TechSpot

Firefox re-direct, Computer wont shut off, Freezes after inactivity

By otisinc
Jan 12, 2011
  1. Hey guys, I've recently been having issues with my computer. It starts up fine but when if i leave it alone for 10 minutes or so (screen saver turned off) i receive an error message (I did not write it down and have been trying to get it to re-occure, as soon as i do ill post the message) then my computer wont open any files. Ill try to reboot and it wont ever shut off forcing me to force shut it off by holding the power button. Also I ran all the recommended programs.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5138

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/12/2011 10:14:44 AM
    mbam-log-2011-01-12 (10-14-44).txt

    Scan type: Quick scan
    Objects scanned: 188509
    Time elapsed: 8 minute(s), 21 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-12 09:59:24
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD3200AAKS-75L9A0 rev.02.03E02
    Running: lszko99k.exe; Driver: C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\kwlcapow.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CD000C
    .text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CE000A
    .text C:\WINDOWS\Explorer.EXE[2864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CF000A
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D6000C
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
    .text C:\WINDOWS\System32\svchost.exe[1188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
    .text C:\WINDOWS\System32\svchost.exe[1188] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E0000A
    .text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0126000C
    .text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0127000A
    .text C:\WINDOWS\system32\wuauclt.exe[1928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0128000A

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD3200AAKS-75L9A0___________________02.03E02#5&125555f1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 89DB0292
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89DB0292
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 89DB0292

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 625142192 (+255): rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    SSDT 98C9FC40 ZwOpenProcess
    SSDT 98C9FC45 ZwOpenThread
    SSDT 98C9FC54 ZwCreateThread
    SSDT 98C9FC5E ZwCreateKey
    SSDT 98C9FC63 ZwDeleteKey
    SSDT 98C9FC68 ZwSetValueKey
    SSDT 98C9FC6D ZwDeleteValueKey
    SSDT 98C9FC72 ZwLoadKey
    SSDT 98C9FC77 ZwRestoreKey
    SSDT 98C9FC7C ZwReplaceKey

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/11/2010 2:14:41 PM
    System Uptime: 1/12/2011 9:48:09 AM (1 hours ago)

    Motherboard: Dell Inc. | | 0F0TGN
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 2926/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 276.391 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 932 GiB total, 900.832 GiB free.
    F: is Removable
    S: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.
    Z: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 12/1/2010 1:57:09 PM - System Checkpoint
    RP2: 12/1/2010 2:12:18 PM - Microsoft Forefront Client Security Checkpoint
    RP3: 12/2/2010 2:44:57 PM - System Checkpoint
    RP4: 12/3/2010 3:28:23 AM - Microsoft Forefront Client Security Checkpoint
    RP5: 12/7/2010 11:08:54 AM - System Checkpoint
    RP6: 12/9/2010 9:35:14 AM - Removed CardMinder
    RP7: 12/9/2010 9:36:37 AM - Removed ScanSnap Manager
    RP8: 12/9/2010 9:37:36 AM - Removed ScanSnap Organizer
    RP9: 12/13/2010 9:40:26 AM - Microsoft Forefront Client Security Checkpoint
    RP10: 12/14/2010 12:54:16 PM - System Checkpoint
    RP11: 12/15/2010 10:50:49 AM - Installed HiJackThis
    RP12: 12/16/2010 12:28:44 PM - System Checkpoint
    RP13: 12/23/2010 7:09:41 AM - System Checkpoint
    RP14: 1/12/2011 7:52:23 AM - Removed HiJackThis

    ==== Hosts File Hijack ======================

    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 172.16.1.2 pmi-file01
    Hosts: 172.16.1.2 pmi-file01.PMI.esi
    Hosts: 172.16.1.3 pmi-mail01
    Hosts: 172.16.1.3 pmi-mail01.PMI.esi
    Hosts: 172.16.1.4 pmi-storage01
    Hosts: 172.16.1.4 pmi-storage01.PMI.esi

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    ABBYY FineReader for ScanSnap (TM) 4.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Avira AntiVir Personal - Free Antivirus
    BioAPI Framework
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    BufferChm
    C4380
    C4380_doccd
    C4380_Help
    CardMinder V4.0
    Copy
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    Facebook Plug-In
    Fax
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB968764)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    I.R.I.S. OCR
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    Malwarebytes' Anti-Malware
    MarketResearch
    Marketsplash Shortcuts
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft English TTS Engine
    Microsoft Forefront Client Security Antimalware Service
    Microsoft Forefront Client Security State Assessment Service
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Operations Manager 2005 Agent
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Streets & Trips 2010
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable Package
    Mozilla Firefox (3.6.13)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB927977)
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PDF Splitter
    PowerDVD DX
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SAPI Wrapper
    Scan
    Scan to Microsoft SharePoint
    ScanSnap
    ScanSnap Organizer
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    SolutionCenter
    Spybot - Search & Destroy
    ST Microelectronics TPM Driver Installer
    Status
    System Tool2011
    Toolbox
    TrayApp
    TTS Wrapper
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb979895)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    UPEK TouchChip Fingerprint Reader
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    1/5/2011 9:37:09 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
    1/5/2011 9:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PMI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/12/2011 9:35:44 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The LabtechAgent CheckUp Util service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The LabtechAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
    1/12/2011 9:35:42 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security State Assessment Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/12/2011 8:34:17 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    1/12/2011 8:34:17 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    1/12/2011 8:34:17 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    1/12/2011 7:06:15 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV

    ==== End Of File ===========================
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by dispatcher at 10:00:14.52 on Wed 01/12/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.990 [GMT -8:00]

    AV: Microsoft Forefront Client Security *Enabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\LTSVC\LTSVC.exe
    C:\WINDOWS\LTSvc\LTSvcMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTDCPL.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\LTSvc\LTTray.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\System32\mshta.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\dispatcher\Desktop\dds.scr
     
  2. otisinc

    otisinc TS Rookie Topic Starter

    addition

    this is only a test
     
  3. otisinc

    otisinc TS Rookie Topic Starter

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uSearch Page = hxxp://www.bing.com
    uSearch Bar = hxxp://www.bing.com/sphome.aspx
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.bing.com/sphome.aspx
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
     
  4. otisinc

    otisinc TS Rookie Topic Starter

    It's not letting me post the rest of the DDS log, I keep getting a message that says,
    The Connection was reset

    Also, the error that i keep getting says "Generic Hose Process WIN32 Servises" then ill hit Dont Report, then basically i cant open anything else.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  6. otisinc

    otisinc TS Rookie Topic Starter

    Thank you so much for the quick response Broni! This is the log..

    2011/01/12 12:18:51.0242 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
    2011/01/12 12:18:51.0242 ================================================================================
    2011/01/12 12:18:51.0242 SystemInfo:
    2011/01/12 12:18:51.0242
    2011/01/12 12:18:51.0242 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/12 12:18:51.0242 Product type: Workstation
    2011/01/12 12:18:51.0242 ComputerName: PMI-WS04
    2011/01/12 12:18:51.0242 UserName: dispatcher
    2011/01/12 12:18:51.0242 Windows directory: C:\WINDOWS
    2011/01/12 12:18:51.0242 System windows directory: C:\WINDOWS
    2011/01/12 12:18:51.0242 Processor architecture: Intel x86
    2011/01/12 12:18:51.0242 Number of processors: 2
    2011/01/12 12:18:51.0242 Page size: 0x1000
    2011/01/12 12:18:51.0242 Boot type: Normal boot
    2011/01/12 12:18:51.0242 ================================================================================
    2011/01/12 12:18:51.0695 Initialize success
    2011/01/12 12:18:55.0054 ================================================================================
    2011/01/12 12:18:55.0054 Scan started
    2011/01/12 12:18:55.0054 Mode: Manual;
    2011/01/12 12:18:55.0054 ================================================================================
    2011/01/12 12:18:56.0194 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    2011/01/12 12:18:56.0241 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/12 12:18:56.0272 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/01/12 12:18:56.0304 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    2011/01/12 12:18:56.0335 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/12 12:18:56.0397 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/12 12:18:56.0429 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    2011/01/12 12:18:56.0444 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    2011/01/12 12:18:56.0475 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    2011/01/12 12:18:56.0491 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    2011/01/12 12:18:56.0507 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    2011/01/12 12:18:56.0538 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    2011/01/12 12:18:56.0569 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    2011/01/12 12:18:56.0585 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    2011/01/12 12:18:56.0585 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    2011/01/12 12:18:56.0616 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    2011/01/12 12:18:56.0616 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    2011/01/12 12:18:56.0632 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    2011/01/12 12:18:56.0663 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/12 12:18:56.0710 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/12 12:18:56.0725 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/12 12:18:56.0757 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/12 12:18:56.0991 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    2011/01/12 12:18:57.0007 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/01/12 12:18:57.0038 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    2011/01/12 12:18:57.0069 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/12 12:18:57.0100 Blfp (3edae8e7b40257da798c6952edb26eb0) C:\WINDOWS\system32\DRIVERS\baspxp32.sys
    2011/01/12 12:18:57.0116 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    2011/01/12 12:18:57.0132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/12 12:18:57.0147 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    2011/01/12 12:18:57.0163 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/12 12:18:57.0178 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/12 12:18:57.0241 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/12 12:18:57.0272 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    2011/01/12 12:18:57.0303 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    2011/01/12 12:18:57.0319 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    2011/01/12 12:18:57.0350 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    2011/01/12 12:18:57.0366 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/12 12:18:57.0413 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/12 12:18:57.0460 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/12 12:18:57.0507 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/12 12:18:57.0553 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/12 12:18:57.0585 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    2011/01/12 12:18:57.0616 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/12 12:18:57.0647 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/12 12:18:57.0678 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/12 12:18:57.0710 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/12 12:18:57.0725 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/12 12:18:57.0757 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/01/12 12:18:57.0772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/12 12:18:57.0788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/12 12:18:57.0819 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/12 12:18:57.0850 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/12 12:18:57.0866 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/01/12 12:18:57.0897 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/12 12:18:57.0913 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    2011/01/12 12:18:57.0960 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    2011/01/12 12:18:57.0991 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    2011/01/12 12:18:58.0022 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/01/12 12:18:58.0069 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/12 12:18:58.0085 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    2011/01/12 12:18:58.0100 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    2011/01/12 12:18:58.0428 ialm (a01bb8da8d73bca83702a4cf1cd56dce) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/01/12 12:18:58.0538 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/12 12:18:58.0569 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    2011/01/12 12:18:58.0772 IntcAzAudAddService (9126d796a5101765650cc39d99c5ace7) C:\WINDOWS\system32\drivers\RtDHDAud.sys
    2011/01/12 12:18:58.0866 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/12 12:18:58.0913 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/12 12:18:58.0913 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/01/12 12:18:58.0944 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/12 12:18:58.0959 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/12 12:18:58.0991 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/12 12:18:59.0006 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/12 12:18:59.0038 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/12 12:18:59.0053 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/12 12:18:59.0084 k57w2k (997190701bd80dd0f4412ed202cc7816) C:\WINDOWS\system32\DRIVERS\k57xp32.sys
    2011/01/12 12:18:59.0100 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/12 12:18:59.0116 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/01/12 12:18:59.0147 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/12 12:18:59.0178 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/12 12:18:59.0241 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/12 12:18:59.0256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/12 12:18:59.0288 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/12 12:18:59.0319 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/12 12:18:59.0334 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/12 12:18:59.0381 MpFilter (efa85535eff4ed7f02ac6889267d9628) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    2011/01/12 12:18:59.0413 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    2011/01/12 12:18:59.0444 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/12 12:18:59.0506 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/12 12:18:59.0553 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/12 12:18:59.0584 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/12 12:18:59.0631 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/12 12:18:59.0662 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/12 12:18:59.0694 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/12 12:18:59.0709 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/12 12:18:59.0741 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/12 12:18:59.0787 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/12 12:18:59.0803 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/12 12:18:59.0819 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/12 12:18:59.0834 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/12 12:18:59.0850 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/12 12:18:59.0881 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/12 12:18:59.0912 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/12 12:18:59.0959 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/12 12:19:00.0037 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    2011/01/12 12:19:00.0053 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/12 12:19:00.0084 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/12 12:19:00.0116 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/12 12:19:00.0147 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/01/12 12:19:00.0162 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/12 12:19:00.0178 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/12 12:19:00.0209 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/12 12:19:00.0225 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/12 12:19:00.0241 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/01/12 12:19:00.0287 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    2011/01/12 12:19:00.0303 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    2011/01/12 12:19:00.0334 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/12 12:19:00.0366 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/12 12:19:00.0381 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/12 12:19:00.0397 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/12 12:19:00.0412 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    2011/01/12 12:19:00.0428 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    2011/01/12 12:19:00.0444 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    2011/01/12 12:19:00.0475 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    2011/01/12 12:19:00.0491 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    2011/01/12 12:19:00.0506 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/12 12:19:00.0522 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/12 12:19:00.0537 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/12 12:19:00.0553 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/12 12:19:00.0569 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/12 12:19:00.0600 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/12 12:19:00.0631 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/01/12 12:19:00.0662 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/12 12:19:00.0694 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/12 12:19:00.0725 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/12 12:19:00.0740 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/01/12 12:19:00.0850 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/01/12 12:19:00.0975 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/12 12:19:01.0115 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    2011/01/12 12:19:01.0131 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    2011/01/12 12:19:01.0178 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/12 12:19:01.0194 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/12 12:19:01.0240 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/12 12:19:01.0272 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    2011/01/12 12:19:01.0287 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/12 12:19:01.0303 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/12 12:19:01.0319 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    2011/01/12 12:19:01.0334 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    2011/01/12 12:19:01.0350 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    2011/01/12 12:19:01.0350 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    2011/01/12 12:19:01.0381 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/12 12:19:01.0428 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/12 12:19:01.0443 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/12 12:19:01.0459 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/12 12:19:01.0475 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/12 12:19:01.0490 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    2011/01/12 12:19:01.0522 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/12 12:19:01.0537 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    2011/01/12 12:19:01.0553 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/12 12:19:01.0600 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/01/12 12:19:01.0631 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/12 12:19:01.0678 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/12 12:19:01.0756 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/12 12:19:01.0818 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/12 12:19:01.0865 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/12 12:19:01.0897 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/12 12:19:01.0928 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/12 12:19:01.0943 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/12 12:19:01.0959 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    2011/01/12 12:19:01.0975 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/01/12 12:19:02.0006 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/12 12:19:02.0022 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/12 12:19:02.0084 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
    2011/01/12 12:19:02.0147 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/12 12:19:02.0178 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2011/01/12 12:19:02.0225 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/12 12:19:02.0256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/12 12:19:02.0272 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/12 12:19:02.0287 ================================================================================
    2011/01/12 12:19:02.0287 Scan finished
    2011/01/12 12:19:02.0287 ================================================================================
    2011/01/12 12:19:02.0287 Detected object count: 1
    2011/01/12 12:19:15.0004 \HardDisk0 - will be cured after reboot
    2011/01/12 12:19:15.0004 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/12 12:19:44.0047 Deinitialize success
     
  7. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Good :)
    See, if you can re-run DDS now and post its log.
     
  8. otisinc

    otisinc TS Rookie Topic Starter

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by dispatcher at 12:50:25.57 on Wed 01/12/2011
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2012.1434 [GMT -8:00]

    AV: Microsoft Forefront Client Security *Enabled/Outdated* {926A3D4F-E4E7-4F47-9902-4EDD55FFE1AF}
    AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\LTSVC\LTSVC.exe
    C:\WINDOWS\LTSvc\LTSvcMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Forefront\Client Security\Client\Microsoft Operations Manager 2005\MOMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTDCPL.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\LTSvc\LTTray.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Documents and Settings\dispatcher\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://google.com/
    uSearch Page = hxxp://www.bing.com
    uSearch Bar = hxxp://www.bing.com/sphome.aspx
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.bing.com/sphome.aspx
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0379.0\npwinext.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTDCPL.EXE
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0379.0\mswinext.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    StartupFolder: c:\documents and settings\dispatcher\start menu\programs\startup\disconnect S Drive.bat
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\networ~1.lnk - c:\windows\ltsvc\LTTray.exe
    uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
    Trusted Zone: esi-ca.com\labtech
    Trusted Zone: esitechnologygroup.com\labtech
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 172.16.1.2 pmi-file01
    Hosts: 172.16.1.2 pmi-file01.PMI.esi
    Hosts: 172.16.1.3 pmi-mail01
    Hosts: 172.16.1.3 pmi-mail01.PMI.esi

    Note: multiple HOSTS entries found. Please refer to Attach.txt

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\dispat~1\applic~1\mozilla\firefox\profiles\6fnao9oo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
    FF - plugin: c:\documents and settings\dispatcher\application data\facebook\npfbplugin_1_0_3.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
    FF - Ext: firefusk: {fffe0eac-3819-4561-8aa9-178a68450d4f} - %profile%\extensions\{fffe0eac-3819-4561-8aa9-178a68450d4f}

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-12 11608]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-12 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-12 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-12 61960]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-7-20 16896]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2009-10-22 69512]
    R2 LTService;LabtechAgent;c:\windows\ltsvc\LTSVC.exe [2010-11-30 3076608]
    R2 LTSvcMon;LabtechAgent CheckUp Util;c:\windows\ltsvc\LTSvcMon.exe [2010-11-30 88064]
    R2 MOM;MOM;c:\program files\microsoft forefront\client security\client\microsoft operations manager 2005\MOMService.exe [2005-7-21 134656]
    R3 k57w2k;Broadcom NetLink (TM) Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2010-1-31 209960]
    R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-2-15 71424]
    S3 LTOpenSSHd;LabTech OpenSSH Server;c:\windows\ltsvc\openssh\bin\cygrunsrv.exe [2010-12-1 36864]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]

    =============== Created Last 30 ================

    2011-01-12 16:42:10 -------- d-----w- c:\windows\system32\NtmsData
    2011-01-12 16:41:46 -------- d-----w- c:\docume~1\dispat~1\applic~1\Avira
    2011-01-12 16:36:19 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-12 16:36:17 -------- d-----w- c:\program files\Avira
    2011-01-12 16:36:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-12-16 21:21:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\bJfNa06301
    2010-12-15 19:03:14 -------- d-----w- c:\windows\pss
    2010-12-15 18:50:49 -------- d-----w- c:\program files\Trend Micro

    ==================== Find3M ====================

    2010-12-01 21:44:02 86528 --sha-r- c:\windows\system32\avmetero.dll
    2010-12-01 21:43:59 201 ----a-w- c:\docume~1\dispat~1\applic~1\agtyjkj.bat
    2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

    ============= FINISH: 12:50:54.10 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/11/2010 2:14:41 PM
    System Uptime: 1/12/2011 12:27:05 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0F0TGN
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | CPU | 1580/1066mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 298 GiB total, 276.304 GiB free.
    D: is CDROM (CDFS)
    E: is FIXED (NTFS) - 932 GiB total, 900.832 GiB free.
    F: is Removable
    S: is NetworkDisk (NTFS) - 1758 GiB total, 1216.993 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1: 12/1/2010 1:57:09 PM - System Checkpoint
    RP2: 12/1/2010 2:12:18 PM - Microsoft Forefront Client Security Checkpoint
    RP3: 12/2/2010 2:44:57 PM - System Checkpoint
    RP4: 12/3/2010 3:28:23 AM - Microsoft Forefront Client Security Checkpoint
    RP5: 12/7/2010 11:08:54 AM - System Checkpoint
    RP6: 12/9/2010 9:35:14 AM - Removed CardMinder
    RP7: 12/9/2010 9:36:37 AM - Removed ScanSnap Manager
    RP8: 12/9/2010 9:37:36 AM - Removed ScanSnap Organizer
    RP9: 12/13/2010 9:40:26 AM - Microsoft Forefront Client Security Checkpoint
    RP10: 12/14/2010 12:54:16 PM - System Checkpoint
    RP11: 12/15/2010 10:50:49 AM - Installed HiJackThis
    RP12: 12/16/2010 12:28:44 PM - System Checkpoint
    RP13: 12/23/2010 7:09:41 AM - System Checkpoint
    RP14: 1/12/2011 7:52:23 AM - Removed HiJackThis

    ==== Hosts File Hijack ======================

    Hosts: 127.0.0.1 www.spywareinfo.com
    Hosts: 172.16.1.2 pmi-file01
    Hosts: 172.16.1.2 pmi-file01.PMI.esi
    Hosts: 172.16.1.3 pmi-mail01
    Hosts: 172.16.1.3 pmi-mail01.PMI.esi
    Hosts: 172.16.1.4 pmi-storage01
    Hosts: 172.16.1.4 pmi-storage01.PMI.esi

    ==== Installed Programs ======================

    32 Bit HP CIO Components Installer
    ABBYY FineReader for ScanSnap (TM) 4.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.1
    AIO_Scan
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Avira AntiVir Personal - Free Antivirus
    BioAPI Framework
    Bonjour
    Broadcom NetXtreme-I Netlink Driver and Management Installer
    BufferChm
    C4380
    C4380_doccd
    C4380_Help
    CardMinder V4.0
    Copy
    CustomerResearchQFolder
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    eSupportQFolder
    Facebook Plug-In
    Fax
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB968764)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP OCR Software 9.0
    HP Officejet Pro 8500 A910 Basic Device Software
    HP Officejet Pro 8500 A910 Help
    HP Officejet Pro 8500 A910 Product Improvement Study
    HP Photosmart All-In-One Software 9.0
    HP Photosmart Essential 2.01
    HP Photosmart Essential2.01
    HP Solution Center 9.0
    HP Update
    HPProductAssistant
    HPSSupply
    I.R.I.S. OCR
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 19
    Malwarebytes' Anti-Malware
    MarketResearch
    Marketsplash Shortcuts
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Default Manager
    Microsoft English TTS Engine
    Microsoft Forefront Client Security Antimalware Service
    Microsoft Forefront Client Security State Assessment Service
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Operations Manager 2005 Agent
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Streets & Trips 2010
    Microsoft UI Engine
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable Package
    Mozilla Firefox (3.6.13)
    MSN Toolbar
    MSN Toolbar Platform
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB927977)
    OGA Notifier 2.0.0048.0
    PanoStandAlone
    PDF Splitter
    PowerDVD DX
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_min
    PSSWCORE
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SAPI Wrapper
    Scan
    Scan to Microsoft SharePoint
    ScanSnap
    ScanSnap Organizer
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978706)
    SolutionCenter
    Spybot - Search & Destroy
    ST Microelectronics TPM Driver Installer
    Status
    System Tool2011
    Toolbox
    TrayApp
    TTS Wrapper
    UnloadSupport
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb979895)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    UPEK TouchChip Fingerprint Reader
    VideoToolkit01
    WebFldrs XP
    WebReg
    Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 8
    Windows Live ID Sign-in Assistant
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    XML Paper Specification Shared Components Pack 1.0

    ==== Event Viewer Messages From Past Week ========

    1/5/2011 9:37:09 AM, error: Print [33] - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved. Error: 54b
    1/5/2011 9:36:14 AM, error: NETLOGON [5719] - No Domain Controller is available for domain PMI due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
    1/12/2011 9:35:44 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The SeaPort service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The LabtechAgent CheckUp Util service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The MOM service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    1/12/2011 9:35:43 AM, error: Service Control Manager [7031] - The LabtechAgent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 20000 milliseconds: Restart the service.
    1/12/2011 9:35:42 AM, error: Service Control Manager [7031] - The Microsoft Forefront Client Security State Assessment Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/12/2011 8:34:17 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    1/12/2011 8:34:17 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\DISPAT~1\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    1/12/2011 8:34:17 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    1/12/2011 8:07:32 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV

    ==== End Of File ===========================
     
  9. Broni

    Broni Malware Annihilator Posts: 52,891   +344

    Good :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...