Jump to content

Pls help me remove XP Antivirus 2012


Recommended Posts

On Friday I received the XP Anti-Virus 2012 virus on my Windows XP PC. I already had both Avira and Malwarebytes, but somehow I still got it. I have completed both a quick and full scan with both softwares, each time removing more infections. I also followed the instructions to edit the registry from this website (http://freeofvirus.blogspot.com/2011/06/xp-antivirus-2012-removal-guide.html).

The pop ups are gone, but I'm not able to open any programs and the web does not work. Also, the taskbar has a red Windows icon that keeps saying my Automated Updates and Firewall are turned off, but I have verified that they are not off. Since my infected PC has no internet access at this point, I cannot attached the scan log, but below is the important info from the last log.

Malwarebytes' Anti-Malware 1.51.0.1200

Database version: 6897

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/19/2011 3:52:53 PM

mbam-log-2011-06-19 (15-52-53).txt

Scan type: quick scan

Objects scanned: 205137

Time elapsed: 11 minute(s), 40 second(s)

Registry Data Items Infected: 1

(everything else was 0)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\exefile\sheet\open\command\(default) (Broken.OpenCommand) > Bad: (???*) Good: ("%1" %*) > Quarantined and deleted successfully.

What should I do now to gain access to my programs and internet? Thank you.

Link to post
Share on other sites

  • Replies 68
  • Created
  • Last Reply

Top Posters In This Topic

Okay, it's been pass 48 hours and I really need some help with this issue. I work from home and have had to take everyday off since Friday. Plus I have another interview tomorrow and I must be at my PC to complete it.

I ran a full scan yesterday and it only returned another registry key: HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) > Bad: () Good: ("%1" %*) > Quarantined and deleted successfully.

Whenever I try to open any program it says: This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.

How do I do this or is it a part of the virus? Help would be EXTREMELY appreciated.

Link to post
Share on other sites

Hi MeganB

:welcome:

  • Download FixPolicies.exe by Bill Castner and save it to your desktop.
  • Double click on FixPolicies.exe to run it.
  • Click on Install. It will create a folder named FixPolicies on your desktop.
  • Open the FixPolicies folder.
  • Double click on Fix_policies.cmd to run it. Command Prompt will open and close quickly this is normal.
  • Reboot your computer after it runs

Next

We need to look at some information about what is going on in your computer:

Please perform the following scan:

  • Download DDS by sUBs from one of the following links. Save it to your desktop.

    [*]Double click on the DDS icon, allow it to run.

    [*]A small box will open, with an explanation about the tool.

    [*]When done, DDS will open two (2) logs

    1. DDS.txt

    2. Attach.txt

    [*] Save both reports to your desktop.

    [*] The instructions here ask you to attach the Attach.txt.

    DDS.jpg

    [*]Instead of attaching, please copy/past both logs into your Thread

    [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

Link to post
Share on other sites

Thank you.

Unfortunately, at this time I do not have access to a blank CD or USB to install from my netbook to my infected computer. I won't be able to go purchase one for another 3 hours (at 10:30 pm EST).

Are there any steps I can complete without installing the above?

Link to post
Share on other sites

If your Internet is not working? Do the following without updating Malwarebytes. One is to make sure extensions are shown, see here how to do this.

Then, navigate to the C:\Program Files\Malwarebytes' Antimalware folder and locate the file mbam.exe in there

Rename mbam.exe to mbam.com

Then, doubleclick mbam.com. This will allow malwarebytes to open. First use the update tab and check if there are updates. Download the updates.

Then, perform a quick scan and let Malwarebytes remove what it found. Reboot afterwards.

Post the log from Malwarebytes in your next reply together with the DDS logs.

Link to post
Share on other sites

Thank you for the instructions.

Using a CD, I downloaded FixPolicies.exe and DDR from my netbook and installed on infected computer.

FixPolicies would not work. Error: Cannot open C:\Documents and Settings\School\Desktop\FixPolicies.exe

The following posts are the files from dds.txt, attach.txt and mbam log file.

*I changed mbam.exe to firefox.com (see post 3) and ran a full scan (see post 2); but because I cannot connect to the internet I am unable to update Malwarebytes beyond version 1.51.0.1200, database version 6897 on 6/19/11. Since the 18th, 6 registry data, 1 registry value and 1 file has been quarantine.

Link to post
Share on other sites

Content from dds.txt:

.

DDS (Ver_2011-06-12.02) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21

Run by School at 12:04:13 on 2011-06-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.841 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

FW: ZoneAlarm Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Citrix\Secure Access Client\nsverctl.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\VERIZONDM\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wwSecure.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Avira\AntiVir Desktop\avmailc.exe

C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Documents and Settings\School\Local Settings\Application Data\Google\Update\1.3.21.57\GoogleCrashHandler.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238

uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride =

uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

BHO: MemberPluginBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - c:\program files\memberplugin\MemberPlugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\school\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [YMailAdvisor] "c:\program files\yahoo!\common\YMailAdvisor.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [VERIZONDM] "c:\program files\verizondm\bin\sprtcmd.exe" /P VERIZONDM

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

mRun: [iSW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\firefox.exe" /runcleanupscript

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\citrix~1.lnk - c:\program files\citrix\secure access client\nsload.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

LSP: c:\program files\avira\antivir desktop\avsda.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab

DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://employee.alpineaccess.com/vdesk/terminal/urxvpn.cab#version=6030,2009,820,1617

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://employee.alpineaccess.com/vdesk/terminal/f5tunsrv.cab#version=6030,2009,811,2213

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://vpn.libtax.info/XTSAC.cab

DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://employee.alpineaccess.com/vdesk/terminal/InstallerControl.cab#version=6030,2009,0828,1616

DPF: {483EB14D-AF1C-4951-81B0-4E2B41829FF6} - hxxps://www.select2perform.com/cabs/QOLCheck.ocx

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=3d896b1f06236caf624493c8cb1c2a53&url=http%3A%2F%2Fd.66.155.171.174.downloads.estara.com.%2Fas%2FOneCCDM.php&template=386083&sessionid=413316141_66.155.171.174_41116&=&req=1250287932365OneCC.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244505210953

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab

DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://employee.alpineaccess.com/vdesk/terminal/urxshost.cab#version=6030,2009,828,1610

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://acddirect.webex.com/client/T27L/webex/ieatgpc.cab

DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://employee.alpineaccess.com/vdesk/terminal/urxhost.cab#version=6030,2009,828,1606

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn2.bluefly.com/dana-cached/setup/JuniperSetupSP1.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{96797D0A-5709-46CC-A9F2-FF33AF51E728} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\school\application data\mozilla\firefox\profiles\61det6mv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wet-llc.org/

.

============= SERVICES / DRIVERS ===============

.

R?2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120]

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-9-24 11608]

R1 NEOFLTR_540_11529;Juniper Networks TDI Filter Driver (NEOFLTR_540_11529);c:\windows\system32\drivers\NEOFLTR_540_11529.sys [2007-1-29 57591]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2010-9-24 339624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-9-24 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-9-24 269480]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2010-9-24 421032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-9-24 61960]

R2 cag;Citrix cag plugin for Access Gateway;c:\program files\common files\deterministic networks\common files\cag.sys [2010-8-4 82560]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-4 55152]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]

R2 nsverctl;Citrix Secure Access Client Service;c:\program files\citrix\secure access client\nsverctl.exe [2010-11-13 154776]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [2010-5-10 41624]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2009-6-10 8576]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-3-27 33920]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640]

S3 B-Service;B-Service;c:\documents and settings\aa_mboone\local settings\temporary internet files\content.ie5\r7thq64e\B-Service.exe [2011-6-18 185640]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2009-9-1 10752]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-18 39984]

S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [2006-1-30 9728]

S4 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]

S4 ININ Tracing;ININ Tracing Initialization;c:\program files\interactive intelligence\inin trace initialization\i3trace_initializer-w32r-1-1.exe [2010-3-19 36352]

S4 Interactive Update Client;Interactive Update Client;c:\program files\interactive intelligence\interactive update\ININ.UpdateClientService.exe [2010-1-25 298152]

.

=============== Created Last 30 ================

.

2011-06-18 14:56:27 -------- d-----w- c:\program files\Conduit

2011-06-18 14:56:26 -------- d-----w- c:\documents and settings\school\local settings\application data\ZoneAlarm_Security

2011-06-18 14:56:24 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-06-18 14:55:52 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-06-15 07:06:09 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-15 06:18:54 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-07 16:35:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2011-06-07 16:35:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-06-08 21:31:56 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11:11 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01:22 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

============= FINISH: 12:06:01.03 ===============

Link to post
Share on other sites

Content from attach.txt: (you asked me to post it here instead of attaching it)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-12.02)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 5/29/2009 2:34:41 PM

System Uptime: 6/20/2011 10:00:13 PM (38 hours ago)

.

Motherboard: Dell Computer Corp. | | 0TC667

Processor: Intel® Celeron® CPU 2.40GHz | Microprocessor | 2394/533mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 32.293 GiB free.

D: is CDROM ()

E: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Cisco Systems VPN Adapter

Device ID: ROOT\NET\0001

Manufacturer: Cisco Systems

Name: Cisco Systems VPN Adapter

PNP Device ID: ROOT\NET\0001

Service: CVirtA

.

==== System Restore Points ===================

.

RP725: 3/26/2011 4:34:40 PM - Software Distribution Service 3.0

RP726: 3/26/2011 5:20:46 PM - Installed Platform

RP727: 3/26/2011 5:54:05 PM - Installed Realtek AC'97 Audio

RP728: 3/26/2011 6:00:56 PM - Restore Operation

RP729: 3/26/2011 10:06:19 PM - Software Distribution Service 3.0

RP730: 3/27/2011 10:29:23 PM - System Checkpoint

RP731: 3/29/2011 10:09:56 AM - Removed Ventrilo Client

RP732: 3/30/2011 11:41:03 AM - System Checkpoint

RP733: 3/31/2011 12:07:04 PM - System Checkpoint

RP734: 4/1/2011 12:22:11 PM - System Checkpoint

RP735: 4/2/2011 5:16:56 PM - System Checkpoint

RP736: 4/3/2011 7:12:09 PM - System Checkpoint

RP737: 4/4/2011 9:26:51 PM - System Checkpoint

RP738: 4/6/2011 10:36:16 AM - System Checkpoint

RP739: 4/7/2011 10:56:31 AM - System Checkpoint

RP740: 4/8/2011 11:00:00 AM - System Checkpoint

RP741: 4/9/2011 2:23:49 PM - System Checkpoint

RP742: 4/10/2011 4:17:23 PM - System Checkpoint

RP743: 4/11/2011 4:49:29 PM - System Checkpoint

RP744: 4/12/2011 6:54:28 PM - System Checkpoint

RP745: 4/13/2011 7:32:27 PM - System Checkpoint

RP746: 4/14/2011 7:51:10 PM - System Checkpoint

RP747: 4/15/2011 3:00:44 AM - Software Distribution Service 3.0

RP748: 4/15/2011 10:02:14 AM - Software Distribution Service 3.0

RP749: 4/15/2011 9:31:40 PM - Software Distribution Service 3.0

RP750: 4/16/2011 11:11:55 PM - System Checkpoint

RP751: 4/17/2011 3:10:31 PM - Configured Microsoft Office Professional Plus 2007

RP752: 4/18/2011 3:16:48 PM - System Checkpoint

RP753: 4/19/2011 6:25:18 PM - System Checkpoint

RP754: 4/20/2011 7:31:08 PM - System Checkpoint

RP755: 4/21/2011 10:09:32 PM - System Checkpoint

RP756: 4/22/2011 3:00:19 AM - Software Distribution Service 3.0

RP757: 4/23/2011 11:44:00 AM - System Checkpoint

RP758: 4/24/2011 12:29:49 PM - System Checkpoint

RP759: 4/25/2011 6:48:33 PM - System Checkpoint

RP760: 4/26/2011 8:04:58 PM - System Checkpoint

RP761: 4/27/2011 11:02:58 PM - System Checkpoint

RP762: 4/28/2011 3:00:17 AM - Software Distribution Service 3.0

RP763: 4/29/2011 9:47:35 AM - System Checkpoint

RP764: 4/30/2011 9:59:58 AM - System Checkpoint

RP765: 5/1/2011 2:42:52 PM - System Checkpoint

RP766: 5/2/2011 3:20:21 PM - System Checkpoint

RP767: 5/3/2011 9:51:11 PM - System Checkpoint

RP768: 5/4/2011 10:46:03 PM - System Checkpoint

RP769: 5/6/2011 10:40:05 AM - System Checkpoint

RP770: 5/6/2011 7:30:27 PM - Removed SocialSafe

RP771: 5/7/2011 8:15:15 PM - System Checkpoint

RP772: 5/9/2011 12:40:14 AM - System Checkpoint

RP773: 5/10/2011 4:33:44 PM - System Checkpoint

RP774: 5/11/2011 4:50:44 PM - System Checkpoint

RP775: 5/11/2011 5:52:02 PM - Software Distribution Service 3.0

RP776: 5/12/2011 7:45:12 PM - System Checkpoint

RP777: 5/13/2011 8:50:32 PM - System Checkpoint

RP778: 5/15/2011 12:28:18 AM - System Checkpoint

RP779: 5/16/2011 12:51:35 AM - System Checkpoint

RP780: 5/17/2011 7:06:54 PM - System Checkpoint

RP781: 5/18/2011 9:35:33 PM - System Checkpoint

RP782: 5/20/2011 12:26:51 AM - System Checkpoint

RP783: 5/21/2011 11:57:35 AM - System Checkpoint

RP784: 5/22/2011 12:16:04 PM - System Checkpoint

RP785: 5/23/2011 10:13:42 PM - System Checkpoint

RP786: 5/25/2011 8:39:57 PM - System Checkpoint

RP787: 5/26/2011 10:02:22 PM - System Checkpoint

RP788: 5/27/2011 10:30:17 PM - System Checkpoint

RP789: 5/29/2011 12:28:36 AM - System Checkpoint

RP790: 5/30/2011 12:30:14 AM - System Checkpoint

RP791: 5/31/2011 9:03:59 AM - System Checkpoint

RP792: 6/1/2011 10:14:11 AM - System Checkpoint

RP793: 6/2/2011 2:24:46 PM - System Checkpoint

RP794: 6/4/2011 1:22:00 AM - System Checkpoint

RP795: 6/5/2011 2:03:30 AM - System Checkpoint

RP796: 6/6/2011 9:10:26 AM - System Checkpoint

RP797: 6/7/2011 10:26:06 AM - System Checkpoint

RP798: 6/8/2011 6:27:13 PM - System Checkpoint

RP799: 6/9/2011 9:58:08 PM - System Checkpoint

RP800: 6/10/2011 10:09:25 PM - System Checkpoint

RP801: 6/12/2011 11:39:21 AM - System Checkpoint

RP802: 6/13/2011 8:03:44 PM - System Checkpoint

RP803: 6/14/2011 11:10:30 PM - System Checkpoint

RP804: 6/15/2011 3:00:26 AM - Software Distribution Service 3.0

RP805: 6/16/2011 12:33:34 PM - System Checkpoint

RP806: 6/17/2011 1:35:30 PM - System Checkpoint

RP807: 6/17/2011 8:59:48 PM - Restore Operation

RP808: 6/18/2011 7:18:16 AM - Restore Operation

RP809: 6/18/2011 7:23:17 AM - Restore Operation

RP810: 6/18/2011 2:25:40 PM - Removed Citrix Access Gateway Plug-in

RP811: 6/18/2011 2:34:29 PM - Installed Citrix Access Gateway Plug-in

RP812: 6/19/2011 2:54:45 PM - System Checkpoint

RP813: 6/20/2011 2:58:05 PM - System Checkpoint

RP814: 6/21/2011 3:04:37 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Acrobat.com

Adobe AIR

Adobe Creative Suite 4 Web Premium

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.4.5

Adobe Setup

Adobe Shockwave Player 11.5

AIM 7

Akamai NetSession Interface

Amazon MP3 Downloader 1.0.5

Apple Application Support

Apple Software Update

Audacity 1.2.6

Avira AntiVir Premium

BlackBerry Smartphone Simulators 4.7.1.40 (9630_Sprint)

BlackBerry Smartphone Simulators 5.0.0.337 (8530)

BPD_Scan

CCleaner

Choice Guard

Cisco Systems VPN Client 5.0.04.0300

Citrix Access Gateway Plug-in

Computer Requirements 1.0

Critical Update for Windows Media Player 11 (KB959772)

CrossLoop 2.44

Dell Driver Reset Tool

Download Updater (AOL LLC)

EasyInfo

FileZilla Client 3.4.0

FlashWindow Library for Instant Access

Google Chrome

Google SketchUp 8

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Driver Diagnostics

HP Officejet J3600 Series

Inbit Messenger (Remove Only)

Intel® Extreme Graphics 2 Driver

Intel® PRO Network Adapters and Drivers

Interaction Center User Applications

Internet Explorer Member Plugin

Java Auto Updater

Java DB 10.5.3.0

Java 6 Update 21

Java SE Development Kit 6 Update 21

Juniper Networks Secure Application Manager

Junk Mail filter update

Learn.com WebRoomViewer

LivePerson

Malwarebytes' Anti-Malware version 1.51.0.1200

Media Player Codec Pack 3.9.6

MetaFrame Presentation Server Web Client for Win32

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.3

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Visio Viewer 2003 (English)

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox (2.0.0.17)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nectarphone 1.5.19.3

NetBeans IDE 6.9.1

Notepad++

OGA Notifier 2.0.0048.0

OverDrive Media Console

Palm Desktop by ACCESS

PdaNet 4.12 for Treo 700p/755p/Centro

PreVisor Simulation Player 2.0e Update

QuickTime

Safari

Scan

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2509488)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft Office 2007 System (KB2541012)

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Excel 2007 (KB2541007)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2535818)

Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)

Security Update for Microsoft Office Publisher 2007 (KB2284697)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Skype web features

Skype

Link to post
Share on other sites

Content from mbam full scan log file:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6897

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/20/2011 9:59:09 PM

mbam-log-2011-06-20 (21-59-09).txt

Scan type: Full scan (C:\|)

Objects scanned: 394939

Time elapsed: 7 hour(s), 16 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

How should I proceed now? Thank you.

Link to post
Share on other sites

Using a CD as before, but ignore the "Microsoft Windows Recovery Console" as you need to be on line for that part.

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log (C:\ComboFix.txt) in your next reply.
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

I have tried everything and I cannot get ComboFix.exe to run on the infected PC.

I downloaded it to a new CD. I dragged and dropped it onto my Desktop. When I double click it, error says: This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.

When I right click, select Run As and pick Current user, error says: Error launching installer

Same thing happens when I try to run it directly from the CD. Any other ways to get this to run? Thank you.

Link to post
Share on other sites

I did find that though I can't open programs directly, I can open existing documents.

Example: Notepad won't work if I click Start>All Programs>Accessories>Notepad, but if I click on a Notepad file that's saved to my Desktop, Notepad will open the doc and from there I can click File>New.

Example 2: The update will not download from the Updates Tab of Malwarebytes, but if I open a Word document that contains a link and click it, it will open IE to that webpage and from there I can navigate the web.

So programs are kind of working, I just can't access them directly. What could be causing this issue please?

Link to post
Share on other sites

/sorry for all the extra posts. I'm researching on my end too because I have to get this resolved for work and my interview for tomorrow.

It appears that there's a registry settings that's preventing exe files from working. I'm not sure which one or how to find out which one. If you could assist, I would greatly appreciate it!

Link to post
Share on other sites

We are on the same page! I found that link too while doing some research on my end. I followed those steps and now programs are opening and the internet is working partially. I updated Malwarebytes and did a Quick Scan, which returned 0 results. I also ran FixPolicies and ComboFix, which froze for 1+ hours while creating the log file, before I closed it.

The web is still lagging some. Sometimes it opens just fine, other times it never connects. Any idea why this could be? Do you still need the ComboFix log? It didn't populate.

Link to post
Share on other sites

Unfortunately, my Internet is still not working properly. After I reboot it works, but if I try to update Avira and/or Malwarebytes, it stops working until I reboot again. Also after about 20mins of browsing it stops working.

I found and disable an add on that didn't sound legit: MemberPluginBHO Class (Not verified) Edward Hibbert (edward@ehibbert.org.uk)

I went to the Microsoft Update site, but the ActiveX won't pop up for me to update.

Seems there's still some settings preventing me from accessing the web fully. How can I resolve this? Thank you.

Link to post
Share on other sites

I ran ComboFix again to get a log (see below).

Task Manager is showing alg.exe, jqs.exe and about 7 occurrences of svchost.exe. I think this may be part of the virus. IObit said it could remove it, but their SmartScan didn't find anything. I also followed the steps in the recently resolved thread about this same virus, but it didn't resolve it for me. How should I proceed now? Thank you.

ComboFix 11-06-22.02 - School 06/23/2011 14:44:03.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1278.780 [GMT -4:00]

Running from: c:\documents and settings\School\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\documents and settings\AA_MBoone\g2mdlhlpx.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MYWEBSEARCHSERVICE

.

.

((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))

.

.

2011-06-23 18:05 . 2011-06-23 18:05 -------- d-----w- c:\documents and settings\School\Application Data\IObit

2011-06-23 18:02 . 2011-06-23 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2011-06-23 18:02 . 2011-06-23 18:05 -------- d-----w- c:\program files\IObit

2011-06-23 15:49 . 2011-06-23 15:49 -------- d-----w- C:\FixPolicies

2011-06-18 17:14 . 2011-06-23 15:49 -------- d-----w- c:\documents and settings\AA_MBoone\Local Settings\Application Data\ZoneAlarm_Security

2011-06-18 14:56 . 2011-06-23 15:49 -------- d-----w- c:\documents and settings\School\Local Settings\Application Data\ZoneAlarm_Security

2011-06-18 14:56 . 2011-06-23 15:49 -------- d-----w- c:\program files\ZoneAlarm_Security

2011-06-18 14:56 . 2011-03-18 05:24 69120 ----a-w- c:\windows\system32\zlcomm.dll

2011-06-18 14:56 . 2011-03-18 05:24 104448 ----a-w- c:\windows\system32\zlcommdb.dll

2011-06-18 14:55 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-06-15 07:06 . 2011-06-15 07:44 -------- d-----w- c:\windows\SxsCaPendDel

2011-06-15 06:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys

2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2011-06-07 16:35 . 2011-06-07 16:35 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-08 21:31 . 2011-05-18 21:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-05-29 13:11 . 2009-06-18 20:29 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-29 13:11 . 2009-06-18 20:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-02 15:31 . 2009-05-29 18:28 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2008-08-29 21:14 . 2010-02-23 03:49 67696 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll

2008-08-29 21:14 . 2010-02-23 03:49 54376 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2008-08-29 21:14 . 2010-02-23 03:49 34952 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll

2008-08-29 21:14 . 2010-02-23 03:49 46720 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll

2008-08-29 21:14 . 2010-02-23 03:49 172144 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

2011-03-28 16:22 176936 ----a-w- c:\program files\ZoneAlarm_Security\prxtbZone.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"= "c:\program files\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]

.

[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 738808]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

LivePerson.lnk - c:\program files\LivePerson\hc.exe [2010-7-15 5719296]

.

c:\documents and settings\Megan\Start Menu\Programs\Startup\

PdaNet Desktop.lnk - c:\program files\PdaNet 4.12\PdaNet.exe [2009-9-8 185560]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Citrix Access Gateway.lnk - c:\program files\Citrix\Secure Access Client\nsload.exe [2010-11-13 1518232]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Citrix Access Gateway.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Citrix Access Gateway.lnk

backup=c:\windows\pss\Citrix Access Gateway.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk

backup=c:\windows\pss\VPN Client.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2005-09-20 13:32 77824 -c--a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2005-09-20 13:36 114688 -c--a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2005-09-20 13:35 94208 -c--a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]

2008-10-24 13:14 206112 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-14 18:42 1404928 -c--a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 15:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]

2007-05-11 19:20 2061816 ----a-w- c:\program files\Verizon\VSP\VerizonServicepoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]

2007-09-28 18:30 936960 -c--a-w- c:\program files\Verizon\McciTrayApp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]

2010-04-01 03:34 243000 ----a-w- c:\program files\Yahoo!\Search Protection\YspService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"SeaPort"=2 (0x2)

"ose"=3 (0x3)

"odserv"=3 (0x3)

"nsverctl"=2 (0x2)

"McciCMService"=2 (0x2)

"Interactive Update Client"=2 (0x2)

"ININ Tracing"=2 (0x2)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"fsssvc"=3 (0x3)

"CVPND"=2 (0x2)

"Brother XP spl Service"=2 (0x2)

"B-Service"=3 (0x3)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\PdaNet 4.12\\PdaNet.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\VIPdesk IM\\VIPdesk IM.exe"=

"c:\\Program Files\\Interactive Intelligence\\ICUserApps\\InteractionClient.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Citrix\\Secure Access Client\\nsepa.exe"=

"c:\\Program Files\\Citrix\\Secure Access Client\\nsload.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1128:TCP"= 1128:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

.

R1 NEOFLTR_540_11529;Juniper Networks TDI Filter Driver (NEOFLTR_540_11529);c:\windows\system32\drivers\NEOFLTR_540_11529.sys [1/29/2007 9:33 PM 57591]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 6:00 AM 14336]

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [9/24/2010 11:55 AM 339624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [9/24/2010 11:55 AM 136360]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [9/24/2010 11:55 AM 421032]

R2 cag;Citrix cag plugin for Access Gateway;c:\program files\Common Files\Deterministic Networks\Common Files\cag.sys [8/4/2010 10:56 AM 82560]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/23/2011 2:05 PM 821080]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2/15/2011 11:25 AM 26872]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [2/15/2011 11:25 AM 488952]

R2 nsverctl;Citrix Secure Access Client Service;c:\program files\Citrix\Secure Access Client\nsverctl.exe [11/13/2010 7:27 AM 154776]

R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120]

R3 ctxva51;Citrix Virtual Adapter;c:\windows\system32\drivers\ctxva51.sys [5/10/2010 12:40 PM 41624]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [6/10/2009 12:49 PM 8576]

R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [3/27/2009 12:08 PM 33920]

S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640]

S3 B-Service;B-Service;c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe --> c:\documents and settings\AA_MBoone\Local Settings\Temporary Internet Files\Content.IE5\R7THQ64E\B-Service.exe [?]

S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [9/1/2009 11:31 PM 10752]

S3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [1/30/2006 1:42 PM 9728]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [6/23/2011 2:05 PM 30368]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [6/23/2011 2:05 PM 16080]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [6/23/2011 2:05 PM 239472]

S4 ININ Tracing;ININ Tracing Initialization;c:\program files\Interactive Intelligence\ININ Trace Initialization\i3trace_initializer-w32r-1-1.exe [3/19/2010 2:15 PM 36352]

S4 Interactive Update Client;Interactive Update Client;c:\program files\Interactive Intelligence\Interactive Update\ININ.UpdateClientService.exe [1/25/2010 2:17 PM 298152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1004Core.job

- c:\documents and settings\AA_MBoone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 20:18]

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1004UA.job

- c:\documents and settings\AA_MBoone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-14 20:18]

.

2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005Core.job

- c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58]

.

2011-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-1958367476-839522115-1005UA.job

- c:\documents and settings\School\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-05 20:58]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.wet-llc.org/

uInternet Settings,ProxyServer =

uInternet Settings,ProxyOverride =

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} - hxxps://as00.estara.com/UI/proxyhttps.php?a=downloads.estara.com./&hash=3d896b1f06236caf624493c8cb1c2a53&url=http%3A%2F%2Fd.66.155.171.174.downloads.estara.com.%2Fas%2FOneCCDM.php&template=386083&sessionid=413316141_66.155.171.174_41116&=&req=1250287932365OneCC.cab

DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB

DPF: {C2B78FF1-6E5A-4854-AC24-E09A0E2411BA} - hxxp://static1.meetupstatic.com/applet/MeetUploader_200909.cab

FF - ProfilePath - c:\documents and settings\School\Application Data\Mozilla\Firefox\Profiles\61det6mv.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wet-llc.org/

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

MSConfigStartUp-ConnectionCenter - c:\program files\Citrix\ICA Client\concentr.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-23 15:02

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1224)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\system32\igfxdev.dll

.

- - - - - - - > 'lsass.exe'(1280)

c:\program files\Avira\AntiVir Desktop\avsda.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'explorer.exe'(3408)

c:\windows\system32\WININET.dll

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2011-06-23 15:08:03

ComboFix-quarantined-files.txt 2011-06-23 19:07

.

Pre-Run: 33,822,187,520 bytes free

Post-Run: 33,835,683,840 bytes free

.

- - End Of File - - 98E68D7A15A46DD189F77DFE8883485D

Link to post
Share on other sites

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

Note: You will need to save any work before double clicking the fix.bat file because it will automatically restart your computer

  • Please copy and paste the following text in the Code box exactly as written into notepad (not wordpad or any other text editor):
    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


  • Once you've done that click on File and select Save As...
  • In the Save dialogue box click on the drop down menu next to Save as type and select All Files
  • Name the file fix.bat (the .bat extension is very important)
  • Save the file to your desktop and double click it to run it.
  • Once it runs it will automatically restart your computer
  • Once your computer boots again, check to see if your internet performance has improved?

Next

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • Vista/Windows 7 users right-click and select Run As Administrator.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Link to post
Share on other sites

/sorry, just eager to get this resolved since I've had to call out of work the last 5 days because my PC was down (I work from home).

No, the internet seems to be the same. It takes about 4min to initially open after I click the IE icon, then after about 10min of browsing, it says "The page cannot be displayed" and Cannot find server.

I do have a 2nd IE icon on my desktop after running ComboFix that is entirely blue, instead of blue with the yellow halo.

Here is my TDSSKiller.exe log:

2011/06/23 17:10:47.0031 0904 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15

2011/06/23 17:10:49.0093 0904 ================================================================================

2011/06/23 17:10:49.0093 0904 SystemInfo:

2011/06/23 17:10:49.0093 0904

2011/06/23 17:10:49.0093 0904 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/23 17:10:49.0093 0904 Product type: Workstation

2011/06/23 17:10:49.0093 0904 ComputerName: ANUDAI-50673BAD

2011/06/23 17:10:49.0093 0904 UserName: School

2011/06/23 17:10:49.0093 0904 Windows directory: C:\WINDOWS

2011/06/23 17:10:49.0093 0904 System windows directory: C:\WINDOWS

2011/06/23 17:10:49.0093 0904 Processor architecture: Intel x86

2011/06/23 17:10:49.0093 0904 Number of processors: 1

2011/06/23 17:10:49.0093 0904 Page size: 0x1000

2011/06/23 17:10:49.0093 0904 Boot type: Normal boot

2011/06/23 17:10:49.0093 0904 ================================================================================

2011/06/23 17:10:50.0734 0904 Initialize success

2011/06/23 17:11:04.0859 1704 ================================================================================

2011/06/23 17:11:04.0859 1704 Scan started

2011/06/23 17:11:04.0859 1704 Mode: Manual;

2011/06/23 17:11:04.0859 1704 ================================================================================

2011/06/23 17:11:06.0171 1704 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/23 17:11:06.0328 1704 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/23 17:11:06.0640 1704 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/23 17:11:06.0843 1704 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/23 17:11:08.0421 1704 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/23 17:11:08.0687 1704 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/23 17:11:09.0031 1704 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/23 17:11:09.0218 1704 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/23 17:11:09.0375 1704 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/06/23 17:11:09.0609 1704 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/06/23 17:11:09.0875 1704 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/06/23 17:11:10.0078 1704 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/23 17:11:10.0265 1704 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

2011/06/23 17:11:10.0484 1704 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys

2011/06/23 17:11:10.0703 1704 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

2011/06/23 17:11:10.0812 1704 cag (c2c53a21adf398575ccb2481a4f5209e) C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys

2011/06/23 17:11:11.0250 1704 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/23 17:11:11.0562 1704 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/23 17:11:11.0734 1704 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/23 17:11:11.0921 1704 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/23 17:11:12.0093 1704 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys

2011/06/23 17:11:12.0640 1704 ctxva51 (288457495b96b2e96cf1bcd4ec1b623a) C:\WINDOWS\system32\DRIVERS\ctxva51.sys

2011/06/23 17:11:12.0812 1704 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/06/23 17:11:13.0046 1704 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys

2011/06/23 17:11:13.0390 1704 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/23 17:11:13.0593 1704 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/23 17:11:13.0890 1704 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/23 17:11:14.0078 1704 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/23 17:11:14.0265 1704 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/23 17:11:14.0468 1704 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys

2011/06/23 17:11:14.0750 1704 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/23 17:11:14.0921 1704 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/06/23 17:11:15.0125 1704 f5ipfw (06babcfbe83453d1673878afa5d5b8c2) C:\WINDOWS\system32\drivers\urfltw2k.sys

2011/06/23 17:11:15.0312 1704 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/23 17:11:15.0531 1704 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/23 17:11:15.0703 1704 FileMonitor (105df2089fea245e8f80984ae91158dc) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

2011/06/23 17:11:15.0906 1704 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/23 17:11:16.0093 1704 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/06/23 17:11:16.0265 1704 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/06/23 17:11:16.0468 1704 fssfltr (960f5e5e4e1f720465311ac68a99c2df) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys

2011/06/23 17:11:16.0640 1704 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/23 17:11:16.0812 1704 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/23 17:11:16.0984 1704 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/23 17:11:17.0187 1704 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys

2011/06/23 17:11:17.0484 1704 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/23 17:11:17.0734 1704 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/06/23 17:11:17.0937 1704 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/06/23 17:11:18.0140 1704 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/06/23 17:11:18.0343 1704 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/23 17:11:18.0687 1704 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys

2011/06/23 17:11:18.0906 1704 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/06/23 17:11:19.0234 1704 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/23 17:11:19.0531 1704 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/06/23 17:11:19.0703 1704 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/23 17:11:19.0890 1704 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/06/23 17:11:20.0062 1704 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/06/23 17:11:20.0250 1704 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/23 17:11:20.0468 1704 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/23 17:11:20.0640 1704 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/23 17:11:20.0796 1704 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/23 17:11:20.0984 1704 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/23 17:11:21.0125 1704 ISWKL (eb8594268cf50baaecbe82d70c833533) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

2011/06/23 17:11:21.0359 1704 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/23 17:11:21.0578 1704 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/23 17:11:21.0781 1704 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/23 17:11:21.0984 1704 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/23 17:11:22.0390 1704 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/23 17:11:22.0609 1704 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/23 17:11:22.0812 1704 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/23 17:11:23.0046 1704 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/23 17:11:23.0218 1704 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/23 17:11:23.0671 1704 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/23 17:11:23.0875 1704 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/23 17:11:24.0140 1704 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/23 17:11:24.0312 1704 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/23 17:11:24.0484 1704 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/23 17:11:24.0671 1704 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/23 17:11:24.0859 1704 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/23 17:11:25.0031 1704 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/23 17:11:25.0296 1704 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/23 17:11:25.0484 1704 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/23 17:11:25.0656 1704 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/23 17:11:25.0843 1704 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/23 17:11:26.0031 1704 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/23 17:11:26.0203 1704 NEOFLTR_540_11529 (0db28a93cded5e6e34df5e28bb1c7fa8) C:\WINDOWS\system32\Drivers\NEOFLTR_540_11529.SYS

2011/06/23 17:11:26.0437 1704 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/23 17:11:26.0625 1704 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/23 17:11:26.0875 1704 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/23 17:11:27.0062 1704 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/23 17:11:27.0359 1704 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/23 17:11:27.0562 1704 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/23 17:11:27.0765 1704 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/23 17:11:27.0968 1704 palmmdm (836e48de7630d419f6ad2728d79a2615) C:\WINDOWS\system32\DRIVERS\palmmdm.sys

2011/06/23 17:11:28.0140 1704 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\WINDOWS\system32\drivers\PalmUSBD.sys

2011/06/23 17:11:28.0359 1704 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/06/23 17:11:28.0531 1704 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/23 17:11:28.0718 1704 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/23 17:11:28.0953 1704 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/23 17:11:29.0281 1704 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/23 17:11:29.0437 1704 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/23 17:11:30.0406 1704 pnetmdm (750318586b5ea1e7f48e2dbe54074c7e) C:\WINDOWS\system32\DRIVERS\pnetmdm.sys

2011/06/23 17:11:30.0593 1704 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/23 17:11:30.0781 1704 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/23 17:11:30.0968 1704 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/23 17:11:31.0781 1704 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/23 17:11:31.0968 1704 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/23 17:11:32.0156 1704 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/23 17:11:32.0359 1704 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/23 17:11:32.0546 1704 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/23 17:11:32.0750 1704 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/23 17:11:32.0937 1704 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/06/23 17:11:33.0156 1704 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/23 17:11:33.0375 1704 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/23 17:11:33.0562 1704 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

2011/06/23 17:11:33.0796 1704 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/06/23 17:11:33.0968 1704 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/06/23 17:11:34.0234 1704 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/23 17:11:34.0468 1704 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys

2011/06/23 17:11:34.0781 1704 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/23 17:11:34.0968 1704 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/23 17:11:35.0234 1704 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/23 17:11:35.0625 1704 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys

2011/06/23 17:11:35.0937 1704 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/23 17:11:36.0187 1704 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/23 17:11:36.0390 1704 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/23 17:11:36.0609 1704 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/06/23 17:11:36.0859 1704 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/23 17:11:37.0046 1704 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/23 17:11:37.0687 1704 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/23 17:11:37.0890 1704 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/23 17:11:38.0203 1704 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/23 17:11:38.0406 1704 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/23 17:11:38.0625 1704 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/23 17:11:38.0968 1704 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/23 17:11:39.0343 1704 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/23 17:11:39.0578 1704 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

2011/06/23 17:11:39.0796 1704 urvpndrv (e6264b89c494d2efbf0a51629089da0e) C:\WINDOWS\system32\DRIVERS\covpndrv.sys

2011/06/23 17:11:40.0000 1704 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/06/23 17:11:40.0234 1704 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/23 17:11:40.0453 1704 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/23 17:11:40.0625 1704 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/23 17:11:40.0843 1704 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/23 17:11:41.0015 1704 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/23 17:11:41.0203 1704 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/23 17:11:41.0390 1704 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/23 17:11:41.0562 1704 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/23 17:11:41.0796 1704 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/23 17:11:41.0937 1704 vsdatant (0354ba3a5ba5e28cc247eb5f5dd8793c) C:\WINDOWS\system32\vsdatant.sys

2011/06/23 17:11:42.0250 1704 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/23 17:11:42.0562 1704 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/23 17:11:42.0843 1704 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/06/23 17:11:43.0234 1704 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/23 17:11:43.0359 1704 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/23 17:11:43.0468 1704 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/06/23 17:11:43.0656 1704 ================================================================================

2011/06/23 17:11:43.0656 1704 Scan finished

2011/06/23 17:11:43.0656 1704 ================================================================================

2011/06/23 17:11:43.0687 1604 Detected object count: 0

2011/06/23 17:11:43.0687 1604 Actual detected object count: 0

Link to post
Share on other sites

Are you on a Router with this PC Megan?

Please download exeHelper from one of the two links.

Link 1

Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Next

Click here to download Dr.Web CureIt and save it to your desktop.

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.

Link to post
Share on other sites

The Dr.Web CureIt! Complete scan JUST finished and found 10 items, but I wanted to verify how I should proceed, since it's been updated from the instructions.

I selected all and clicked Cure, which brought up the submenu, where I selected Move Incurable. 4 were moved, but the others do not show that any actions were taken under the Action column. When I went to exit Dr.Web CureIt!, it asked if I was sure that I wanted to close since "The list of detected threats contains objects to which no actions were applied. It is recommended to neutralize them before closing the application."

Did/Should this application cure the other 6 objects? Should I close, even with this warning message? I went back and selected all and clicked Move, but again, no action was listed for the other 6 items. How should I proceed? TY

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.