Jump to content

Help with combofix.exe.


Recommended Posts

ComboFix 11-06-29.05 - USER 06/29/2011 15:08:10.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3327.2708 [GMT -4:00]

Running from: c:\documents and settings\USER\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\USER\Desktop\Windows XP Restore.lnk

c:\documents and settings\USER\Start Menu\Programs\Windows XP Restore

c:\documents and settings\USER\Start Menu\Programs\Windows XP Restore\Uninstall Windows XP Restore.lnk

c:\documents and settings\USER\Start Menu\Programs\Windows XP Restore\Windows XP Restore.lnk

c:\program files\Common Files\Uninstall

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-29 )))))))))))))))))))))))))))))))

.

.

2011-06-29 17:01 . 2011-06-29 17:01 -------- d-----w- c:\program files\VS Revo Group

2011-06-27 02:16 . 2011-06-27 02:16 -------- d-----w- c:\documents and settings\USER\Application Data\Malwarebytes

2011-06-27 02:16 . 2011-06-27 02:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-27 02:16 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-27 02:16 . 2011-06-27 02:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-26 21:57 . 2011-06-26 21:57 -------- d-----w- c:\windows\Sun

2011-06-26 21:57 . 2011-06-26 21:57 -------- d-----w- c:\program files\Common Files\Java

2011-06-26 21:57 . 2011-06-26 21:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-26 21:57 . 2011-06-26 21:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-26 21:56 . 2011-06-26 21:56 -------- d-----w- c:\program files\Java

2011-06-26 21:23 . 2011-06-26 21:23 -------- d-----w- c:\program files\MSXML 4.0

2011-06-26 21:20 . 2011-04-25 16:11 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2011-06-26 21:20 . 2011-04-25 16:11 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-06-26 21:20 . 2011-04-25 16:11 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2011-06-26 21:20 . 2011-04-25 16:11 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2011-06-26 21:20 . 2011-04-25 16:11 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2011-06-26 21:20 . 2011-04-25 16:11 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll

2011-06-26 21:20 . 2011-04-29 16:19 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys

2011-06-26 21:12 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-06-26 21:11 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys

2011-06-26 21:11 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys

2011-06-26 20:41 . 2011-06-26 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2011-06-26 20:41 . 2011-06-26 20:41 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2011-06-26 20:18 . 2011-06-26 20:18 -------- d-----w- c:\documents and settings\USER\Application Data\Driver Smith

2011-06-26 20:18 . 2011-06-26 20:18 -------- d-----w- c:\program files\DriverSmith

2011-06-26 20:09 . 2011-06-26 21:27 -------- d--h--w- c:\windows\$hf_mig$

2011-06-26 20:08 . 2009-08-06 23:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2011-06-26 20:08 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll

2011-06-26 20:08 . 2009-08-06 23:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2011-06-26 20:08 . 2009-08-06 23:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2011-06-26 20:08 . 2009-08-06 23:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2011-06-26 19:51 . 2011-06-26 19:51 -------- d-----w- C:\GameHouse Games

2011-06-26 18:45 . 2011-06-26 18:45 -------- d-----w- c:\documents and settings\USER\Application Data\WendigoStudios

2011-06-26 18:45 . 2011-06-26 18:45 -------- d-----w- c:\program files\The Timebuilders - Caveman's Prophecy

2011-06-25 22:28 . 2011-06-25 22:29 -------- d-----w- c:\program files\Wedding Dash 2 - Rings Around the World

2011-06-20 02:55 . 2011-06-20 02:55 -------- d-----w- c:\program files\Diner Dash - Hometown Hero

2011-06-20 02:49 . 2011-06-20 02:49 -------- d-----w- c:\program files\Hells Kitchen

2011-06-20 00:45 . 2011-06-20 00:45 -------- d-----w- c:\documents and settings\USER\Application Data\Ludia

2011-06-20 00:45 . 2011-06-20 00:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Ludia

2011-06-19 01:17 . 2006-03-04 01:03 69632 ----a-w- c:\windows\system32\HPZipm12.1

2011-06-16 02:02 . 2011-06-16 02:02 -------- d-----w- c:\program files\Ghost in the Sheet

2011-06-09 20:19 . 2011-06-09 20:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2011-06-09 17:36 . 2011-06-09 17:36 388096 ----a-r- c:\documents and settings\USER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-06-09 17:36 . 2011-06-09 17:36 -------- d-----w- c:\program files\Trend Micro

2011-06-09 02:07 . 2011-04-14 18:01 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2011-06-09 02:07 . 2011-04-14 18:01 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2011-06-09 02:07 . 2011-04-14 18:01 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2011-06-09 02:07 . 2011-04-14 18:01 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2011-06-09 02:07 . 2011-04-14 18:01 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys

2011-06-09 02:07 . 2011-04-14 18:01 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2011-06-09 02:07 . 2011-04-14 18:01 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2011-06-09 02:07 . 2011-04-14 18:01 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2011-06-09 02:07 . 2011-06-09 02:07 -------- d-----w- c:\program files\Common Files\Mcafee

2011-06-09 02:06 . 2011-06-09 03:38 -------- d-----w- c:\program files\McAfee

2011-06-09 01:55 . 2011-03-13 15:45 148520 ----a-w- c:\windows\system32\mfevtps.exe

2011-06-09 01:55 . 2011-06-09 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2011-06-08 19:36 . 2011-06-09 02:01 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-06-08 19:36 . 2011-06-09 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-06-08 17:34 . 2011-06-09 01:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!

2011-06-02 01:24 . 2011-06-02 01:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

2011-06-02 01:16 . 2011-06-02 01:18 -------- d-----w- C:\Zylom Games

2011-06-02 01:15 . 2011-06-26 19:51 -------- d-----w- c:\program files\RealArcade

2011-06-02 01:13 . 2011-06-02 01:13 -------- d-----w- c:\program files\Wedding Dash 4-Ever

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-29 19:02 . 2011-04-22 15:38 1409 ----a-w- c:\windows\QTFont.for

2011-05-02 15:31 . 2010-02-19 15:47 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 16:19 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 16:11 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 16:11 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-04-25 16:11 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-04-25 12:01 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2008-04-14 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"bluebirds"="c:\documents and settings\USER\Bluebirds\BlueBirds.exe" [2009-04-29 270336]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]

"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-05-05 1195408]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-04-11 77824]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

.

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [6/8/2011 10:07 PM 84200]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/8/2011 10:07 PM 271480]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/8/2011 10:07 PM 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [6/8/2011 10:07 PM 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [6/8/2011 10:07 PM 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [6/8/2011 9:55 PM 148520]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [6/8/2011 10:07 PM 56064]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [6/8/2011 10:07 PM 314088]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [6/8/2011 10:07 PM 88736]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/26/2011 10:16 PM 366640]

S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/26/2011 10:16 PM 39984]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [6/8/2011 10:07 PM 88736]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [6/8/2011 10:07 PM 84488]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - mfeavfk01

.

Contents of the 'Scheduled Tasks' folder

.

2010-11-01 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\system32\cleanmgr.exe [2008-04-14 12:00]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://ca.yahoo.com/?p=us

TCP: DhcpNameServer = 64.71.255.198

.

- - - - ORPHANS REMOVED - - - -

.

Notify-TPSvc - TPSvc.dll

AddRemove-BFG-Wedding Dash - Ready, Aim, Love - c:\program files\Wedding Dash - Ready

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-06-29 15:10

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-06-29 15:11:55

ComboFix-quarantined-files.txt 2011-06-29 19:11

.

Pre-Run: 548,412,821,504 bytes free

Post-Run: 548,578,459,648 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - C06FFEC19A543C2FC9C165B71F7AC792

Link to post
Share on other sites

  • Replies 57
  • Created
  • Last Reply

Top Posters In This Topic

Well that was scary! While running, it said: " The drive Volsnap.sys is patched with a rootkit attempting disinfection. Then...Combofix has detected the presence of rootkit activity and needs to reboot..." My McAfee warning popped up (because I disabled it) but I didn't click on it because it says not to click on anything while running combofix. When the computer started up again. The Windows startup "tune" played. I haven't heard that in awhile. I still have nothing between USER and All Programs on the left side. When I click on All Programs my programs are still listed but most say "empty". My McAfee icon at the bottom has disappeared. I guess it uninstalled? Ummm it seems to be running a little better. I haven't really checked anything yet? Originally I only had Recycle Bin left on my desktop after this happened. I used "unhide something or other" to get some back. Is there anything I should check? I guess now you can see all the dorky games I play. :rolleyes:

Link to post
Share on other sites

Hello again. ComboFix cleared the main infection. However, we have more to do. ;)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

---------

My McAfee warning popped up (because I disabled it)

It appears that you haven't fully uninstalled McAfee, only disabled it. As I said before, you need to uninstall McAfee:

***Note: In order for ComboFix to run properly McAfee must be uninstalled. Please go here and follow the instructions to uninstall McAfee.

You can reinstall it after the computer is clean.

Please do NOT proceed with running anything related to ComboFix until you have uninstalled McAfee. If you need assistance, let me know before you move on to anything else. ;)

---------

Please download and run the following file: http://download.bleepingcomputer.com/grinler/beta/unhide.exe

Let me know if that restores your missing Start Menu and Desktop shortcuts.

Please note that if you have recently deleted your temporary files, you will be unable to restore these missing shortcuts.

---------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt

how the PC is running now?

---------

In your next reply, please include the TDSSKiller report.

Please let me know how your computer is running now. :)

Link to post
Share on other sites

Ok, dumb question number??? In the directions it says before using the McAfee uninstall tool you must remove with your add or remove program in control panel first. I have an option (check box) to remove "browser tools/site advisor" as well as McAfee AntiVirus Plus (check box). Do I check both?

Link to post
Share on other sites

I kind of think I saw a flash of uninstall was unsuccessful before I had to reboot, but I'm pretty sure it's uninstalled. wow this must be so frustrating for you. I'm a nervous wreck here.

You're doing fine, don't worry. ;)

Run combofix again?

No. Please see these instructions: http://forums.malwarebytes.org/index.php?showtopic=87712&view=findpost&p=447107

Link to post
Share on other sites

2011/06/29 23:11:34.0687 2836 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16

2011/06/29 23:11:35.0093 2836 ================================================================================

2011/06/29 23:11:35.0093 2836 SystemInfo:

2011/06/29 23:11:35.0093 2836

2011/06/29 23:11:35.0093 2836 OS Version: 5.1.2600 ServicePack: 3.0

2011/06/29 23:11:35.0093 2836 Product type: Workstation

2011/06/29 23:11:35.0093 2836 ComputerName: SEB-0C1

2011/06/29 23:11:35.0093 2836 UserName: USER

2011/06/29 23:11:35.0093 2836 Windows directory: C:\WINDOWS

2011/06/29 23:11:35.0093 2836 System windows directory: C:\WINDOWS

2011/06/29 23:11:35.0093 2836 Processor architecture: Intel x86

2011/06/29 23:11:35.0093 2836 Number of processors: 2

2011/06/29 23:11:35.0093 2836 Page size: 0x1000

2011/06/29 23:11:35.0093 2836 Boot type: Normal boot

2011/06/29 23:11:35.0093 2836 ================================================================================

2011/06/29 23:11:36.0281 2836 Initialize success

2011/06/29 23:11:42.0421 1604 ================================================================================

2011/06/29 23:11:42.0421 1604 Scan started

2011/06/29 23:11:42.0421 1604 Mode: Manual;

2011/06/29 23:11:42.0421 1604 ================================================================================

2011/06/29 23:11:43.0468 1604 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/06/29 23:11:43.0500 1604 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/06/29 23:11:43.0546 1604 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/06/29 23:11:43.0578 1604 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/06/29 23:11:43.0671 1604 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/06/29 23:11:43.0687 1604 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/06/29 23:11:43.0703 1604 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/06/29 23:11:43.0734 1604 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/06/29 23:11:43.0781 1604 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/06/29 23:11:43.0859 1604 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/06/29 23:11:43.0906 1604 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/06/29 23:11:43.0906 1604 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/06/29 23:11:43.0953 1604 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys

2011/06/29 23:11:43.0984 1604 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/06/29 23:11:44.0062 1604 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/06/29 23:11:44.0093 1604 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/06/29 23:11:44.0140 1604 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/06/29 23:11:44.0156 1604 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/06/29 23:11:44.0171 1604 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/06/29 23:11:44.0187 1604 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/06/29 23:11:44.0218 1604 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/06/29 23:11:44.0281 1604 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/06/29 23:11:44.0406 1604 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/06/29 23:11:44.0546 1604 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/06/29 23:11:44.0562 1604 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/06/29 23:11:44.0671 1604 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/06/29 23:11:44.0671 1604 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/06/29 23:11:44.0703 1604 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/06/29 23:11:44.0718 1604 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/06/29 23:11:44.0765 1604 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/06/29 23:11:44.0812 1604 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/06/29 23:11:44.0812 1604 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/06/29 23:11:44.0843 1604 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/06/29 23:11:44.0859 1604 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/06/29 23:11:44.0921 1604 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/06/29 23:11:44.0921 1604 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/06/29 23:11:45.0046 1604 IntcAzAudAddService (fb4293b1eab313c28d4a1b8db61aca72) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/06/29 23:11:45.0078 1604 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/06/29 23:11:45.0109 1604 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/06/29 23:11:45.0109 1604 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/06/29 23:11:45.0140 1604 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/06/29 23:11:45.0156 1604 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/06/29 23:11:45.0171 1604 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/06/29 23:11:45.0187 1604 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/06/29 23:11:45.0203 1604 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/06/29 23:11:45.0218 1604 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/06/29 23:11:45.0250 1604 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/06/29 23:11:45.0281 1604 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/06/29 23:11:45.0312 1604 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2011/06/29 23:11:45.0390 1604 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/06/29 23:11:45.0406 1604 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/06/29 23:11:45.0421 1604 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/06/29 23:11:45.0437 1604 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/06/29 23:11:45.0468 1604 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/06/29 23:11:45.0468 1604 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/06/29 23:11:45.0515 1604 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/06/29 23:11:45.0562 1604 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/06/29 23:11:45.0578 1604 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/06/29 23:11:45.0578 1604 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/06/29 23:11:45.0609 1604 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/06/29 23:11:45.0609 1604 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/06/29 23:11:45.0640 1604 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/06/29 23:11:45.0671 1604 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys

2011/06/29 23:11:45.0687 1604 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/06/29 23:11:45.0703 1604 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/06/29 23:11:45.0718 1604 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/06/29 23:11:45.0734 1604 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/06/29 23:11:45.0750 1604 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/06/29 23:11:45.0765 1604 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/06/29 23:11:45.0765 1604 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/06/29 23:11:45.0796 1604 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/06/29 23:11:45.0812 1604 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/06/29 23:11:45.0843 1604 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/06/29 23:11:45.0890 1604 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/06/29 23:11:46.0125 1604 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/06/29 23:11:46.0328 1604 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/06/29 23:11:46.0343 1604 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/06/29 23:11:46.0359 1604 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2011/06/29 23:11:46.0359 1604 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/06/29 23:11:46.0390 1604 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/06/29 23:11:46.0406 1604 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/06/29 23:11:46.0421 1604 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/06/29 23:11:46.0421 1604 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/06/29 23:11:46.0484 1604 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/06/29 23:11:46.0500 1604 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/06/29 23:11:46.0531 1604 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/06/29 23:11:46.0562 1604 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/06/29 23:11:46.0593 1604 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/06/29 23:11:46.0593 1604 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/06/29 23:11:46.0609 1604 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/06/29 23:11:46.0609 1604 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/06/29 23:11:46.0625 1604 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/06/29 23:11:46.0656 1604 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/06/29 23:11:46.0687 1604 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/06/29 23:11:46.0718 1604 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/06/29 23:11:46.0750 1604 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/06/29 23:11:46.0765 1604 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/06/29 23:11:46.0765 1604 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/06/29 23:11:46.0828 1604 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/06/29 23:11:46.0859 1604 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/06/29 23:11:46.0875 1604 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/06/29 23:11:46.0890 1604 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/06/29 23:11:46.0906 1604 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/06/29 23:11:46.0968 1604 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/06/29 23:11:47.0000 1604 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/06/29 23:11:47.0015 1604 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/06/29 23:11:47.0031 1604 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/06/29 23:11:47.0046 1604 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/06/29 23:11:47.0078 1604 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/06/29 23:11:47.0093 1604 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/06/29 23:11:47.0140 1604 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/06/29 23:11:47.0171 1604 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/06/29 23:11:47.0218 1604 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/06/29 23:11:47.0265 1604 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/06/29 23:11:47.0312 1604 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/06/29 23:11:47.0312 1604 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/06/29 23:11:47.0328 1604 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/06/29 23:11:47.0328 1604 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/06/29 23:11:47.0406 1604 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/06/29 23:11:47.0406 1604 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/06/29 23:11:47.0437 1604 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/06/29 23:11:47.0515 1604 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/06/29 23:11:47.0531 1604 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/06/29 23:11:47.0562 1604 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

2011/06/29 23:11:47.0671 1604 Boot (0x1200) (7815d5823244d9a562ce5f0bbfe66e31) \Device\Harddisk0\DR0\Partition0

2011/06/29 23:11:47.0687 1604 ================================================================================

2011/06/29 23:11:47.0687 1604 Scan finished

2011/06/29 23:11:47.0687 1604 ================================================================================

2011/06/29 23:11:47.0687 2044 Detected object count: 0

2011/06/29 23:11:47.0687 2044 Actual detected object count: 0

Link to post
Share on other sites

Please note that if you have recently deleted your temporary files, you will be unable to restore these missing shortcuts.

You'll have to rebuild your Start Menu folders manually I'm afraid. To do this, locate the program folder in your Program Files folder (C:\Program Files\Mozilla Firefox\, for example). Then locate the program launcher (like Firefox.exe), and drag it to the Start Menu folder you desire.

See this link for further details: http://support.microsoft.com/kb/152122

-------

Your logs appear to be clean! :) Let's run an online scan to confirm:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

That went way too fast. Did I do something wrong? Still nothing in Start Menu between USER and All Programs. When I click on All programs most are empty. The most annoying things are gone...redirect, pop ups and I now have sound that was missing in certain programs. Seems clean to me. Just the start menu and programs problem.

Link to post
Share on other sites

That went way too fast. Did I do something wrong? Still nothing in Start Menu between USER and All Programs. When I click on All programs most are empty. The most annoying things are gone...redirect, pop ups and I now have sound that was missing in certain programs. Seems clean to me. Just the start menu and programs problem.

Please read the beginning of my last post.

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=db655807c38bc34daada13d708d303d2

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-06-30 03:56:19

# local_time=2011-06-29 11:56:19 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 842221 842221 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=102382

# found=1

# cleaned=1

# scan_time=1365

C:\System Volume Information\_restore{A44B635F-9312-4054-914B-2AD797F5D106}\RP7\A0000720.sys Win32/Olmasco.E trojan (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

Your logs appear to be clean! :)

If you need any help with rebuilding your Start Menu folders, don't hesitate to let me know. ;)

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

ESET Online Scanner v3

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

Link to post
Share on other sites

Yes, I would appreciate help with my Start Menu. This is going to sound really stupid (I'm sure you're used to it by now) but...what is normally there? I forget, it's been so long :rolleyes: I would like it just the way it was. I read the instructions but ofcourse I didn't really understand them. :blink: Although in my defence, it was pretty late. Also, when can I reinstall my McAfee...that other virus. Ok, I'm being sarcastic now. :P I should appreciate it more after all this. Now, that I'm cleaning up this machine, I'm thinking it's been infected with "stuff" for awhile. Did I mention malware bites?! :angry:;) Thanks so very much for your help and patience. I suppose you already assumed you haven't finished with me yet. :)

Link to post
Share on other sites

No worries, I'll go into more detail ;):

Anything that is missing are just shortcuts. You can go to C:/Program Files and open up the individual program you are looking for (ex) Microsoft Office/Microsoft Word etc. Right click the .exe file (ex) WinWord.exe and either choose to Send To..Desktop (make shortcut) or choose Pin To Start Menu. Do this for all programs you want shortcuts to.

Does that help?

Also, when can I reinstall my McAfee

I'll let you know when its safe to reinstall it :).

Link to post
Share on other sites

I would like my start menu to look the same as it did originally. When I click on start there is nothing between USER (little picture) and "All Programs" on the left hand side. I can't remember what use to be there? When I click on All Programs, my programs are all there but some say empty. All the important ones seem fine so that's not really a problem. My desktop icons are back. My computer is behaving nicely and it is running faster. I'm sure that will change when I reinstall McAfee. I've done so much to this computer in the last week or two, I have no idea what changed what? If that makes any sense? For instance I purchased and installed McAfee after I got the FakeAlertgrb Trojan. I also installed my Microsoft Security Center (Automatic Updates) and downloaded a bunch of updates. I hear that's important. As you can tell I don't like a lot of "stuff" on my computer. Well we know how that worked out! I'm not sure if that would have stopped the problem.

Wow, when I reread my replies I sound like an idiot. You must think "Some people should just NOT own a computer!"

I'm totally resisting the urge to use emoticons. It's difficult. :rolleyes: oops!

Link to post
Share on other sites

I would like my start menu to look the same as it did originally. When I click on start there is nothing between USER (little picture) and "All Programs" on the left hand side.

As I said before, you will have to manually rebuild the Start Menu shortcuts you wish to keep.

Let's try one last thing to see if they're on your computer:

Please download and run this file: http://download.bleepingcomputer.com/bats/smtmp.bat

A log will open. Please paste the contents in your next reply.

Link to post
Share on other sites

Unfortunately, your Start Menu shortcuts have been deleted. You most likely inadvertently cleared your temp files directly after you got infected. :(

You'll have to manually rebuild your Start Menu folder by locating the programs you desire, and then creating shortcuts for them in the Start Menu.

-------------

I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;) :

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

**You may now reinstall McAfee and Spybot if you haven't already.

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.