:59:39.0531 3704 dac960nt - ok
10:59:39.0562 3704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
10:59:39.0562 3704 Disk - ok
10:59:39.0640 3704 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
10:59:39.0671 3704 dmboot - ok
10:59:39.0703 3704 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
10:59:39.0703 3704 dmio - ok
10:59:39.0718 3704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
10:59:39.0734 3704 dmload - ok
10:59:39.0796 3704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
10:59:39.0796 3704 DMusic - ok
10:59:39.0843 3704 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
10:59:39.0843 3704 dpti2o - ok
10:59:39.0859 3704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
10:59:39.0859 3704 drmkaud - ok
10:59:39.0921 3704 EMSC (a6da3468ffafbdce403ef2973ff03865) C:\WINDOWS\system32\DRIVERS\EMSC.SYS
10:59:39.0921 3704 EMSC - ok
10:59:39.0984 3704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
10:59:39.0984 3704 Fastfat - ok
10:59:40.0031 3704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
10:59:40.0031 3704 Fdc - ok
10:59:40.0062 3704 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
10:59:40.0062 3704 Fips - ok
10:59:40.0093 3704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
10:59:40.0093 3704 Flpydisk - ok
10:59:40.0125 3704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
10:59:40.0125 3704 FltMgr - ok
10:59:40.0187 3704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
10:59:40.0187 3704 Fs_Rec - ok
10:59:40.0203 3704 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
10:59:40.0218 3704 Ftdisk - ok
10:59:40.0265 3704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
10:59:40.0281 3704 Gpc - ok
10:59:40.0296 3704 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
10:59:40.0312 3704 HDAudBus - ok
10:59:40.0359 3704 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
10:59:40.0359 3704 hidusb - ok
10:59:40.0437 3704 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
10:59:40.0437 3704 hpn - ok
10:59:40.0500 3704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
10:59:40.0515 3704 HTTP - ok
10:59:40.0546 3704 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
10:59:40.0546 3704 i2omgmt - ok
10:59:40.0578 3704 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
10:59:40.0578 3704 i2omp - ok
10:59:40.0640 3704 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
10:59:40.0640 3704 i8042prt - ok
10:59:40.0953 3704 igd (07209716c18ee9fdffa114152917bb7b) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
10:59:41.0140 3704 igd - ok
10:59:41.0281 3704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
10:59:41.0281 3704 Imapi - ok
10:59:41.0343 3704 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
10:59:41.0343 3704 ini910u - ok
10:59:41.0625 3704 IntcAzAudAddService (3fd00a073361937b705822775255d4e0) C:\WINDOWS\system32\drivers\RtkHDAud.sys
10:59:41.0781 3704 IntcAzAudAddService - ok
10:59:41.0906 3704 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
10:59:41.0906 3704 IntelIde - ok
10:59:41.0968 3704 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
10:59:41.0968 3704 intelppm - ok
10:59:42.0000 3704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
10:59:42.0000 3704 Ip6Fw - ok
10:59:42.0031 3704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
10:59:42.0031 3704 IpFilterDriver - ok
10:59:42.0046 3704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
10:59:42.0062 3704 IpInIp - ok
10:59:42.0093 3704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
10:59:42.0093 3704 IpNat - ok
10:59:42.0140 3704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
10:59:42.0140 3704 IPSec - ok
10:59:42.0171 3704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
10:59:42.0171 3704 IRENUM - ok
10:59:42.0218 3704 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
10:59:42.0218 3704 isapnp - ok
10:59:42.0250 3704 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
10:59:42.0250 3704 Kbdclass - ok
10:59:42.0281 3704 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
10:59:42.0281 3704 kbdhid - ok
10:59:42.0343 3704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
10:59:42.0343 3704 kmixer - ok
10:59:42.0375 3704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
10:59:42.0375 3704 KSecDD - ok
10:59:42.0406 3704 lbrtfdc - ok
10:59:42.0484 3704 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
10:59:42.0500 3704 MBAMProtector - ok
10:59:42.0531 3704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
10:59:42.0531 3704 mnmdd - ok
10:59:42.0578 3704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
10:59:42.0578 3704 Modem - ok
10:59:42.0625 3704 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
10:59:42.0640 3704 Mouclass - ok
10:59:42.0671 3704 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
10:59:42.0687 3704 mouhid - ok
10:59:42.0703 3704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
10:59:42.0703 3704 MountMgr - ok
10:59:42.0781 3704 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
10:59:42.0781 3704 MpFilter - ok
10:59:42.0828 3704 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
10:59:42.0828 3704 mraid35x - ok
10:59:42.0843 3704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
10:59:42.0859 3704 MRxDAV - ok
10:59:43.0000 3704 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
10:59:43.0234 3704 MRxSmb - ok
10:59:43.0390 3704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
10:59:43.0421 3704 Msfs - ok
10:59:43.0500 3704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
10:59:43.0500 3704 MSKSSRV - ok
10:59:43.0562 3704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
10:59:43.0562 3704 MSPCLOCK - ok
10:59:43.0578 3704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
10:59:43.0578 3704 MSPQM - ok
10:59:43.0625 3704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
10:59:43.0640 3704 mssmbios - ok
10:59:43.0656 3704 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
10:59:43.0671 3704 MSTEE - ok
10:59:43.0703 3704 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
10:59:43.0718 3704 Mup - ok
10:59:43.0750 3704 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
10:59:43.0750 3704 NABTSFEC - ok
10:59:43.0859 3704 NAVENG - ok
10:59:43.0875 3704 NAVEX15 - ok
10:59:43.0906 3704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
10:59:43.0906 3704 NDIS - ok
10:59:43.0937 3704 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
10:59:43.0937 3704 NdisIP - ok
10:59:43.0984 3704 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
10:59:43.0984 3704 NdisTapi - ok
10:59:44.0015 3704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
10:59:44.0015 3704 Ndisuio - ok
10:59:44.0046 3704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
10:59:44.0046 3704 NdisWan - ok
10:59:44.0093 3704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
10:59:44.0093 3704 NDProxy - ok
10:59:44.0109 3704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
10:59:44.0125 3704 NetBIOS - ok
10:59:44.0171 3704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
10:59:44.0171 3704 NetBT - ok
10:59:44.0234 3704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
10:59:44.0250 3704 Npfs - ok
10:59:44.0312 3704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
10:59:44.0328 3704 Ntfs - ok
10:59:44.0375 3704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
10:59:44.0375 3704 Null - ok
10:59:44.0406 3704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
10:59:44.0406 3704 NwlnkFlt - ok
10:59:44.0421 3704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
10:59:44.0437 3704 NwlnkFwd - ok
10:59:44.0484 3704 OA004Afx (ec528056b89d15755abb624e55949e44) C:\WINDOWS\system32\Drivers\OA004Afx.sys
10:59:44.0500 3704 OA004Afx - ok
10:59:44.0546 3704 OA004Ufd (a015dd2ba6009c8bdd00a6c431302d06) C:\WINDOWS\system32\DRIVERS\OA004Ufd.sys
10:59:44.0562 3704 OA004Ufd - ok
10:59:44.0609 3704 OA004Vid (12a4366ff51befbdf018f654ff8b22b8) C:\WINDOWS\system32\DRIVERS\OA004Vid.sys
10:59:44.0625 3704 OA004Vid - ok
10:59:44.0671 3704 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
10:59:44.0671 3704 Parport - ok
10:59:44.0687 3704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
10:59:44.0703 3704 PartMgr - ok
10:59:44.0718 3704 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
10:59:44.0718 3704 ParVdm - ok
10:59:44.0750 3704 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
10:59:44.0750 3704 PCI - ok
10:59:44.0765 3704 PCIDump - ok
10:59:44.0812 3704 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
10:59:44.0812 3704 PCIIde - ok
10:59:44.0828 3704 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
10:59:44.0843 3704 Pcmcia - ok
10:59:44.0859 3704 PDCOMP - ok
10:59:44.0875 3704 PDFRAME - ok
10:59:44.0906 3704 PDRELI - ok
10:59:44.0921 3704 PDRFRAME - ok
10:59:44.0968 3704 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
10:59:44.0968 3704 perc2 - ok
10:59:44.0984 3704 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
10:59:44.0984 3704 perc2hib - ok
10:59:45.0062 3704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
10:59:45.0062 3704 PptpMiniport - ok
10:59:45.0093 3704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
10:59:45.0093 3704 PSched - ok
10:59:45.0125 3704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
10:59:45.0125 3704 Ptilink - ok
10:59:45.0140 3704 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
10:59:45.0140 3704 ql1080 - ok
10:59:45.0171 3704 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
10:59:45.0171 3704 Ql10wnt - ok
10:59:45.0203 3704 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
10:59:45.0203 3704 ql12160 - ok
10:59:45.0218 3704 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
10:59:45.0218 3704 ql1240 - ok
10:59:45.0250 3704 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
10:59:45.0250 3704 ql1280 - ok
10:59:45.0265 3704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
10:59:45.0281 3704 RasAcd - ok
10:59:45.0328 3704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
10:59:45.0328 3704 Rasl2tp - ok
10:59:45.0359 3704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
10:59:45.0359 3704 RasPppoe - ok
10:59:45.0375 3704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
10:59:45.0375 3704 Raspti - ok
10:59:45.0421 3704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
10:59:45.0437 3704 Rdbss - ok
10:59:45.0453 3704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
10:59:45.0453 3704 RDPCDD - ok
10:59:45.0515 3704 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
10:59:45.0531 3704 rdpdr - ok
10:59:45.0593 3704 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
10:59:45.0593 3704 RDPWD - ok
10:59:45.0640 3704 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
10:59:45.0640 3704 redbook - ok
10:59:45.0718 3704 RSUSBSTOR (a7557caa7253de02b40996ef9a478fab) C:\WINDOWS\system32\Drivers\RTS5121.sys
10:59:45.0718 3704 RSUSBSTOR - ok
10:59:45.0781 3704 RTLE8023xp (f0a21c62b9b835e1c96268eaae31d239) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
10:59:45.0781 3704 RTLE8023xp - ok
10:59:45.0843 3704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
10:59:45.0859 3704 Secdrv - ok
10:59:45.0906 3704 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
10:59:45.0906 3704 Serial - ok
10:59:45.0953 3704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
10:59:45.0953 3704 Sfloppy - ok
10:59:45.0984 3704 Simbad - ok
10:59:46.0015 3704 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
10:59:46.0015 3704 sisagp - ok
10:59:46.0062 3704 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
10:59:46.0062 3704 SLIP - ok
10:59:46.0093 3704 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
10:59:46.0093 3704 Sparrow - ok
10:59:46.0125 3704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
10:59:46.0125 3704 splitter - ok
10:59:46.0203 3704 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
10:59:46.0203 3704 sr - ok
10:59:46.0234 3704 SRTSP - ok
10:59:46.0250 3704 SRTSPX - ok
10:59:46.0312 3704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
10:59:46.0328 3704 Srv - ok
10:59:46.0375 3704 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
10:59:46.0375 3704 streamip - ok
10:59:46.0406 3704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
10:59:46.0406 3704 swenum - ok
10:59:46.0437 3704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
10:59:46.0437 3704 swmidi - ok
10:59:46.0468 3704 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
10:59:46.0468 3704 symc810 - ok
10:59:46.0484 3704 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
10:59:46.0500 3704 symc8xx - ok
10:59:46.0515 3704 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
10:59:46.0531 3704 sym_hi - ok
10:59:46.0546 3704 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
10:59:46.0546 3704 sym_u3 - ok
10:59:46.0609 3704 SynTP (14dfbfe8d27933cd3901e922b234c329) C:\WINDOWS\system32\DRIVERS\SynTP.sys
10:59:46.0609 3704 SynTP - ok
10:59:46.0656 3704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
10:59:46.0656 3704 sysaudio - ok
10:59:46.0734 3704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
10:59:46.0750 3704 Tcpip - ok
10:59:46.0781 3704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
10:59:46.0781 3704 TDPIPE - ok
10:59:46.0812 3704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
10:59:46.0812 3704 TDTCP - ok
10:59:46.0828 3704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
10:59:46.0843 3704 TermDD - ok
10:59:46.0875 3704 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
10:59:46.0875 3704 TosIde - ok
10:59:46.0906 3704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
10:59:46.0921 3704 Udfs - ok
10:59:46.0984 3704 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
10:59:46.0984 3704 ultra - ok
10:59:47.0046 3704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
10:59:47.0062 3704 Update - ok
10:59:47.0125 3704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
10:59:47.0125 3704 usbccgp - ok
10:59:47.0187 3704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
10:59:47.0187 3704 usbehci - ok
10:59:47.0218 3704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
10:59:47.0218 3704 usbhub - ok
10:59:47.0281 3704 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
10:59:47.0281 3704 usbprint - ok
10:59:47.0359 3704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
10:59:47.0359 3704 USBSTOR - ok
10:59:47.0406 3704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
10:59:47.0406 3704 usbuhci - ok
10:59:47.0453 3704 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
10:59:47.0453 3704 usbvideo - ok
10:59:47.0515 3704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
10:59:47.0515 3704 VgaSave - ok
10:59:47.0562 3704 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
10:59:47.0562 3704 viaagp - ok
10:59:47.0593 3704 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
10:59:47.0593 3704 ViaIde - ok
10:59:47.0640 3704 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
10:59:47.0640 3704 VolSnap - ok
10:59:47.0687 3704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
10:59:47.0687 3704 Wanarp - ok
10:59:47.0765 3704 Wdf01000 (e8fa4dcfd33071aa703bec19c3bb625e) C:\WINDOWS\system32\Drivers\wdf01000.sys
10:59:47.0781 3704 Wdf01000 - ok
10:59:47.0812 3704 WDICA - ok
10:59:47.0875 3704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
10:59:47.0875 3704 wdmaud - ok
10:59:47.0968 3704 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
10:59:47.0968 3704 WS2IFSL - ok
10:59:48.0046 3704 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
10:59:48.0046 3704 WSTCODEC - ok
10:59:48.0109 3704 MBR (0x1B8) (401cb7b4221ae855e16ae547c5e575ab) \Device\Harddisk0\DR0
10:59:48.0156 3704 \Device\Harddisk0\DR0 - ok
10:59:48.0203 3704 Boot (0x1200) (a57b05386588c25691acbc9c5c1be0c9) \Device\Harddisk0\DR0\Partition0
10:59:48.0203 3704 \Device\Harddisk0\DR0\Partition0 - ok
10:59:48.0203 3704 ============================================================
10:59:48.0203 3704 Scan finished
10:59:48.0203 3704 ============================================================
10:59:48.0218 3672 Detected object count: 0
10:59:48.0218 3672 Actual detected object count: 0

#5 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 24 January 2012 - 02:00 PM

Ok, here is the GMER log. Thanks for your message. Please let me know where to go from here!

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-24 11:58:50
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HS082HB rev.NL100-05
Running: uy0gn1pz.exe; Driver: C:\DOCUME~1\Kelsey\LOCALS~1\Temp\uxtdrpod.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\Drivers\OA004Afx.sys entry point in "init" section [0xF5AF8310]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[800] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0139B750 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat F72C5D20

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:45 AM

Posted 24 January 2012 - 09:13 PM

Do you still face redirects?

Did you use UNHIDE fix? Did you get back your icons?


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#7 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 24 January 2012 - 11:24 PM

Thanks. The redirects appear to have stopped and I already got my icons back. Here is the log:

aswMBR version 0.9.9.1509 Copyright© 2011 AVAST Software
Run date: 2012-01-24 20:55:10
-----------------------------
20:55:10.406 OS Version: Windows 5.1.2600 Service Pack 3
20:55:10.406 Number of processors: 2 586 0x1C02
20:55:10.406 ComputerName: ROSIE UserName:
20:55:11.296 Initialize success
21:05:00.953 AVAST engine defs: 12012401
21:10:19.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:10:19.046 Disk 0 Vendor: SAMSUNG_HS082HB NL100-05 Size: 76319MB BusType: 3
21:10:19.109 Disk 0 MBR read successfully
21:10:19.109 Disk 0 MBR scan
21:10:19.312 Disk 0 unknown MBR code
21:10:19.390 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
21:10:19.453 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 66278 MB offset 81920
21:10:19.515 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 9993 MB offset 135829575
21:10:19.609 Disk 0 scanning sectors +156296385
21:10:19.921 Disk 0 scanning C:\WINDOWS\system32\drivers
21:10:34.156 Service scanning
21:10:36.109 Modules scanning
21:10:44.593 Disk 0 trace - called modules:
21:10:44.640 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:10:44.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8657fab8]
21:10:44.656 3 CLASSPNP.SYS[f75fdfd7] -> nt!IofCallDriver -> \Device\00000062[0x8653c4b0]
21:10:44.671 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x865ce940]
21:10:45.890 AVAST engine scan C:\WINDOWS
21:11:07.625 AVAST engine scan C:\WINDOWS\system32
21:13:53.687 AVAST engine scan C:\WINDOWS\system32\drivers
21:14:12.843 AVAST engine scan C:\Documents and Settings\Kelsey
21:20:14.203 AVAST engine scan C:\Documents and Settings\All Users
21:21:19.296 Scan finished successfully
21:22:34.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kelsey\Desktop\MBR.dat"
21:22:34.000 The log file has been saved successfully to "C:\Documents and Settings\Kelsey\Desktop\aswMBR.txt"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:45 AM

Posted 25 January 2012 - 01:36 AM

That looks clean

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

Minitoolbox

Checkmark following boxes:

* List content of Hosts
* List last 10 Event Viewer log
* List Installed Programs
* List Users, Partitions and Memory size

Click Go and post the result.

Good luck

#9 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 25 January 2012 - 12:44 PM

ESET Scan list:

C:\Documents and Settings\Kelsey\Local Settings\Temporary Internet Files\Content.IE5\JHR1LJVS\gtk2116-setup[1].exe a variant of Win32/1AntiVirus application deleted - quarantined

#10 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 25 January 2012 - 12:46 PM

MiniToolBox by Farbar Version: 18-01-2012
Ran by Kelsey (administrator) on 25-01-2012 at 10:45:58
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
========================= Hosts content: =================================


127.0.0.1 localhost


========================= Event log errors: ===============================

Application errors:
==================
Error: (01/18/2012 10:52:09 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (01/18/2012 09:50:33 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.5.0.124, faulting module skype.exe, version 5.5.0.124, fault address 0x001dae87.
Processing media-specific event for [skype.exe!ws!]

Error: (01/18/2012 07:03:49 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.5.0.124, faulting module skype.exe, version 5.5.0.124, fault address 0x001dae87.
Processing media-specific event for [skype.exe!ws!]

Error: (01/18/2012 07:01:39 PM) (Source: Application Error) (User: )
Description: Fault bucket -1646839930.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (01/18/2012 07:01:25 PM) (Source: Application Error) (User: )
Description: Faulting application skype.exe, version 5.5.0.124, faulting module skype.exe, version 5.5.0.124, fault address 0x001dae87.
Processing media-specific event for [skype.exe!ws!]


System errors:
=============
Error: (01/25/2012 09:38:57 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (01/25/2012 09:38:34 AM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%3

Error: (01/24/2012 08:44:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (01/24/2012 08:43:58 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%3

Error: (01/24/2012 11:07:13 AM) (Source: 0) (User: )
Description: \Device\Ide\IdePort0

Error: (01/24/2012 10:54:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (01/24/2012 10:54:14 AM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%3

Error: (01/24/2012 10:29:51 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX

Error: (01/24/2012 10:29:25 AM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%3

Error: (01/19/2012 08:54:18 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SRTSP
SRTSPX


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 3.0.0)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 9 (Version: 9.0.0)
Advanced Audio FX Engine
Akamai NetSession Interface
Battery Meter (Version: 0.0.0.7C)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
CyberLink PowerDVD 8.0 SE (Version: 8.0.1031)
Dell Support Center (Support Software) (Version: 2.2.08267)
Dell System Restore (Version: 2.00.0000)
Dell Touchpad (Version: 11.2.15.1)
EMSC (Version: 0.0.0.10)
ESET Online Scanner v3
Google Desktop (Version: 5.9.1005.12335)
GoToAssist 8.0.0.514
Integrated Webcam Driver (1.00.03.0720)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8050.1202)
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Ultimate 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Search Enhancement Pack (Version: 1.2.121.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
Mozilla Thunderbird 9.0.1 (x86 en-US) (Version: 9.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 6.0 Parser (KB927977) (Version: 6.00.3890.0)
Realtek High Definition Audio Driver
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.5 (Version: 5.5.124)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
WIDCOMM Bluetooth Software (Version: 5.5.0.4100)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Toolbar (Version: 14.0.8052.1208)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8050.1202)
Windows Media Format Runtime
Windows Presentation Foundation (Version: 3.0.6920.0)
Windows Search 4.0 (Version: 04.00.6001.503)
Wireless Select Switch (Version: 1.1.0.12)
XML Paper Specification Shared Components Pack 1.0

========================= Memory info: ===================================

Percentage of memory in use: 82%
Total physical RAM: 1014.2 MB
Available physical RAM: 176.52 MB
Total Pagefile: 2441.59 MB
Available Pagefile: 1716.06 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.35 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:64.72 GB) (Free:43.31 GB) NTFS

========================= Users: ========================================

User accounts for \\ROSIE

Administrator Guest HelpAssistant
Kelsey SUPPORT_388945a0


**** End of log ****

#11 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 25 January 2012 - 12:48 PM

Thanks again for your help. Everything seems to be running normally right now - does that match with what you are seeing?

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:45 AM

Posted 25 January 2012 - 01:12 PM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,turn on system restore and create a new restore point

http://support.microsoft.com/kb/310405

Uninstall your java update from add or remove programs and download latest from here

http://www.java.com/en/

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#13 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 25 January 2012 - 02:34 PM

The TFC won't run - it opens and i press 'start' and then it says 'getting user folders' and 'stopping running processes' and then it stops there and freezes up my computer. Any thoughts?

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:45 AM

Posted 25 January 2012 - 08:39 PM

Try running it in safemode,if that doesnt work go for

http://majorgeeks.com/ATF_Cleaner_d4949.html

Launch it,click on SELECT ALL,click on EMPTY selected

Good luck

#15 k-tray

k-tray
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 26 January 2012 - 01:05 AM

Great, it ran in safemode. Thanks again for all your help. Should I remove all of these scanning programs now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users