Jump to content

REDIRECT VIRUS


Recommended Posts

I think i might have the redirect virus but im not too sure. I saw that I had the Page Rage software installed on my PC. i have googled the page rage software and have seen that it does quite a bit of redirecting to different sites. i dont know if that the true culprit behind the redirecting problem. I have AVG and Malwarebytes and neither of them produce the TDSS virus. The AVG did produce some excutable files. I downloaded Hitman pro 3.5 which a rootkit was found and quarantined. but yet the problem still presists. Can anyone help me. I thought that this was an issue from almost 2weeks now. But now i think this might have started after i removed the Windows XP Repair virus, which has been a anywhere from 3 1/2wks to a month. Im sad to say i can not remember. but i would really appreciate any help that is offerred. Thanks, Ashlee

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

HI!!! thanks for the reply. i have read the list of things to do and before i embark i would like to address an on going situation. I have the TDSS app downloaded to my desktop right now. I cant get it run under any circumstance. If i rename it with a .com it doesnt run and if i leave it as is it doesnt run. Im also in the process of trying to, well at that time i was attempting to update my Java. I downloaded to file on my desktop neccessary to do that and removed all other tracess of the old Java. Upon tryig to install the updated Java, it went thru and prompted for the installation to close since it was installed properly. RIGHT after i clicked the close button a pop up was shown saying: Installer: Wrapper.CreateFile failed with error 5: Access is denied. I then ran a security check scan to see if it had indeed downloaded in which it hadnt. Im not sure if that would be a conflict with the TDSS but i felt it was worthy of mentioning. So what im asking now, would you like for me to proceed with the first 2 mentioned on the list for now and wait for further instructions or see can the TDSS installation problem be fixed somehow or maybe take another route. Thanks, Ashlee!!!

Link to post
Share on other sites

Lets see if I can see anything bad in DDS

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt in your next reply

Link to post
Share on other sites

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by DAVID JOHNS at 17:39:29 on 2011-07-05

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.153 [GMT -4:00]

.

AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled*

.

============== Running Processes ===============

.

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\notepad.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\davidj~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-explorer: <NO NAME> =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

TCP: Interfaces\{86CD6A38-A5C2-421F-9D90-FE94F45A425B} : DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVENG.SYS [2008-10-20 89104]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVEX15.SYS [2008-10-20 873552]

.

=============== Created Last 30 ================

.

2011-07-05 18:41:33 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-03 00:13:31 -------- dc----w- C:\MTV_OUTPUT

2011-07-02 00:00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-28 21:10:48 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-06-28 18:02:01 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-28 18:01:52 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-28 17:58:35 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-06-25 09:54:51 -------- d-----w- c:\documents and settings\david johns\.frostwire4.20

2011-06-24 07:56:37 -------- d-----w- c:\program files\common files\xing shared

2011-06-24 07:44:28 -------- d-----w- c:\documents and settings\all users\application data\WildTangent

2011-06-21 07:54:22 -------- dc-h--w- C:\$AVG

2011-06-21 06:57:43 -------- d-----w- c:\documents and settings\david johns\application data\AVG10

2011-06-21 06:45:08 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar

2011-06-21 06:37:24 -------- d-----w- c:\windows\system32\drivers\AVG

2011-06-21 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-21 06:32:31 -------- d-----w- c:\program files\AVG

2011-06-19 04:58:26 1409 ----a-w- c:\windows\QTFont.for

2011-06-17 04:25:10 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2011-06-17 04:22:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-17 00:27:03 -------- d--h--w- c:\documents and settings\david johns\application data\QuickScan

2011-06-17 00:25:33 -------- d--h--w- c:\documents and settings\david johns\application data\GetRightToGo

2011-06-16 08:15:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-16 08:15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 00:27:17 -------- d-----w- c:\documents and settings\all users\application data\bdch

2011-06-15 23:38:37 17748 ---ha-w- c:\windows\oxodosayeroxeh.dll

2011-06-14 02:52:07 16758 ---ha-w- c:\windows\ajuxuwibi.dll

2011-06-08 00:11:02 -------- d-----w- c:\documents and settings\all users\application data\BitDefender

2011-06-08 00:06:42 -------- d-----w- c:\documents and settings\all users\application data\938b0000-28ab-46a7-4f71-91faa4025193

2011-06-07 23:47:56 -------- d-----w- c:\documents and settings\all users\application data\5d090000-443-4453-42f5-668481964189

2011-06-05 22:46:55 17748 ---ha-w- c:\windows\ocikogike.dll

2011-06-05 22:46:26 17748 ---ha-w- c:\windows\ojoqecuz.dll

.

==================== Find3M ====================

.

2011-06-24 07:54:26 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-15 23:38:14 0 ---ha-w- c:\windows\Eheyotoyefuluga.bin

2011-06-04 02:27:56 17748 ---ha-w- c:\windows\uxevehadaj.dll

2011-06-04 02:27:21 17748 ---ha-w- c:\windows\unatedapesanuk.dll

2011-06-03 04:57:32 452 ----a-w- c:\program files\060320110573220.bat

2011-06-01 21:41:05 17748 ---ha-w- c:\windows\iqogidelubemojok.dll

2011-06-01 21:39:57 17748 ---ha-w- c:\windows\ajufitizoyiz.dll

2011-05-29 01:41:22 17748 ---ha-w- c:\windows\ucejosif.dll

2011-05-22 00:54:32 456 ----a-w- c:\program files\0521201120543228.bat

2011-05-22 00:51:39 452 ----a-w- c:\program files\0521201120513921.bat

2011-05-21 03:50:28 456 ----a-w- c:\program files\0520201123502781.bat

2011-05-20 01:23:39 1321 ---ha-w- c:\windows\kbdmsat.exe

2011-05-15 07:19:45 17748 ---ha-w- c:\windows\iviyokaxu.dll

2011-05-12 22:11:23 17748 ---ha-w- c:\windows\ewanoyivoq.dll

2011-05-07 05:17:03 17017 ---ha-w- c:\windows\ewuzomopajeboy.dll

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 17:44:33.23 ===============

Link to post
Share on other sites

I look at the scan but in the mean time, you're showing 2 anti-virus programs.

AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

I'll take it you tried to uninstall Norton 360.

Try this:

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US

Link to post
Share on other sites

My guess is these are the problem

c:\windows\kbdmsat.exe

c:\windows\Eheyotoyefuluga.bin

c:\windows\uxevehadaj.dll

c:\windows\unatedapesanuk.dll

c:\program files\060320110573220.bat

c:\windows\iqogidelubemojok.dll

c:\windows\ajufitizoyiz.dll

c:\windows\ucejosif.dll

c:\program files\0521201120543228.bat

c:\program files\0521201120513921.bat

c:\program files\0520201123502781.bat

c:\windows\iviyokaxu.dll

c:\windows\ewanoyivoq.dll

c:\windows\ewuzomopajeboy.dll

c:\windows\oxodosayeroxeh.dll

c:\windows\ajuxuwibi.dll

c:\windows\ocikogike.dll

c:\windows\ojoqecuz.dll

Open Taskmanager and end the procees for any of those listed above.

Mainly this one:

kbdmsat.exe

Now try TDSSKiller or MBAM

Link to post
Share on other sites

Ok....i opened the task manager and the process was not one listed under the ones running. So where do i go from here?? i have another concern to address. i have a iexplorer.exe running by itself at a high rate....331,636K. This process continues to run even after i close all window browsers. should i be concerned?? could this be a virus, trojan, or malware???

Link to post
Share on other sites

I found this info and its interesting. upon going into me Local Disk drive i noticed that my files had been hidden....interesting by itself. i made the files visible and went to my doc and settings...desktop...and found my icons...i right clicked on the TDSS icon....properties...and under attributes(neither the read only or hidden box are checked) at the very bottom there is an option labeled security and says This file came from another computer and may be blocked to help protect this computer and then it has the option to unblock. could this be hindering the app from not running when clicked on??

Link to post
Share on other sites

I found this info and its interesting. upon going into me Local Disk drive i noticed that my files had been hidden....interesting by itself. i made the files visible and went to my doc and settings...desktop...and found my icons...i right clicked on the TDSS icon....properties...and under attributes(neither the read only or hidden box are checked) at the very bottom there is an option labeled security and says This file came from another computer and may be blocked to help protect this computer and then it has the option to unblock. could this be hindering the app from not running when clicked on??

Yes it could.

Be sure to Run as Administrator

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

See if TDSSKiller will now run

Link to post
Share on other sites

Yea mbam will run. I have done another scan using the AVG and it picked up 3 spyware things. 2 for the yontoo layers clients and 1 located in the programs files for internet explorer.....ieplorer.exe. they have been moved to the virus vault but the problem remains

Link to post
Share on other sites

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by DAVID JOHNS at 17:04:12 on 2011-07-09

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.230 [GMT -4:00]

.

AV: AVG Anti-Virus 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled*

.

============== Running Processes ===============

.

C:\Program Files\AVG\AVG10\avgchsvx.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AVG\AVG10\avgam.exe

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

C:\Program Files\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\WINDOWS\system32\REGSVR32.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=laptop

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll

BHO: Updater For Simppull Toolbar: {c4b8bab4-1667-11df-a242-ba9455d89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll

TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [itibiti.exe] c:\program files\itibiti soft phone\Itibiti.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [ccApp] c:\program files\common files\symantec shared\ccApp.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\davidj~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

uPolicies-explorer: <NO NAME> =

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - hxxp://l.yimg.com/jh/games/web_games/gamehouse/frenzy/SproutLauncher.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

TCP: Interfaces\{86CD6A38-A5C2-421F-9D90-FE94F45A425B} : DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-15 200192]

R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-10-1 1245064]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-6-21 1025352]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\belkin\belkin~1.11g\dnindis5.sys --> c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-12 135664]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-16 39984]

S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVENG.SYS [2008-10-20 89104]

S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20081020.003\NAVEX15.SYS [2008-10-20 873552]

.

=============== Created Last 30 ================

.

2011-07-09 02:57:28 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-03 00:13:31 -------- dc----w- C:\MTV_OUTPUT

2011-07-02 00:00:01 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-28 21:10:48 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-06-28 18:02:01 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-28 18:01:52 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-28 17:58:35 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro

2011-06-25 09:54:51 -------- d-----w- c:\documents and settings\david johns\.frostwire4.20

2011-06-24 07:56:37 -------- d-----w- c:\program files\common files\xing shared

2011-06-24 07:44:28 -------- d-----w- c:\documents and settings\all users\application data\WildTangent

2011-06-21 07:54:22 -------- dc-h--w- C:\$AVG

2011-06-21 06:57:43 -------- d-----w- c:\documents and settings\david johns\application data\AVG10

2011-06-21 06:45:08 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar

2011-06-21 06:37:24 -------- d-----w- c:\windows\system32\drivers\AVG

2011-06-21 06:37:24 -------- d-----w- c:\documents and settings\all users\application data\AVG10

2011-06-21 06:32:31 -------- d-----w- c:\program files\AVG

2011-06-19 04:58:26 1409 ----a-w- c:\windows\QTFont.for

2011-06-17 04:25:10 -------- d-----w- c:\documents and settings\all users\application data\Common Files

2011-06-17 04:22:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData

2011-06-17 00:27:03 -------- d--h--w- c:\documents and settings\david johns\application data\QuickScan

2011-06-17 00:25:33 -------- d--h--w- c:\documents and settings\david johns\application data\GetRightToGo

2011-06-16 08:15:42 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-16 08:15:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 00:27:17 -------- d-----w- c:\documents and settings\all users\application data\bdch

2011-06-15 23:38:37 17748 ---ha-w- c:\windows\oxodosayeroxeh.dll

2011-06-14 02:52:07 16758 ---ha-w- c:\windows\ajuxuwibi.dll

.

==================== Find3M ====================

.

2011-06-24 07:54:26 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-15 23:38:14 0 ---ha-w- c:\windows\Eheyotoyefuluga.bin

2011-06-05 22:46:59 17748 ---ha-w- c:\windows\ocikogike.dll

2011-06-05 22:46:26 17748 ---ha-w- c:\windows\ojoqecuz.dll

2011-06-04 02:27:56 17748 ---ha-w- c:\windows\uxevehadaj.dll

2011-06-04 02:27:21 17748 ---ha-w- c:\windows\unatedapesanuk.dll

2011-06-03 04:57:32 452 ----a-w- c:\program files\060320110573220.bat

2011-06-01 21:41:05 17748 ---ha-w- c:\windows\iqogidelubemojok.dll

2011-06-01 21:39:57 17748 ---ha-w- c:\windows\ajufitizoyiz.dll

2011-05-29 01:41:22 17748 ---ha-w- c:\windows\ucejosif.dll

2011-05-22 00:54:32 456 ----a-w- c:\program files\0521201120543228.bat

2011-05-22 00:51:39 452 ----a-w- c:\program files\0521201120513921.bat

2011-05-21 03:50:28 456 ----a-w- c:\program files\0520201123502781.bat

2011-05-20 01:23:39 1321 ---ha-w- c:\windows\kbdmsat.exe

2011-05-15 07:19:45 17748 ---ha-w- c:\windows\iviyokaxu.dll

2011-05-12 22:11:23 17748 ---ha-w- c:\windows\ewanoyivoq.dll

2011-05-07 05:17:03 17017 ---ha-w- c:\windows\ewuzomopajeboy.dll

2011-04-15 01:28:42 134480 ----a-w- c:\windows\system32\drivers\AVGIDSDriver.sys

2010-07-08 14:37:14 101544 ----a-w- c:\program files\common files\LinkInstaller.exe

.

============= FINISH: 17:07:29.28 ===============

Link to post
Share on other sites

Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix.

AVG > AVG Removal Tool (x86) - AVG Removal Tool (x64)

AVG Identity Protection > AVGIDPUninstaller

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

My computer is still experiencing the redirecting problem with Google. after CF ran there were new programs added that i havent yet tried to see how they act....but its running the same before running CF. here are the results

ComboFix 11-07-14.05 - DAVID JOHNS 07/15/2011 3:39.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.491 [GMT -4:00]

Running from: c:\documents and settings\DAVID JOHNS\Desktop\ComboFix.exe

AV: AVG Anti-Virus 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton 360 *Disabled/Outdated* {A5F1BC7C-EA33-4247-961C-0217208396C4}

FW: Norton 360 *Disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}

c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\chrome.manifest

c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\chrome\content\_cfg.js

c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\chrome\content\overlay.xul

c:\documents and settings\DAVID JOHNS\Local Settings\Application Data\{2BC14E3C-5923-43CE-BADB-80C9B2D5C678}\install.rdf

c:\windows\ajufitizoyiz.dll

c:\windows\ajuxuwibi.dll

c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf

c:\windows\ewanoyivoq.dll

c:\windows\ewuzomopajeboy.dll

c:\windows\eyuguhey.dll

c:\windows\iqogidelubemojok.dll

c:\windows\iviyokaxu.dll

c:\windows\ocikogike.dll

c:\windows\ojoqecuz.dll

c:\windows\oxodosayeroxeh.dll

c:\windows\system32\_000110_.tmp.dll

c:\windows\ucejosif.dll

c:\windows\unatedapesanuk.dll

c:\windows\uxevehadaj.dll

c:\windows\ymante~1

.

.

((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))

.

.

2011-07-09 02:57 . 2011-07-09 02:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-07-03 00:13 . 2011-07-03 00:13 -------- dc----w- C:\MTV_OUTPUT

2011-07-02 00:00 . 2011-07-09 02:56 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-28 21:10 . 2011-06-28 21:10 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-06-28 18:02 . 2011-07-01 22:56 20552 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-06-28 18:01 . 2011-06-28 18:01 -------- d-----w- c:\program files\Hitman Pro 3.5

2011-06-28 17:58 . 2011-06-28 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro

2011-06-25 09:54 . 2011-06-25 09:54 -------- d-----w- c:\documents and settings\DAVID JOHNS\.frostwire4.20

2011-06-24 07:56 . 2011-06-24 07:56 -------- d-----w- c:\program files\Common Files\xing shared

2011-06-24 07:54 . 2011-06-24 07:56 -------- d-----w- c:\program files\Real

2011-06-24 07:44 . 2011-06-24 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent

2011-06-19 04:58 . 2011-06-19 04:58 1409 ----a-w- c:\windows\QTFont.for

2011-06-19 04:22 . 2011-06-19 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2011-06-19 00:24 . 2011-06-19 00:27 -------- d-----w- c:\windows\system32\drivers\UMDF

2011-06-17 13:11 . 2011-06-17 13:11 -------- d-----w- c:\documents and settings\DAVID JOHNS\Application Data\Template

2011-06-17 04:25 . 2011-06-17 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-06-17 04:22 . 2011-07-15 06:11 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-06-17 00:27 . 2011-06-17 00:27 -------- d--h--w- c:\documents and settings\NetworkService\Application Data\QuickScan

2011-06-17 00:27 . 2011-06-17 00:27 -------- d--h--w- c:\documents and settings\LocalService\Application Data\QuickScan

2011-06-17 00:27 . 2011-06-17 00:27 -------- d--h--w- c:\documents and settings\DAVID JOHNS\Application Data\QuickScan

2011-06-17 00:25 . 2011-06-17 00:26 -------- d--h--w- c:\documents and settings\DAVID JOHNS\Application Data\GetRightToGo

2011-06-16 08:15 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-16 08:15 . 2011-06-17 12:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-16 00:27 . 2011-06-16 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\bdch

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-24 07:54 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2011-06-03 04:57 . 2011-06-03 04:57 452 ----a-w- c:\program files\060320110573220.bat

2011-05-22 00:54 . 2011-05-22 00:54 456 ----a-w- c:\program files\0521201120543228.bat

2011-05-22 00:51 . 2011-05-22 00:51 452 ----a-w- c:\program files\0521201120513921.bat

2011-05-21 03:50 . 2011-05-21 03:50 456 ----a-w- c:\program files\0520201123502781.bat

2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-24 273544]

.

c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ALLTEL DSL Check-up Center.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ALLTEL DSL Check-up Center.lnk

backup=c:\windows\pss\ALLTEL DSL Check-up Center.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin 802.11g Wireless Card Utility.lnk

backup=c:\windows\pss\Belkin 802.11g Wireless Card Utility.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk

backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk

backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk

backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk

backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk

backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk

backup=c:\windows\pss\ymetray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^DAVID JOHNS^Start Menu^Programs^Startup^LimeWire On Startup.lnk]

path=c:\documents and settings\DAVID JOHNS\Start Menu\Programs\Startup\LimeWire On Startup.lnk

backup=c:\windows\pss\LimeWire On Startup.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

2005-07-14 04:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

2008-10-17 20:52 51048 ----a-w- c:\program files\Common Files\Symantec Shared\CCAPP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]

2005-02-17 21:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]

2005-12-22 15:57 405504 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKIJ5000StatusMonitor]

2008-07-19 03:08 1306624 ---ha-w- c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-02-17 06:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]

2005-11-16 15:30 503808 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2007-10-18 19:27 455968 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-05-29 13:11 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-06-01 14:17 5252408 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]

2008-02-26 14:50 988512 ----a-w- c:\program files\Norton 360\osCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]

2005-12-12 18:39 94208 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecGuard]

2005-10-11 17:23 1187840 ---ha-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2009-11-09 04:12 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2005-02-02 12:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]

2005-02-02 12:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"8086:TCP"= 8086:TCP:men

.

R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2/18/2008 3:37 PM 149352]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 11:18 AM 200192]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]

S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]

S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;\??\c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS --> c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/12/2009 9:41 PM 135664]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AVGWD

*NewlyCreated* - COMHOST

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

mmen REG_MULTI_SZ mmen

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2007-10-18 19:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40]

.

2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-13 01:40]

.

2011-07-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-07-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3905906789-4080572810-2276932172-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.search.yahoo.com/?fr=w3i&type=W3i_SP,204,0_0,StartPage,20110415,16509,0,8,0

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html

TCP: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{C4B8BAB4-1667-11DF-A242-BA9455D89593} - c:\program files\simppulltoolbar\auxi\simppulltoolbAu.dll

BHO-{E4E6BF2A-1667-11DF-A01F-1F9655D89593} - (no file)

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\Yontoo Layers Client\YontooIEClient.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKCU-Run-Itibiti.exe - c:\program files\Itibiti Soft Phone\Itibiti.exe

HKLM-Run-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe

MSConfigStartUp-Jtoyazozahuyu - c:\windows\imukezak.dll

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe

MSConfigStartUp-Usakuhimuhabucu - c:\windows\deyntr.dll

MSConfigStartUp-WildTangent CDA - c:\program files\WildTangent\Apps\CDA\GameDrvr.exe

AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_AC0049E063DE2AEA.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-15 03:50

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(940)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2011-07-15 03:54:26

ComboFix-quarantined-files.txt 2011-07-15 07:54

.

Pre-Run: 12,276,764,672 bytes free

Post-Run: 12,798,820,352 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 2012FA70F3282A584970A15388371676

Link to post
Share on other sites

Try downloading and running the updated TDSSKiller

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

yes i have been attempting to run the app but it has not opened for me. i have tried to rename it and run and leave it as is and run it but i get the same results each time. and thanks for replying!! the state of the computer has change...now my internet browser has become unresponsive at times and shuts down on its own.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.