TechSpot

Google redirect virus - need help

By Rockhopper
Sep 22, 2011
  1. Whatever the virus/rootkit is, it disables Malwarebytes when I try to run it and terminates the scan before it can complete. It did the same thing with HijackThis and Avira.

    Here are the GMER and DDS Logs

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2011-09-22 18:53:52
    Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-1b Maxtor_6L200P0 rev.BAH41G10
    Running: 5jlz0vx7.exe; Driver: C:\DOCUME~1\Kunkle\LOCALS~1\Temp\fwtdypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:116] F77339B5
    Thread System [4:120] 86E3CE95

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Run by Kunkle at 18:54:00 on 2011-09-22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.613 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\1264309036:3542918324.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
    C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
    C:\Program Files\ShrewSoft\VPN Client\dtpd.exe
    C:\Program Files\ShrewSoft\VPN Client\iked.exe
    C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\Kunkle\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://gmail.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://broadband.zoomtown.com
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
    TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Google Update] "c:\documents and settings\kunkle\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: mswsock.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} - hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab
    DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/n033p/EN/install/gtdownlr.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.18/uploader2.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab
    DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
    DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/20.10/uploader2.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.geni.com/ImageUploader_5_5.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181442852203
    DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.winkflash.com/photo/loaders/ImageUploader4.cab
    DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} - hxxp://vsp.closetmaid.com/vsp/cmaidctl_vsp.closetmaid.com_downloader.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} - hxxp://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://12.71.199.20/program/SonySncRz25View.cab
    DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} - hxxp://www.vexcast.com/download/vexcast.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxp://www.auctiva.com/hostedimages/activex/xupload/XUpload.ocx
    TCP: Interfaces\{952C8DDC-4590-41FC-89C3-88FA76246AF5} : NameServer = 10.1.4.6,10.2.4.5
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\shrewsoft\vpn client\dtpd.exe -service --> c:\program files\shrewsoft\vpn client\dtpd.exe -service [?]
    R2 iked;ShrewSoft IKE Daemon;c:\program files\shrewsoft\vpn client\iked.exe -service --> c:\program files\shrewsoft\vpn client\iked.exe -service [?]
    R2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\shrewsoft\vpn client\ipsecd.exe -service --> c:\program files\shrewsoft\vpn client\ipsecd.exe -service [?]
    R3 pflt;Shrew Soft Miniport Filter;c:\windows\system32\drivers\vfilter.sys [2010-9-2 24192]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-9-22 41272]
    S1 MpKsl13f96f5c;MpKsl13f96f5c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7469b12e-2238-46ea-9c66-38f118180675}\mpksl13f96f5c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7469b12e-2238-46ea-9c66-38f118180675}\MpKsl13f96f5c.sys [?]
    S1 MpKsl4992d3eb;MpKsl4992d3eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31b621e8-2d8e-48b4-b02e-32b27d6986b9}\mpksl4992d3eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{31b621e8-2d8e-48b4-b02e-32b27d6986b9}\MpKsl4992d3eb.sys [?]
    S1 MpKsl600a58ac;MpKsl600a58ac;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb66c11-eee5-4d3f-af78-71654337ec9e}\mpksl600a58ac.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1eb66c11-eee5-4d3f-af78-71654337ec9e}\MpKsl600a58ac.sys [?]
    S1 MpKsl7e2027eb;MpKsl7e2027eb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38357042-92c0-4e0d-b663-4b31ffb31f1a}\mpksl7e2027eb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{38357042-92c0-4e0d-b663-4b31ffb31f1a}\MpKsl7e2027eb.sys [?]
    S1 MpKsl94055755;MpKsl94055755;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b735bd3-006b-48f6-bfc8-e0fdc50806a0}\mpksl94055755.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9b735bd3-006b-48f6-bfc8-e0fdc50806a0}\MpKsl94055755.sys [?]
    S1 MpKsl9ed78d0e;MpKsl9ed78d0e;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{684726e7-6e19-4646-9ca4-c107de13920d}\mpksl9ed78d0e.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{684726e7-6e19-4646-9ca4-c107de13920d}\MpKsl9ed78d0e.sys [?]
    S1 MpKsla055d409;MpKsla055d409;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c1376b2-d606-4848-a70e-ba4800e950f8}\mpksla055d409.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7c1376b2-d606-4848-a70e-ba4800e950f8}\MpKsla055d409.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-3 136176]
    S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2010-12-7 2228008]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-9-10 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-9-10 8456]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-3 136176]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-3-11 25088]
    S3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\drivers\virtualnet.sys [2010-9-2 11904]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    .
    =============== Created Last 30 ================
    .
    2011-09-22 22:49:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-09-22 22:38:27 709968 ----a-w- c:\windows\isRS-000.tmp
    2011-09-22 22:32:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-09-22 21:06:14 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-09-22 02:35:33 -------- d-----w- c:\program files\Avira
    2011-09-22 02:17:26 -------- d--h--w- c:\windows\PIF
    2011-09-22 01:57:13 -------- d-----w- C:\MGtools
    2011-09-22 01:41:04 48016 --sha-w- c:\windows\system32\c_81784.nl_
    2011-09-22 00:44:44 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-09-22 00:44:44 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-09-10 17:54:51 19840 ----a-w- c:\windows\system32\EuEpmGdi.dll
    2011-09-10 17:54:50 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
    2011-09-10 17:54:50 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
    2011-09-10 17:54:50 2469248 ----a-w- c:\windows\system32\BootMan.exe
    2011-09-10 17:54:50 13192 ----a-w- c:\windows\system32\epmntdrv.sys
    2011-09-05 22:37:47 -------- d-----w- c:\documents and settings\all users\application data\Cisco Systems
    2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
    .
    ==================== Find3M ====================
    .
    2011-09-22 21:07:29 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-08-18 23:03:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-07-28 10:27:08 121464 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2006-05-03 16:06:54 163328 --sha-w- c:\windows\system32\flvDX.dll
    .
    ============= FINISH: 18:54:42.60 ===============



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/9/2007 8:20:09 PM
    System Uptime: 9/22/2011 6:40:40 PM (0 hours ago)
    .
    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Athlon(tm) XP 3200+ | Socket A | 2199/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 29 GiB total, 9.181 GiB free.
    D: is FIXED (NTFS) - 161 GiB total, 73.519 GiB free.
    F: is FIXED (NTFS) - 373 GiB total, 206.069 GiB free.
    I: is Removable
    J: is Removable
    L: is Removable
    M: is Removable
    N: is Removable
    P: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-1673S________________JS07____\5&1E37D5F0&0&0.0.0
    Manufacturer: (Standard CD-ROM drives)
    Name: LITE-ON DVDRW SOHW-1673S
    PNP Device ID: IDE\CDROMLITE-ON_DVDRW_SOHW-1673S________________JS07____\5&1E37D5F0&0&0.0.0
    Service: cdrom
    .
    Class GUID:
    Description:
    Device ID: ROOT\LEGACY_BEEP\XX_VVDSVC_XX
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_BEEP\XX_VVDSVC_XX
    Service: vvdsvc
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Packet Scheduler Miniport
    Device ID: ROOT\MS_PSCHEDMP\0009
    Manufacturer: Microsoft
    Name: Packet Scheduler Miniport #10
    PNP Device ID: ROOT\MS_PSCHEDMP\0009
    Service: PSched
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Packet Scheduler Miniport
    Device ID: ROOT\MS_PSCHEDMP\0011
    Manufacturer: Microsoft
    Name: Packet Scheduler Miniport #12
    PNP Device ID: ROOT\MS_PSCHEDMP\0011
    Service: PSched
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Shrew Soft Virtual Adapter
    Device ID: ROOT\VNET\0000
    Manufacturer: Shrew Soft
    Name: Shrew Soft Virtual Adapter
    PNP Device ID: ROOT\VNET\0000
    Service: vnet
    .
    ==== System Restore Points ===================
    .
    RP1895: 9/3/2011 11:29:17 AM - Software Distribution Service 3.0
    RP1896: 9/4/2011 1:59:32 AM - Software Distribution Service 3.0
    RP1897: 9/4/2011 11:29:06 AM - Software Distribution Service 3.0
    RP1898: 9/5/2011 11:29:07 AM - Software Distribution Service 3.0
    RP1899: 9/6/2011 11:29:17 AM - Software Distribution Service 3.0
    RP1900: 9/7/2011 6:44:56 AM - Software Distribution Service 3.0
    RP1901: 9/7/2011 11:29:24 AM - Software Distribution Service 3.0
    RP1902: 9/8/2011 11:49:47 AM - System Checkpoint
    RP1903: 9/8/2011 3:51:46 PM - Software Distribution Service 3.0
    RP1904: 9/9/2011 3:51:30 PM - Software Distribution Service 3.0
    RP1905: 9/11/2011 12:17:21 AM - System Checkpoint
    RP1906: 9/11/2011 1:59:00 AM - Software Distribution Service 3.0
    RP1907: 9/11/2011 2:19:27 PM - Software Distribution Service 3.0
    RP1908: 9/12/2011 2:19:32 PM - Software Distribution Service 3.0
    RP1909: 9/13/2011 2:17:04 PM - Software Distribution Service 3.0
    RP1910: 9/14/2011 3:24:56 PM - System Checkpoint
    RP1911: 9/15/2011 1:44:55 PM - Software Distribution Service 3.0
    RP1912: 9/16/2011 12:32:37 PM - Software Distribution Service 3.0
    RP1913: 9/17/2011 1:15:56 PM - Software Distribution Service 3.0
    RP1914: 9/18/2011 1:10:04 PM - Software Distribution Service 3.0
    RP1915: 9/19/2011 1:09:57 PM - Software Distribution Service 3.0
    RP1916: 9/20/2011 1:05:38 PM - Software Distribution Service 3.0
    RP1917: 9/21/2011 1:06:10 PM - Software Distribution Service 3.0
    RP1918: 9/21/2011 8:43:24 PM - Restore Operation
    RP1919: 9/22/2011 6:24:14 PM - Removed Windows Defender
    .
    ==== Installed Programs ======================
    .
    7-Zip 4.42
    AC3Filter (remove only)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Amazon Kindle For PC
    Amazon MP3 Downloader 1.0.10
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Azureus
    Blue's 123 Time Activities
    Bonjour
    calibre
    Candy Land
    Carbonite
    Cisco Connect
    DivX Setup
    DivX Web Player
    Dora Backpack
    DVD Shrink 3.2
    EASEUS Partition Master 9.0.0 Home Edition
    EPSON Printer Software
    EPSON Scan
    EPSON Stylus CX5000 Scanner Driver Update
    GIMP 2.4.3
    Glary Utilities 2.36.0.1232
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Goombah Partner COM Server
    Greetings Workshop
    HandBrake 0.9.3
    HDHomeRun
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    InterVideo DeviceService
    iTunes
    Java(TM) 6 Update 13
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) SE Runtime Environment 6
    Java(TM) SE Runtime Environment 6 Update 1
    JumpStart Advanced Kindergarten
    Little Registry Cleaner
    Logitech Legacy USB Camera Driver Package
    Logitech QuickCam Driver Package
    Logitech Updater
    Logitech Webcam Software
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Premium
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Move Media Player
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Suite
    NVIDIA Drivers
    Office Animation Runtime
    OmniPage SE 2.0
    OverDrive Media Console
    Picasa 3
    PowerDVD
    QuickTime
    Reader Rabbit's Kindergarten
    Reader Rabbit's Math Ages 4-6
    Reader Rabbit's Toddler
    ReNamer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Shrew Soft VPN Client
    Skype Toolbars
    Skype™ 4.1
    StreamTorrent 1.0
    System Requirements Lab
    TeamViewer 6
    Tux of Math Command (remove only)
    Ulead VideoStudio 11
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 8 (KB2447568)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    VIA Rhine-Family Fast Ethernet Adapter
    VideoCam Suite
    VideoStudio
    VLC media player 1.0.1
    VobSub v2.23 (Remove Only)
    vShare Plugin
    Vuze
    WebFldrs XP
    Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Search 4.0
    Windows XP Service Pack 3
    ZoomTown Install Kit 10.0.0.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    9/22/2011 5:43:06 PM, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/22/2011 5:40:56 PM, error: Service Control Manager [7031] - The Avira AntiVir Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    9/21/2011 9:56:50 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    9/21/2011 9:56:44 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    9/21/2011 9:53:37 PM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
    9/21/2011 9:37:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK7 ElbyCDIO Fips MpFilter
    9/21/2011 9:36:59 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    9/21/2011 9:36:54 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    9/21/2011 9:36:39 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
    9/21/2011 9:14:49 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    9/21/2011 8:53:06 PM, error: Service Control Manager [7031] - The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    9/21/2011 8:49:07 PM, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
    9/21/2011 8:48:55 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    9/21/2011 8:40:20 PM, error: Service Control Manager [7034] - The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
    9/21/2011 3:47:21 PM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
    9/21/2011 3:47:06 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
    9/21/2011 10:09:38 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK7 ElbyCDIO Fips IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/21/2011 10:09:38 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    9/21/2011 10:09:04 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    9/20/2011 10:28:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.
    9/18/2011 2:24:45 AM, error: Microsoft Antimalware [2001] -
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I note you've gathered some programs yourself to try and fix the problem! But I don't want you to run them while I'm helping you unless I direct you to: They are: TDSSKiller and MGtools
    ==============================
    This should help with Malwarebytes:
    Please download randmbam.exe

    It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.Once done, try running a scan again
    =============================
    You have 5 outdated versions of Java. Please run the following then update to current v6u27:
    You have multiple old versions of Java and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!

    Please download JavaRa and unzip it to your desktop.

    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    ===========================================
    Check this site .Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    -----------------------------
    And because of the outdated Java, you will have malware in the Java cache and it need to be removed:
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ==================================
    When finished with the above, please complete the following:
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =================================
    Please leave the Malwarebytes log and Combofix log in your next reply.
    =================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. Rockhopper

    Rockhopper TS Rookie Topic Starter

    I replied last night, but it doesn't appear to have posted. I removed all of the older Java versions just fine and I cleared out the Java cache. I still cannot get malwarebytes to work. I'm able to start a scan, but it terminates in the middle of it. Combofix did the same thing. It started to scan, ran for about 5 seconds, and then just stopped.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please run this:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ======================================
    The above is specific- Sometime a rootkit will prevent the security scans from running.

    I'll check the log and see if anything was found and we'll go from there. There is also a duet of programs that we sometimes run to stop the processes that are preventing the scans from running>
     
  5. Rockhopper

    Rockhopper TS Rookie Topic Starter

    TDSKiller found 2 infected object. I quarantined both of them. Here is the TDSkiller log:


    2011/09/25 12:39:42.0921 1320 TDSS rootkit removing tool 2.5.23.0 Sep 20 2011 08:53:10
    2011/09/25 12:39:42.0937 1320 ================================================================================
    2011/09/25 12:39:42.0937 1320 SystemInfo:
    2011/09/25 12:39:42.0937 1320
    2011/09/25 12:39:42.0937 1320 OS Version: 5.1.2600 ServicePack: 3.0
    2011/09/25 12:39:42.0937 1320 Product type: Workstation
    2011/09/25 12:39:42.0937 1320 ComputerName: MATTHEW
    2011/09/25 12:39:42.0937 1320 UserName: Kunkle
    2011/09/25 12:39:42.0937 1320 Windows directory: C:\WINDOWS
    2011/09/25 12:39:42.0937 1320 System windows directory: C:\WINDOWS
    2011/09/25 12:39:42.0937 1320 Processor architecture: Intel x86
    2011/09/25 12:39:42.0937 1320 Number of processors: 1
    2011/09/25 12:39:42.0937 1320 Page size: 0x1000
    2011/09/25 12:39:42.0937 1320 Boot type: Normal boot
    2011/09/25 12:39:42.0937 1320 ================================================================================
    2011/09/25 12:39:44.0484 1320 Initialize success
    2011/09/25 12:39:47.0843 6024 ================================================================================
    2011/09/25 12:39:47.0843 6024 Scan started
    2011/09/25 12:39:47.0843 6024 Mode: Manual;
    2011/09/25 12:39:47.0843 6024 ================================================================================
    2011/09/25 12:39:49.0531 6024 2cd35b4b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1264309036:3542918324.exe
    2011/09/25 12:39:50.0875 6024 Suspicious file (Hidden): C:\WINDOWS\1264309036:3542918324.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    2011/09/25 12:39:50.0906 6024 2cd35b4b - detected HiddenFile.Multi.Generic (1)
    2011/09/25 12:39:50.0984 6024 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
    2011/09/25 12:39:51.0187 6024 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/09/25 12:39:51.0296 6024 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/09/25 12:39:51.0484 6024 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/09/25 12:39:51.0625 6024 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    2011/09/25 12:39:51.0984 6024 ALCXWDM (8d6c30e515717248e0e52b85fd7ac466) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2011/09/25 12:39:52.0234 6024 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
    2011/09/25 12:39:52.0390 6024 AnyDVD (7684252281cfb197ac4c38b33ac5b2a6) C:\WINDOWS\system32\Drivers\AnyDVD.sys
    2011/09/25 12:39:52.0515 6024 AR5523 (c3a2ff99c7469b8d06a102dcf8c4cff6) C:\WINDOWS\system32\DRIVERS\ar5523.sys
    2011/09/25 12:39:52.0703 6024 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/09/25 12:39:52.0984 6024 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    2011/09/25 12:39:53.0125 6024 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/09/25 12:39:53.0218 6024 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/09/25 12:39:53.0359 6024 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/09/25 12:39:53.0453 6024 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/09/25 12:39:53.0562 6024 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
    2011/09/25 12:39:53.0656 6024 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/09/25 12:39:53.0796 6024 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/09/25 12:39:53.0906 6024 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/09/25 12:39:54.0015 6024 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/09/25 12:39:54.0109 6024 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/09/25 12:39:54.0484 6024 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
    2011/09/25 12:39:54.0796 6024 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/09/25 12:39:54.0921 6024 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/09/25 12:39:55.0062 6024 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/09/25 12:39:55.0125 6024 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/09/25 12:39:55.0218 6024 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/09/25 12:39:55.0421 6024 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/09/25 12:39:55.0515 6024 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\WINDOWS\system32\Drivers\ElbyCDIO.sys
    2011/09/25 12:39:55.0609 6024 epmntdrv (f07ba56b0235f15eff8f10dc6389c42e) C:\WINDOWS\system32\epmntdrv.sys
    2011/09/25 12:39:55.0718 6024 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\WINDOWS\system32\EuGdiDrv.sys
    2011/09/25 12:39:55.0843 6024 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/09/25 12:39:55.0937 6024 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/09/25 12:39:56.0031 6024 FETND5BV (cfc4cc73c903152a23e1db28eaba1f03) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
    2011/09/25 12:39:56.0109 6024 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
    2011/09/25 12:39:56.0218 6024 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    2011/09/25 12:39:56.0312 6024 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/09/25 12:39:56.0390 6024 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/09/25 12:39:56.0500 6024 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/09/25 12:39:56.0625 6024 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/09/25 12:39:56.0703 6024 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/09/25 12:39:56.0812 6024 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2011/09/25 12:39:56.0906 6024 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/09/25 12:39:57.0203 6024 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/09/25 12:39:57.0484 6024 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/09/25 12:39:57.0953 6024 i8042prt (61b114b5d0b0eb5342bead361fedae18) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/09/25 12:39:57.0968 6024 i8042prt - detected Rootkit.Win32.ZAccess.e (0)
    2011/09/25 12:39:58.0078 6024 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/09/25 12:39:58.0343 6024 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/09/25 12:39:58.0437 6024 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/09/25 12:39:58.0500 6024 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/09/25 12:39:58.0640 6024 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/09/25 12:39:58.0750 6024 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/09/25 12:39:58.0859 6024 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/09/25 12:39:58.0937 6024 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/09/25 12:39:59.0046 6024 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/09/25 12:39:59.0140 6024 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/09/25 12:39:59.0250 6024 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/09/25 12:39:59.0359 6024 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/09/25 12:39:59.0625 6024 ltmodem5 (9ee18a5a45552673a67532ea37370377) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
    2011/09/25 12:39:59.0890 6024 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    2011/09/25 12:39:59.0984 6024 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
    2011/09/25 12:40:00.0109 6024 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    2011/09/25 12:40:00.0218 6024 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
    2011/09/25 12:40:00.0546 6024 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    2011/09/25 12:40:00.0812 6024 MBAMSwissArmy (0905dc0814d738cff53577a59ccd81e0) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/09/25 12:40:00.0921 6024 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/09/25 12:40:01.0031 6024 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/09/25 12:40:01.0125 6024 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/09/25 12:40:01.0234 6024 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/09/25 12:40:01.0296 6024 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/09/25 12:40:01.0390 6024 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
    2011/09/25 12:40:01.0921 6024 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/09/25 12:40:02.0015 6024 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/09/25 12:40:02.0140 6024 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
    2011/09/25 12:40:02.0234 6024 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/09/25 12:40:02.0343 6024 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/09/25 12:40:02.0437 6024 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/09/25 12:40:02.0531 6024 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/09/25 12:40:02.0656 6024 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/09/25 12:40:02.0718 6024 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/09/25 12:40:02.0828 6024 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    2011/09/25 12:40:02.0906 6024 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/09/25 12:40:03.0015 6024 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/09/25 12:40:03.0125 6024 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/09/25 12:40:03.0218 6024 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/09/25 12:40:03.0312 6024 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/09/25 12:40:03.0406 6024 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/09/25 12:40:03.0515 6024 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/09/25 12:40:03.0625 6024 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/09/25 12:40:03.0718 6024 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/09/25 12:40:03.0890 6024 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/09/25 12:40:04.0000 6024 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/09/25 12:40:04.0093 6024 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/09/25 12:40:04.0187 6024 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/09/25 12:40:04.0468 6024 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    2011/09/25 12:40:04.0781 6024 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/09/25 12:40:04.0859 6024 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/09/25 12:40:04.0953 6024 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/09/25 12:40:05.0046 6024 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/09/25 12:40:05.0140 6024 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/09/25 12:40:05.0203 6024 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/09/25 12:40:05.0296 6024 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/09/25 12:40:05.0453 6024 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/09/25 12:40:05.0546 6024 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/09/25 12:40:06.0046 6024 pflt (a8ccce579c21eb77f95cbd9fa0035156) C:\WINDOWS\system32\DRIVERS\vfilter.sys
    2011/09/25 12:40:06.0187 6024 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
    2011/09/25 12:40:06.0531 6024 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/09/25 12:40:06.0875 6024 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/09/25 12:40:06.0968 6024 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/09/25 12:40:07.0078 6024 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/09/25 12:40:07.0453 6024 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/09/25 12:40:07.0593 6024 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/09/25 12:40:07.0687 6024 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/09/25 12:40:07.0781 6024 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/09/25 12:40:07.0875 6024 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/09/25 12:40:07.0984 6024 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/09/25 12:40:08.0109 6024 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/09/25 12:40:08.0218 6024 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/09/25 12:40:08.0343 6024 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/09/25 12:40:08.0578 6024 RTL8023xp (4a0ae7891fcf74acc848b109294cb80f) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    2011/09/25 12:40:08.0671 6024 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
    2011/09/25 12:40:08.0796 6024 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/09/25 12:40:08.0921 6024 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/09/25 12:40:09.0031 6024 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/09/25 12:40:09.0156 6024 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/09/25 12:40:09.0359 6024 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/09/25 12:40:09.0531 6024 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/09/25 12:40:09.0625 6024 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/09/25 12:40:09.0718 6024 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/09/25 12:40:09.0859 6024 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/09/25 12:40:09.0937 6024 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/09/25 12:40:10.0031 6024 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/09/25 12:40:10.0359 6024 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/09/25 12:40:10.0515 6024 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/09/25 12:40:10.0640 6024 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/09/25 12:40:10.0734 6024 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/09/25 12:40:10.0843 6024 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys
    2011/09/25 12:40:10.0937 6024 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/09/25 12:40:11.0187 6024 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
    2011/09/25 12:40:11.0250 6024 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/09/25 12:40:11.0468 6024 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/09/25 12:40:11.0640 6024 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/09/25 12:40:11.0718 6024 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/09/25 12:40:11.0812 6024 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/09/25 12:40:11.0875 6024 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/09/25 12:40:11.0984 6024 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/09/25 12:40:12.0062 6024 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/09/25 12:40:12.0171 6024 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/09/25 12:40:12.0265 6024 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/09/25 12:40:12.0359 6024 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/09/25 12:40:12.0453 6024 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/09/25 12:40:12.0593 6024 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/09/25 12:40:12.0656 6024 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    2011/09/25 12:40:12.0734 6024 vnet (a8087593a397b43be57f4cd3aa11e81f) C:\WINDOWS\system32\DRIVERS\virtualnet.sys
    2011/09/25 12:40:12.0796 6024 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/09/25 12:40:12.0890 6024 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
    2011/09/25 12:40:13.0062 6024 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/09/25 12:40:13.0203 6024 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/09/25 12:40:13.0468 6024 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/09/25 12:40:13.0578 6024 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/09/25 12:40:13.0656 6024 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/09/25 12:40:13.0828 6024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    2011/09/25 12:40:13.0875 6024 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    2011/09/25 12:40:14.0015 6024 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk2\DR5
    2011/09/25 12:40:14.0062 6024 Boot (0x1200) (e041470b0665f1ea9d75c75221285412) \Device\Harddisk0\DR0\Partition0
    2011/09/25 12:40:14.0109 6024 Boot (0x1200) (75f80a69692ef4097f55c65fd8f0d7aa) \Device\Harddisk1\DR1\Partition0
    2011/09/25 12:40:14.0140 6024 Boot (0x1200) (0025bb2c17c22aed7f5db01036d40f57) \Device\Harddisk1\DR1\Partition1
    2011/09/25 12:40:14.0171 6024 Boot (0x1200) (d1c35e251af4aea8dcab211929a9e248) \Device\Harddisk2\DR5\Partition0
    2011/09/25 12:40:14.0203 6024 ================================================================================
    2011/09/25 12:40:14.0203 6024 Scan finished
    2011/09/25 12:40:14.0203 6024 ================================================================================
    2011/09/25 12:40:14.0250 1500 Detected object count: 2
    2011/09/25 12:40:14.0250 1500 Actual detected object count: 2
    2011/09/25 12:40:32.0921 1500 2cd35b4b (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\1264309036:3542918324.exe
    2011/09/25 12:40:32.0921 1500 Suspicious file (Hidden): C:\WINDOWS\1264309036:3542918324.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
    2011/09/25 12:40:32.0937 1500 C:\WINDOWS\1264309036:3542918324.exe - copied to quarantine
    2011/09/25 12:40:32.0937 1500 HiddenFile.Multi.Generic(2cd35b4b) - User select action: Quarantine
    2011/09/25 12:40:33.0015 1500 i8042prt (61b114b5d0b0eb5342bead361fedae18) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/09/25 12:40:33.0062 1500 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - copied to quarantine
    2011/09/25 12:40:33.0062 1500 Rootkit.Win32.ZAccess.e(i8042prt) - User select action: Quarantine
     
  6. Rockhopper

    Rockhopper TS Rookie Topic Starter

    OK, my problems have increased. After I restarted after running TDSKiller, my computer will no longer allow me to login from the Window's welcome screen. Something is blocking my keyboard from typing anything into the password box.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you get into Safe Mode?

    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
     
  8. Rockhopper

    Rockhopper TS Rookie Topic Starter

    I can boot into safe mode, but I still can't log in.
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I am puzzled by some of the entries in your system. This is one:
    ==============================
    There are a total of 46 plugins- Active X Objects.
    6 are for outdated Java, so presumed gone as of now.
    9 are for microsoft.com

    This is an obvious malware entry:
    {043C5167-00BB-4324-AF7E-62013FAEDACF} vShare Plugin vshare_toolbar.dll vShare / My Quick Search Toolbar, a Pugi type toolbar. Redirects home and search pages and entries related to it
    =====================================
    You are using Vuze, Azureus file sharing programs.
    ===================================
    You can temporarily disable the Welcome screen by clicking on CTRL + ALT + DEL twice when the Welcome screen appears.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...