Jump to content

soccerbuzz

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral

About soccerbuzz

  • Birthday April 5

Profile Information

  • Location
    Fort Lauderdale, FL
  • Interests
    Soccer, College sports, Dogs, Politics, Dog Agility Trials
  1. Thanks for everything. My computer is running much better and I'm getting MBAM full version once I return home from this trip. Can you offer final insight to these issues after all this cleanup?: I reset (as instructed in an earlier reply) my Start Menu recent applications # to 7 (where it shows my most recent apps/documents used). However, it continues to show only 3 or 4 and a test I just did (opening iTunes, Excel, Calculator and Taxcut)....none of these showed up. Since I followed your advice days ago, the list has never increased beyond 4 and is always the same 4 now. And....final thoughts on why nearly every folder showing up in my Start Menu still shows EMPTY when you hover over it. Of the 50 or so programs/files listed, only 2 show content (Accessories and ICUII---which I have not used in over 2 years). Maybe I mentioned this before but when I right click on a file, I do get several programs (Excel, Opera, Windows Picture, Media Player, Google Chrome, etc) listed as options to open it. This puzzles me because all of these program folders show up empty under START MENU. I don't understand why they don't start getting listed (as content in the folder instead of EMPTY) once I use them after all this virus cleanup. If you have comments on these last 2 things, it is a bonus for me at this point. I am very happy that the viruses are gone and a little war damage from all this isn't that bad to deal with if we can't figure out these last couple of problems. thanks!
  2. Thanks. It seems the search redirect virus may be gone now. I can't say 100% as I do only a handful of searches because I wanted to get this reply sent to you. Please note I have been on the road traveling so my response time and ability to do the next steps are a little slower than I would prefer. The folders in my Start Menu remain mostly EMPTY. I'm unsure if that is something we will resolve as we continue in this forum. For example, I still struggle with finding MS Word/Excel (as one example). This also may be problematic because many of the folders in App Progroms that I renamed may be permanently lost? or damanged? or always appearing missing? Anyway, computer is better. Are there next steps. Here is the TDSSKiller log: 2011/07/17 01:10:15.0718 4196 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/17 01:10:16.0140 4196 ================================================================================ 2011/07/17 01:10:16.0140 4196 SystemInfo: 2011/07/17 01:10:16.0140 4196 2011/07/17 01:10:16.0140 4196 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/17 01:10:16.0140 4196 Product type: Workstation 2011/07/17 01:10:16.0140 4196 ComputerName: FLORIDA 2011/07/17 01:10:16.0140 4196 UserName: OD Customer 2011/07/17 01:10:16.0140 4196 Windows directory: C:\WINDOWS 2011/07/17 01:10:16.0140 4196 System windows directory: C:\WINDOWS 2011/07/17 01:10:16.0140 4196 Processor architecture: Intel x86 2011/07/17 01:10:16.0140 4196 Number of processors: 2 2011/07/17 01:10:16.0140 4196 Page size: 0x1000 2011/07/17 01:10:16.0140 4196 Boot type: Normal boot 2011/07/17 01:10:16.0140 4196 ================================================================================ 2011/07/17 01:10:17.0703 4196 Initialize success 2011/07/17 01:10:22.0750 4580 ================================================================================ 2011/07/17 01:10:22.0750 4580 Scan started 2011/07/17 01:10:22.0750 4580 Mode: Manual; 2011/07/17 01:10:22.0750 4580 ================================================================================ 2011/07/17 01:10:25.0437 4580 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/17 01:10:25.0484 4580 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/07/17 01:10:25.0562 4580 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/17 01:10:25.0640 4580 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/07/17 01:10:25.0718 4580 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/17 01:10:25.0875 4580 AgereSoftModem (b3192376c7a3814b5341efc2202022f8) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/07/17 01:10:26.0500 4580 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/17 01:10:26.0906 4580 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/07/17 01:10:26.0953 4580 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/17 01:10:26.0984 4580 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/17 01:10:27.0015 4580 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/17 01:10:27.0046 4580 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/17 01:10:27.0109 4580 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/17 01:10:27.0328 4580 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/17 01:10:27.0640 4580 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/07/17 01:10:27.0796 4580 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/17 01:10:27.0843 4580 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/17 01:10:27.0890 4580 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/17 01:10:27.0984 4580 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/07/17 01:10:28.0015 4580 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/07/17 01:10:28.0109 4580 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/17 01:10:28.0171 4580 DLABOIOM (ee4325becef51b8c32b4329097e4f301) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/07/17 01:10:28.0187 4580 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/07/17 01:10:28.0218 4580 DLADResN (1e6c6597833a04c2157be7b39ea92ce1) C:\WINDOWS\system32\DLA\DLADResN.SYS 2011/07/17 01:10:28.0406 4580 DLAIFS_M (752376e109a090970bfa9722f0f40b03) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/07/17 01:10:28.0453 4580 DLAOPIOM (62ee7902e74b90bf1ccc4643fc6c07a7) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/07/17 01:10:28.0515 4580 DLAPoolM (5c220124c5afeaee84a9bb89d685c17b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/07/17 01:10:28.0593 4580 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS 2011/07/17 01:10:28.0609 4580 DLAUDFAM (4ebb78d9bbf072119363b35b9b3e518f) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/07/17 01:10:28.0640 4580 DLAUDF_M (333b770e52d2cea7bd86391120466e43) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/07/17 01:10:28.0796 4580 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/17 01:10:28.0875 4580 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/17 01:10:29.0046 4580 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/17 01:10:29.0109 4580 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/17 01:10:29.0156 4580 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/17 01:10:29.0171 4580 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/07/17 01:10:29.0203 4580 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/07/17 01:10:29.0250 4580 e1express (e1fa10ed8f9f700c1be1eae05a80ef57) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/07/17 01:10:29.0312 4580 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/17 01:10:29.0437 4580 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/07/17 01:10:29.0578 4580 FdRedir (8affa5814b135417494e48eb9c0b6c5e) C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys 2011/07/17 01:10:29.0593 4580 FileDisk2 (6ed5c6a25174118036e978b42f0974d1) C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys 2011/07/17 01:10:29.0812 4580 FilterService (50104c5f1ee1e295781caf9521ca2e56) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys 2011/07/17 01:10:29.0843 4580 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/17 01:10:29.0859 4580 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/07/17 01:10:29.0906 4580 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/17 01:10:29.0937 4580 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/17 01:10:29.0953 4580 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/17 01:10:30.0031 4580 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/07/17 01:10:30.0140 4580 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/17 01:10:30.0187 4580 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/17 01:10:30.0265 4580 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2011/07/17 01:10:30.0281 4580 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2011/07/17 01:10:30.0296 4580 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2011/07/17 01:10:30.0531 4580 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/17 01:10:30.0734 4580 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/17 01:10:30.0937 4580 ialm (bc1f1ff8d5800398937966cdb0a97fdc) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/07/17 01:10:32.0187 4580 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/17 01:10:32.0671 4580 IntcAzAudAddService (b12a9fc49cd2765a43829d834f518aed) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/17 01:10:32.0796 4580 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/17 01:10:32.0875 4580 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/17 01:10:33.0015 4580 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/17 01:10:33.0078 4580 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/17 01:10:33.0187 4580 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/17 01:10:33.0218 4580 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/17 01:10:33.0265 4580 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/17 01:10:33.0312 4580 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/17 01:10:33.0343 4580 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/17 01:10:33.0390 4580 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/17 01:10:33.0406 4580 KR10N (00c1ea8decf810b8eccb5c5a8186a96e) C:\WINDOWS\system32\drivers\KR10N.sys 2011/07/17 01:10:33.0500 4580 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/17 01:10:33.0843 4580 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 2011/07/17 01:10:33.0968 4580 LVRS (b895839b8743e400d7c7dae156f74e7e) C:\WINDOWS\system32\DRIVERS\lvrs.sys 2011/07/17 01:10:34.0093 4580 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys 2011/07/17 01:10:34.0406 4580 LVUVC (8bc0d5f6e3898f465a94c6d03afb5a20) C:\WINDOWS\system32\DRIVERS\lvuvc.sys 2011/07/17 01:10:34.0781 4580 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys 2011/07/17 01:10:34.0921 4580 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/07/17 01:10:34.0984 4580 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/17 01:10:35.0156 4580 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/17 01:10:35.0265 4580 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/17 01:10:35.0359 4580 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/17 01:10:35.0687 4580 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/17 01:10:35.0953 4580 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/17 01:10:36.0031 4580 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/17 01:10:36.0078 4580 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/17 01:10:36.0109 4580 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/17 01:10:36.0125 4580 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/17 01:10:36.0156 4580 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/17 01:10:36.0187 4580 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/07/17 01:10:36.0265 4580 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/17 01:10:36.0312 4580 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/07/17 01:10:36.0328 4580 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/17 01:10:36.0359 4580 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/07/17 01:10:36.0390 4580 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/17 01:10:36.0468 4580 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/17 01:10:36.0515 4580 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/17 01:10:36.0546 4580 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/17 01:10:36.0812 4580 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/17 01:10:36.0875 4580 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/17 01:10:36.0968 4580 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/07/17 01:10:37.0062 4580 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/17 01:10:37.0171 4580 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys 2011/07/17 01:10:37.0234 4580 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/17 01:10:37.0359 4580 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/17 01:10:37.0421 4580 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/17 01:10:37.0453 4580 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/17 01:10:37.0500 4580 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/17 01:10:37.0578 4580 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/17 01:10:37.0671 4580 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/07/17 01:10:37.0734 4580 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/17 01:10:37.0828 4580 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/17 01:10:37.0937 4580 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/17 01:10:38.0156 4580 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/17 01:10:38.0234 4580 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/07/17 01:10:38.0406 4580 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/17 01:10:38.0453 4580 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/17 01:10:38.0531 4580 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys 2011/07/17 01:10:38.0546 4580 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/17 01:10:38.0593 4580 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/07/17 01:10:38.0734 4580 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/17 01:10:38.0812 4580 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/17 01:10:38.0875 4580 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/17 01:10:38.0890 4580 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/17 01:10:38.0953 4580 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/17 01:10:39.0015 4580 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/17 01:10:39.0078 4580 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/17 01:10:39.0156 4580 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/17 01:10:39.0281 4580 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/17 01:10:39.0390 4580 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/07/17 01:10:39.0453 4580 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/07/17 01:10:39.0515 4580 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/17 01:10:39.0609 4580 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/07/17 01:10:39.0750 4580 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2011/07/17 01:10:39.0859 4580 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2011/07/17 01:10:39.0890 4580 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/07/17 01:10:39.0937 4580 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/07/17 01:10:40.0093 4580 smihlp (aef89571c4e567575db8bdf120765b6c) C:\Program Files\Protector Suite QL\smihlp.sys 2011/07/17 01:10:40.0328 4580 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/17 01:10:40.0515 4580 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/17 01:10:40.0593 4580 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/17 01:10:40.0671 4580 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/07/17 01:10:40.0750 4580 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/17 01:10:40.0859 4580 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/17 01:10:41.0031 4580 SynTP (cfb41bf11ae95c26133bae3ec2e334bd) C:\WINDOWS\system32\DRIVERS\SynTP.sys 2011/07/17 01:10:41.0062 4580 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/17 01:10:41.0265 4580 tbiosdrv (7147b0575bcc93a6ab7d5c90f47c0b9f) C:\WINDOWS\system32\DRIVERS\tbiosdrv.sys 2011/07/17 01:10:41.0359 4580 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/17 01:10:41.0437 4580 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys 2011/07/17 01:10:41.0484 4580 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/17 01:10:41.0578 4580 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/17 01:10:41.0625 4580 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/17 01:10:41.0656 4580 tifm21 (244cfbffdefb77f3df571a8cd108fc06) C:\WINDOWS\system32\drivers\tifm21.sys 2011/07/17 01:10:41.0718 4580 tosrfec (cc069342ee0eae55b32a0ae99cf6185c) C:\WINDOWS\system32\DRIVERS\tosrfec.sys 2011/07/17 01:10:41.0750 4580 TVALD (676db15ddf2e0ff6ec03068dea428b8b) C:\WINDOWS\system32\DRIVERS\NBSMI.sys 2011/07/17 01:10:41.0796 4580 Tvs (cc6763889198ef975b143d49789bcfa9) C:\WINDOWS\system32\DRIVERS\Tvs.sys 2011/07/17 01:10:41.0968 4580 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/17 01:10:42.0078 4580 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/17 01:10:42.0156 4580 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/07/17 01:10:42.0281 4580 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2011/07/17 01:10:42.0343 4580 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/17 01:10:42.0468 4580 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/17 01:10:42.0593 4580 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/17 01:10:42.0656 4580 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/17 01:10:42.0750 4580 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/17 01:10:42.0781 4580 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/17 01:10:42.0828 4580 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/17 01:10:42.0843 4580 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/17 01:10:42.0890 4580 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/17 01:10:43.0062 4580 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys 2011/07/17 01:10:43.0359 4580 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/17 01:10:43.0437 4580 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys 2011/07/17 01:10:43.0484 4580 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/17 01:10:43.0593 4580 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/07/17 01:10:43.0656 4580 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/17 01:10:43.0687 4580 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/17 01:10:43.0765 4580 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0 2011/07/17 01:10:43.0765 4580 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 2011/07/17 01:10:43.0765 4580 Boot (0x1200) (24143623f38212098139056e3850dfc4) \Device\Harddisk0\DR0\Partition0 2011/07/17 01:10:43.0781 4580 ================================================================================ 2011/07/17 01:10:43.0781 4580 Scan finished 2011/07/17 01:10:43.0781 4580 ================================================================================ 2011/07/17 01:10:43.0796 4572 Detected object count: 1 2011/07/17 01:10:43.0796 4572 Actual detected object count: 1 2011/07/17 01:10:52.0406 4572 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot 2011/07/17 01:10:52.0406 4572 \Device\Harddisk0\DR0 - ok 2011/07/17 01:10:52.0406 4572 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/17 01:11:02.0921 1124 Deinitialize success
  3. Completed Combo Fix. FYI...it took a LONG time and deleted a significant number of files it seems. Not sure what to report to you. The Start Menu program folders are still mostly EMPTY. No major feedback on how the computer is running. I wanted to get this reply sent to you but certainly the computer is better. The redirect browser problem (virus) still exists. I get sent to crazy pages instead the actual link found in google searches. Not sure if the IE browser pops up randomly but will give you feedback on that in next replies. Here is Combo Fix log: ComboFix 11-07-15.01 - OD Customer 07/15/2011 13:20:30.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1348 [GMT -4:00] Running from: c:\documents and settings\OD Customer\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\WINDOWS c:\documents and settings\Administrator\WINDOWS\unhide(1).exe c:\documents and settings\All Users\Application Data\124.exe c:\documents and settings\Default User\WINDOWS c:\documents and settings\Guest\WINDOWS c:\documents and settings\Guest\WINDOWS\unhide(1).exe c:\documents and settings\OD Customer\g2mdlhlpx.exe c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4} c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\chrome.manifest c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\chrome\content\_cfg.js c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\chrome\content\overlay.xul c:\documents and settings\OD Customer\Local Settings\Application Data\{94F2AF82-752C-4328-8CDB-3D953C98FBE4}\install.rdf c:\documents and settings\OD Customer\Start Menu\Programs\Windows XP Fix c:\documents and settings\OD Customer\Start Menu\Programs\Windows XP Fix\Uninstall Windows XP Fix.lnk c:\documents and settings\OD Customer\Start Menu\Programs\Windows XP Fix\Windows XP Fix.lnk c:\documents and settings\OD Customer\WINDOWS c:\documents and settings\OD Customer\WINDOWS\unhide(1).exe c:\windows\esaniyan.dll c:\windows\sretpu.exe c:\windows\system32\_packet.dlluninstall c:\windows\system32\config\systemprofile\WINDOWS c:\windows\system32\scvideo.dll c:\windows\system32\Thumbs.db c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 ))))))))))))))))))))))))))))))) . . 2011-07-15 17:01 . 2011-07-15 17:04 -------- d-----w- C:\32788R22FWJFW 2011-07-14 19:06 . 2011-07-14 19:06 -------- d-----w- c:\program files\MSECache 2011-07-14 01:17 . 2011-07-14 01:17 684297 ----a-w- c:\windows\unhide(1).exe 2011-07-10 10:10 . 2004-08-10 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll 2011-07-10 10:10 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-07-10 10:10 . 2004-08-10 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe 2011-07-10 10:10 . 2004-08-10 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll 2011-07-10 10:10 . 2004-08-10 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll 2011-07-10 10:10 . 2004-08-10 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll 2011-07-10 10:10 . 2004-08-10 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe 2011-07-10 10:10 . 2004-08-10 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll 2011-07-10 09:54 . 2011-07-10 09:54 -------- d-----w- c:\windows\system32\wbem\Repository 2011-07-09 08:55 . 2011-07-10 03:22 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2011-07-09 07:47 . 2011-07-09 08:19 -------- d-----w- c:\documents and settings\OD Customer\Local Settings\Application Data\Jaksta_Technologies_Pty_L 2011-07-09 07:46 . 2011-07-09 07:46 -------- d-----w- c:\program files\Applian Technologies 2011-07-09 07:45 . 2011-07-09 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Applian 2011-07-06 21:43 . 2011-07-06 21:46 -------- d-----w- c:\program files\WMR14 2011-07-06 21:29 . 2011-07-08 09:32 -------- d-----w- c:\program files\WMCap 5 2011-07-06 21:18 . 2011-07-06 21:21 -------- d-----w- C:\flashrip 2011-07-06 21:07 . 2011-07-06 21:07 -------- d-----w- c:\program files\WinPcap 2011-07-06 21:07 . 2011-07-06 21:23 -------- d-----w- c:\program files\FlashRip-Basic 2011-07-01 23:07 . 2011-07-01 23:07 -------- d-----w- c:\documents and settings\OD Customer\Application Data\Sling Media 2011-07-01 23:07 . 2011-07-01 23:07 -------- d-----w- c:\program files\Sling Media 2011-06-23 08:01 . 2011-07-15 06:29 0 ----a-w- c:\windows\Jpolageya.bin 2011-06-22 21:54 . 2011-06-22 21:54 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-22 21:54 . 2011-06-22 21:54 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-19 06:47 . 2011-06-19 06:47 -------- d-----w- c:\program files\iPod 2011-06-19 06:47 . 2011-06-19 06:48 -------- d-----w- c:\program files\iTunes 2011-06-16 18:45 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-16 06:02 . 2011-05-20 02:15 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-02 14:02 . 2006-02-15 14:04 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-29 13:11 . 2011-05-19 23:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-21 02:13 . 2011-05-21 02:14 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-05-21 02:13 . 2010-05-20 19:54 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-19 23:02 . 2011-05-19 23:02 0 ----a-w- c:\documents and settings\OD Customer\Local Settings\Application Data\BIT11.tmp 2011-05-10 12:06 . 2010-09-08 01:05 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-05-10 12:06 . 2010-09-08 01:05 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-02 15:31 . 2006-02-15 15:36 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2006-02-15 14:03 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2006-02-15 14:03 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 11:07 . 2006-02-15 14:04 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-04-26 11:07 . 2006-02-15 14:02 33280 ----a-w- c:\windows\system32\csrsrv.dll 2011-04-21 13:37 . 2006-02-15 14:03 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-06-22 21:54 . 2011-03-23 18:27 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-22 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CFSServ.exe"="CFSServ.exe -NoClient" [X] "TFncKy"="TFncKy.exe" [bU] "TDispVol"="TDispVol.exe" [2005-03-11 73728] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1343488] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784] "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2005-12-22 30208] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-12-16 82009] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203] "NDSTray.exe"="NDSTray.exe" [bU] "Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728] "TPSMain"="TPSMain.exe" [2005-06-01 282624] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880] "dla"="c:\windows\system32\dla\DLACTRLW.exe" [2005-10-06 122940] "Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2005-03-18 151552] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008] "HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2003-12-05 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "HostManager"="c:\program files\Common Files\AOL\1147563008\ee\AOLSoftware.exe" [2008-06-24 41824] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus] 2005-12-22 04:42 40448 ----a-w- c:\windows\system32\psqlpwd.dll . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\aolsoftware.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\1147563008\\EE\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\AOL 9.0a\\waol.exe"= "c:\\Program Files\\AOL 9.0b\\waol.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [12/22/2005 12:55 AM 13568] R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [12/22/2005 12:55 AM 33024] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 2:44 AM 993848] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 2:44 AM 399416] R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [12/22/2005 12:25 AM 3456] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 4:30 AM 15544] S2 gupdate1c96a0feed95de1;Google Update Service (gupdate1c96a0feed95de1);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2008 7:48 PM 133104] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2008 7:48 PM 133104] S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [?] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 2:19 PM 50704] S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\PEDrv.sys --> c:\sysprep\PEDrv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-02-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . 2011-07-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-29 08:18] . 2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-29 17:05] . 2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2008-12-29 17:05] . 2011-07-14 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2010-04-06 04:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\OD Customer\Application Data\Mozilla\Firefox\Profiles\77bzkdwk.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=VUZTDF&PC=VUZE&q= FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: network.proxy.type - 0 FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Rmusesabe - c:\windows\aprvic.dll HKLM-Run-PadTouch - c:\program files\TOSHIBA\Touch and Launch\PadExe.exe HKLM-Run-Wrosuli - c:\windows\esaniyan.dll . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-15 14:03 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(900) c:\windows\system32\psqlpwd.dll c:\program files\Protector Suite QL\infra.dll c:\program files\Protector Suite QL\homefus2.dll c:\windows\system32\biologon.dll c:\program files\Protector Suite QL\homepass.dll c:\program files\Protector Suite QL\bio.dll c:\program files\Protector Suite QL\remote.dll c:\program files\Protector Suite QL\mysafe.dll c:\program files\Protector Suite QL\crypto.dll . - - - - - - - > 'explorer.exe'(7104) c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\TDispVol.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\program files\Protector Suite QL\mysafe.dll c:\program files\Protector Suite QL\infra.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\windows\system32\DVDRAMSV.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Smith Micro\StuffIt11\ArcNameService.exe c:\toshiba\IVP\swupdate\swupdtmr.exe c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\ehome\mcrdsvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\dllhost.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\wscntfy.exe c:\windows\system32\TDispVol.exe c:\windows\AGRSMMSG.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\Protector Suite QL\psqltray.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\TPSBattM.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\windows\system32\HPZipm12.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE . ************************************************************************** . Completion time: 2011-07-15 14:23:01 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-15 18:22 . Pre-Run: 154,252,988,416 bytes free Post-Run: 154,497,822,720 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 5AED943BD3564D0AB7A252774F9BCBEF
  4. OK. Did all that. I'm not sure that did much as everything you suggested seemed to be already checked or working. There are a couple more applications showing in Start Menu so maybe it did trigger a little. FYI...that pesky Windows Fix XP shows up as an app in my Start Menu. I thought I was already past the point of having it deleted and we were working on the problems it caused elsewhere. But maybe I'm wrong. Just thought I would mention that it case its presence on the list indicates a problem we haven't yet addressed. Thanks and keep helping me along if you can.
  5. OK. A little progress. Yea! Some folders were unhidden but not many. Also a few applications started to appear on my Start popup (since the windows xp fix, the list has remained empty). However, I think way too many folders still appear empty even considering the fact that I did manually rename some folders that might have screwed things up. But definitely better than before. Before this unhide.exe, when I clicked on c: it would be empty (no folders or apps). The only way I could even find the windows folder to put the unhide.exe into was to do a search. OK, ready for next steps.
  6. I am running Windows XP. Yes, I tried System Restore and that's when everything got a little crazy. But it also kept asking for some original CD system disks that I don't believe I have anymore.
  7. Yesterday, I fixed Windows XP Fix virus. I got it corrected but I have a serious problem that limits my ability to use my computer now. I accidentally (on bad advice) changed the folder/file names in the user Application Programs folder for any that had a random string of numbers or letters (I was told these were virus files and name change would stop auto-run.) I should have ONLY changed the .exe files. Now my list of programs under START (or even if I click on a folder I can find) shows EMPTY. Also, several regularly used programs (Word, Excel, Firefox, Quickcam) are not even listed as programs under the start menu. If I do a search for applications, only the main folder returns and the folder is empty. The only way I can get these programs to open is to go to a desktop icon, right click and then choose a program to open from there (and most are still currently listed there and they do open when I choose from there.) Anyone have suggestions how I can get the folders I changed back to their original file name or have this problem solved? Thanks.
  8. I got Windows XP Fix virus cleaned up using manual commands and MBAM. However, I screwed up and need help. One forum I read when I started the cleanup instructed me to go to folder All Users/Application Programs and rename any folders with a series of numbers or letters (as these were virus folders.) Well, I realized AFTER I did this, that the instructions stated to do this ONLY for .exe files. I renamed about 8 other folders and files and now I have this problem: My Start/All Programs list is all wrong. The few programs that are listed show EMPTY folders. I'm sure this is because I changed the folder names and there are either shortcut problems or the user reference is going nowhere. For example, MS Office under All Programs shows EMPTY (where it once showed options for Excel/Access/Word/etc.) Anyone have suggestions how I can get the folders I changed back to their original file name or have this problem solved? I did a system restore (no help really.) If this helps, I cannot find most applications via search. But if I right click on a desktop file, I can see most programs (Firefox, Word, etc) as an option to open the file and then the application launches. So the applications are working fine, I just can't see them in their folders or get my user profile to appear as it should. Thanks. Yesterday, I used instructions (including MBAM)to rid the Windox XP Fix virus off my computer. Two new problems (virus?) now are constant. Any browser searches I do (I usually use Firefox)show good results but when clicking on any search result link, I get redirected repeatedly to some random site. The site is usually another site of random search results or tech-related mumbo jumbo. If I go back to search results and retry 5 or 6 times, I might eventually get to the correct webpage. I believe the redirect is also happening when I'm on any website and click on a link embedded on that site (I haven't used the web much since virus fix so I'm not 100% sure this redirect is happening.) Is there a fix to this? Also, Internet Explorer (which I normally never use) keeps opening automatically and going to the same website (tmz.com which I also never visit). I cannot find a way to shut this process down. If I close IE, it relaunches to same website in about 5 minutes. Can you help? Thanks. Here is MBAM log: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7060 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18372 7/10/2011 6:53:33 PM mbam-log-2011-07-10 (18-53-33).txt Scan type: Quick scan Objects scanned: 203641 Time elapsed: 12 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) If anyone can assist me, I am anxious for some help. I am trying to be patient as I know volunteers are busy. Just want to make sure my post doesn't get lost after a couple days. Thanks.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.