Solved Daily Redirect Virus & Windows Explorer Signature Errors

Status
Not open for further replies.
D

dtalk

Posts: 29   +0
Hello everyone,

Our family PC is infected with the Google redirect virus when using IE as well as a popup Windows explorer error ( Modname: owarofib.dll ModVer:10.0.0.891 Offset:00002a03) after startup. I have completed the recommended 8 step instructions.

Thanks in advance for all your help.

NOTE: GMER.log to be sent separately due to size
 

Attachments

  • Attach.txt
    17.6 KB · Views: 0
  • DDS.txt
    15.9 KB · Views: 1
  • mbam-log-2010-09-13 (23-00-02).txt
    2.1 KB · Views: 3
Step 4: GMER log

I have attached a zip file of the GMER.log due to its size.
 

Attachments

  • gmer.zip
    8.9 KB · Views: 1
Welcome aboard
yahooo.gif


Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Redirect Virus & Windows Explorer Signature Errors

Broni & Julio - Thanks for the quick reply and help!

The text exceeded the limit so I have attached the TDSSKiller log file.
 

Attachments

  • TDSSKiller.2.4.2.1_14.09.2010_22.07.59_log.txt
    59 KB · Views: 2
Good :)

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Daily Redirect Virus & Windows Explorer Signature Error

Broni,

Sorry, I think I just created a new post with my previous reply.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200000c

Kernel Drivers (total 169):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 klmdb.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0C8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0D8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E2F000 iaStor.sys
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E0F000 fltmgr.sys
0xB9DFD000 sr.sys
0xB9DE7000 DRVMCDB.SYS
0xBA108000 PxHelp20.sys
0xB9DD0000 KSecDD.sys
0xB9DBD000 WudfPf.sys
0xB9D30000 Ntfs.sys
0xB9D03000 NDIS.sys
0xB9CE7000 Apsx86.sys
0xBA338000 ApsHM86.sys
0xBA118000 ohci1394.sys
0xBA128000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CCD000 Mup.sys
0xB9CA5000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA238000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB83DC000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8387000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA428000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8363000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB833B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7179000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB89AC000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB7165000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB7154000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB7140000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB70EE000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB899C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA358000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB70C2000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA668000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA360000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA368000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xB9C03000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9BFF000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB898C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA370000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA66A000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xB897C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB896C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7027000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9BF7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9BEF000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA5B8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA390000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xBA710000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5BA000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA398000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB94DD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB608B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA158000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA168000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB607A000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA178000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB708A000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB7082000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB707A000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB5A85000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA208000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB706A000 \SystemRoot\system32\DRIVERS\psadd.sys
0xB7062000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xBA5C8000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB59DD000 \SystemRoot\system32\DRIVERS\update.sys
0xBA5A4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB983A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB5E0B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA3F74000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA3F50000 \SystemRoot\system32\drivers\portcls.sys
0xB5DEB000 \SystemRoot\system32\drivers\drmk.sys
0xA3F38000 \SystemRoot\system32\drivers\AEAudio.sys
0xA3F04000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA3E12000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA3D5F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB9C8D000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xA3FC8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7F0000 \SystemRoot\System32\Drivers\Null.SYS
0xA3FC6000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3F0000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xBA400000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA408000 \SystemRoot\System32\drivers\vga.sys
0xA3FC4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xA3FC2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA418000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA438000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9C53000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA1171000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA10F8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB895C000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA0DA4000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA0B57000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA0B35000 \SystemRoot\System32\drivers\afd.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3C8000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xBA3D0000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA0B13000 \??\C:\Documents and Settings\Admin\My Documents\SASKUTIL.SYS
0xBA3E0000 \??\C:\Documents and Settings\Admin\My Documents\SASDIFSV.SYS
0xA0AE8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA0A78000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2FDE000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xBA1F8000 \SystemRoot\System32\Drivers\Fips.SYS
0x9E8F3000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA09A5000 \SystemRoot\System32\drivers\ANC.SYS
0xB5F62000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x9A955000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB59CD000 \SystemRoot\System32\drivers\Dxapi.sys
0x9B8EB000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA309C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA0FD3000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA2C8000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xBA2D8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA75A000 \SystemRoot\System32\DLA\DLADResN.SYS
0x9A482000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xA0FCB000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA666000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x9AC71000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x9A46A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x9A454000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB5B8C000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9B92B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9B91F000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x9A43D000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9A1A5000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9A09C000 \SystemRoot\System32\Drivers\HTTP.sys
0x9A00F000 \SystemRoot\system32\drivers\wdmaud.sys
0x9B34C000 \SystemRoot\system32\drivers\sysaudio.sys
0xA0517000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x99D5F000 \SystemRoot\system32\DRIVERS\srv.sys
0xBA5EC000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xBA470000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x981F5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
1344 C:\WINDOWS\system32\smss.exe
1620 C:\WINDOWS\system32\csrss.exe
1644 C:\WINDOWS\system32\winlogon.exe
1688 C:\WINDOWS\system32\services.exe
1700 C:\WINDOWS\system32\lsass.exe
1884 C:\WINDOWS\system32\ibmpmsvc.exe
1912 C:\WINDOWS\system32\svchost.exe
1980 C:\WINDOWS\system32\svchost.exe
2020 C:\WINDOWS\system32\svchost.exe
224 C:\WINDOWS\system32\svchost.exe
296 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
416 C:\WINDOWS\system32\svchost.exe
468 C:\WINDOWS\system32\svchost.exe
796 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1228 C:\WINDOWS\system32\spoolsv.exe
1328 C:\WINDOWS\system32\svchost.exe
1384 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1452 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1548 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1752 C:\WINDOWS\system32\svchost.exe
2040 C:\WINDOWS\system32\svchost.exe
328 C:\WINDOWS\system32\svchost.exe
284 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
744 C:\Program Files\IObit\IObit Security 360\is360srv.exe
1484 C:\WINDOWS\explorer.exe
2244 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2296 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
2320 C:\WINDOWS\system32\svchost.exe
2332 C:\WINDOWS\system32\srvany.exe
2368 C:\WINDOWS\system32\svchost.exe
2376 C:\pvsw\bin\w3dbsmgr.exe
2444 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
2488 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2556 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
2612 C:\WINDOWS\system32\svchost.exe
2736 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2812 C:\WINDOWS\system32\TPHDEXLG.exe
2860 C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
2880 C:\Documents and Settings\Admin\My Documents\SUPERAntiSpyware.exe
2892 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2900 C:\WINDOWS\system32\rundll32.exe
2928 C:\Program Files\Windows Media Player\wmpnscfg.exe
2980 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3036 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
3044 C:\Program Files\WinZip\WZQKPICK.EXE
3112 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
3152 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
3224 C:\Program Files\Canon\CAL\CALMAIN.exe
3236 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
3280 C:\Program Files\Lenovo\System Update\SUService.exe
3340 C:\Program Files\Windows Media Player\wmpnetwk.exe
3452 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3460 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3584 C:\WINDOWS\system32\dwwin.exe
2436 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
2908 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3080 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3260 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
644 C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
5188 C:\Program Files\Internet Explorer\iexplore.exe
5744 C:\WINDOWS\system32\wscntfy.exe
5792 C:\Program Files\Internet Explorer\iexplore.exe
5240 C:\Program Files\Internet Explorer\iexplore.exe
6028 C:\Program Files\Internet Explorer\iexplore.exe
4600 C:\Documents and Settings\Admin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9160823AS, Rev: 3.CMC

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: B68E351C84A33D71CD3E7447306705CAD93F98D7


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
Daily Redirect Virus & Windows Explorer Signature Error

Hi Broni,

I have downloaded and run the ComboFix executable. The report is attached due to text size.

Thanks again for your help,
Dan
 

Attachments

  • ComboFix.txt
    32.4 KB · Views: 1
How is redirection?

Your MBR seems to be infected.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

  • Place a blank CD in your CD drive.
  • Double click on NTBR_CD.exe file and a folder of the same name will appear.
  • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
  • Follow the prompts to burn the CD.
  • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
  • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
  • Insert the newly created CD into your infected PC and reboot your computer.
  • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
  • Read the warning and then continue as prompted.
  • You first need to select your keyboard layout - press Enter for English.
  • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
  • On the following screen enter 5 to select Install Standard MBR code.
  • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
  • When asked to confirm please do so.
  • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
  • Eject the disc and then press ctrl+alt+del to reboot the PC.
Once rebooted, run MBRCheck again and post its log.
 
Hi Broni,

Thank you so much! The IE redirection appears to be resolved as well as the Windows Explorer pop-up errors since running ComboFix. I have completed the steps to remove the infected MBR. Below is the latest MBRCheck results.

Dan

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200000c

Kernel Drivers (total 170):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xB9EED000 atapi.sys
0xB9E2F000 iaStor.sys
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E0F000 fltmgr.sys
0xB9DFD000 sr.sys
0xB9DE7000 DRVMCDB.SYS
0xBA0F8000 PxHelp20.sys
0xB9DD0000 KSecDD.sys
0xB9DBD000 WudfPf.sys
0xB9D30000 Ntfs.sys
0xB9D03000 NDIS.sys
0xB9CE7000 Apsx86.sys
0xBA338000 ApsHM86.sys
0xBA108000 ohci1394.sys
0xBA118000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9CCD000 Mup.sys
0xBA2D8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA158000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB82BA000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB82A6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8265000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA460000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8241000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA468000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8219000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB7FF6000 \SystemRoot\system32\DRIVERS\NETw4x32.sys
0xB7FE2000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB7FD1000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB7FBD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB7F6B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xBA168000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA470000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7F3F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA624000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA480000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xB9CA5000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB9CA1000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xBA178000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA488000 \SystemRoot\system32\drivers\iviaspi.sys
0xBA626000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA188000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA198000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7F1C000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9C99000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB9C91000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA628000 \SystemRoot\system32\DRIVERS\serscan.sys
0xBA490000 \SystemRoot\system32\DRIVERS\tvtpktfilter.sys
0xBA791000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA62A000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1A8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9C89000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7F05000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7EF4000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA348000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xB7EC4000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA358000 \SystemRoot\system32\DRIVERS\psadd.sys
0xBA360000 \SystemRoot\system32\DRIVERS\Tvti2c.sys
0xBA62C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7E3E000 \SystemRoot\system32\DRIVERS\update.sys
0xB9C4F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB889A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA2B8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xA67F4000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xA67D0000 \SystemRoot\system32\drivers\portcls.sys
0xB9634000 \SystemRoot\system32\drivers\drmk.sys
0xA66AE000 \SystemRoot\system32\drivers\AEAudio.sys
0xA667A000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xA6588000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xA6485000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xA706B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xBA5BC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xA4C14000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5BE000 \SystemRoot\System32\Drivers\Beep.SYS
0xA6540000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xA6538000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA4F1D000 \SystemRoot\System32\drivers\vga.sys
0xBA5C0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xA4F15000 \SystemRoot\System32\Drivers\Msfs.SYS
0xA4F0D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xA705F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA3063000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA300A000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xA4E95000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA2FE4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2FBC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xA2E37000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA4E75000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2E15000 \SystemRoot\System32\drivers\afd.sys
0xA4E65000 \SystemRoot\system32\drivers\ip6fw.sys
0xA4E55000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA4EF5000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xA4EED000 \SystemRoot\System32\drivers\Tppwrif.sys
0xA2D49000 \??\C:\Documents and Settings\Admin\My Documents\SASKUTIL.SYS
0xA4EE5000 \??\C:\Documents and Settings\Admin\My Documents\SASDIFSV.SYS
0xA2CCE000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA2C5E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA5C4000 \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys
0xBA148000 \SystemRoot\System32\Drivers\Fips.SYS
0xA2B6E000 \SystemRoot\System32\Drivers\aswSP.SYS
0xA46CB000 \SystemRoot\System32\drivers\ANC.SYS
0xA4226000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x99F1C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0x99BC7000 \SystemRoot\System32\drivers\Dxapi.sys
0x9AFA1000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0x9955D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04E000 \SystemRoot\System32\igxpdv32.DLL
0xBF1F2000 \SystemRoot\System32\igxpdx32.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA30C6000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xA240F000 \SystemRoot\system32\DRIVERS\tvtfilter.sys
0xA23FF000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA6D8000 \SystemRoot\System32\DLA\DLADResN.SYS
0x982F4000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB9BFF000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x9AB28000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA430000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x982DC000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x982C6000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xA420E000 \SystemRoot\system32\DRIVERS\AegisP.sys
0x9EB77000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9EB6F000 \SystemRoot\system32\DRIVERS\s24trans.sys
0x982AF000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x9816A000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x98089000 \SystemRoot\System32\Drivers\HTTP.sys
0x98069000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x97F6A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA0D22000 \??\C:\WINDOWS\System32\drivers\pmemnt.sys
0xA2D31000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x976E5000 \SystemRoot\system32\drivers\wdmaud.sys
0x97942000 \SystemRoot\system32\drivers\sysaudio.sys
0x975F7000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
1348 C:\WINDOWS\system32\smss.exe
1400 csrss.exe
1424 C:\WINDOWS\system32\winlogon.exe
1468 C:\WINDOWS\system32\services.exe
1480 C:\WINDOWS\system32\lsass.exe
1656 C:\WINDOWS\system32\ibmpmsvc.exe
1684 C:\WINDOWS\system32\svchost.exe
1752 svchost.exe
1792 C:\WINDOWS\system32\svchost.exe
1824 C:\WINDOWS\system32\svchost.exe
1872 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
1996 svchost.exe
252 svchost.exe
496 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
932 C:\WINDOWS\system32\spoolsv.exe
1004 svchost.exe
1044 C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
1144 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1216 PresentationFontCache.exe
1324 C:\WINDOWS\system32\svchost.exe
1368 C:\WINDOWS\system32\svchost.exe
1708 C:\WINDOWS\system32\svchost.exe
1820 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1956 C:\Program Files\IObit\IObit Security 360\is360srv.exe
2160 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2196 sqlservr.exe
2236 C:\WINDOWS\system32\svchost.exe
2300 C:\WINDOWS\system32\srvany.exe
2340 C:\pvsw\bin\w3dbsmgr.exe
2364 C:\WINDOWS\system32\svchost.exe
2392 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
2448 C:\WINDOWS\system32\svchost.exe
2480 C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
2512 C:\WINDOWS\system32\TPHDEXLG.exe
2532 tvttcsd.exe
2572 C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
2664 C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
2680 C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
2704 C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
2756 C:\Program Files\Canon\CAL\CALMAIN.exe
2780 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
2832 C:\Program Files\Lenovo\System Update\SUService.exe
2888 wmpnetwk.exe
3048 C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
3192 C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
3800 alg.exe
360 C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
620 Dot1XCfg.exe
2064 C:\WINDOWS\explorer.exe
2184 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3484 C:\Documents and Settings\Admin\My Documents\SUPERANTISPYWARE.EXE
3760 C:\Program Files\Windows Media Player\wmpnscfg.exe
3972 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3996 C:\Program Files\WinZip\WZQKPICK.EXE
2544 C:\WINDOWS\system32\wuauclt.exe
396 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
552 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
680 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3852 C:\Program Files\ThinkPad\ConnectUtilities\ACMainGUI.exe
4008 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
1208 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
344 wmiprvse.exe
1320 C:\Program Files\Internet Explorer\iexplore.exe
4664 C:\Program Files\Internet Explorer\iexplore.exe
5132 C:\Program Files\Internet Explorer\iexplore.exe
4472 C:\Documents and Settings\Admin\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST9160823AS, Rev: 3.CMC

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
Daily Redirect Virus & Windows Explorer Signature Error

Hi Broni,

I have attached the Combofix log.

Thanks,
Dan
 

Attachments

  • ComboFix.zip
    7.5 KB · Views: 0
Broni,

Sorry about the zip file. Here is the attached text file.

Dan
 

Attachments

  • ComboFix.txt
    31.2 KB · Views: 1
Please, uninstall Frontline Registry Cleaner.
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

========================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\Kqabiwuvubo.dat
c:\windows\Oruridakipipa.bin

DirLook::
c:\documents and settings\Admin\Application Data\Etbie
c:\documents and settings\Admin\Application Data\Zavo
c:\documents and settings\Admin\Application Data\Xosyi
c:\documents and settings\Admin\Application Data\Ukufa
c:\documents and settings\Admin\Application Data\Oboq


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Hello Broni,

I have uninstalled the Frontline Registry program and the Combofix log is attached. Thanks again for working with me to resolve this problem.

Dan
 

Attachments

  • ComboFix.txt
    31.5 KB · Views: 1
Combofix log looks good now :)

Regarding your sound, try to reinstall sound driver.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Broni - I attached the OTL.txt file due to exceeding the text size limit.

NOTE: Sound is ok now.

Dan
 

Attachments

  • OTL.Txt
    181.3 KB · Views: 1
Broni,

Attached is the Extras.txt file due to exceeding character size limit (20000).

Thanks,
Dan
 
Broni,

Sorry I forgot to upload the Extras.txt file.

Dan
 

Attachments

  • Extras.Txt
    55.8 KB · Views: 1
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2010/08/18 03:05:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/08/18 03:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/08/11 12:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\tydfbevcx
[2010/07/24 15:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nbvydbmai
[2010/07/17 15:36:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\sgcntevnv


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Broni,

Java updated, old versions removed, OTL output below.

NOTE: Java check for correct update failed twice. Selected download option. Did not see any option regarding toolbar

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ deleted successfully.
File F69DE43-7D58-4638-B6FA-CE66B5AD205D} not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\ not found.
File D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Folder C:\Documents and Settings\All\ not found.
Folder C:\Program Files\Frontline\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
Folder C:\Documents and\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 697189 bytes
->Temporary Internet Files folder emptied: 41874314 bytes
->Java cache emptied: 2027 bytes
->Flash cache emptied: 33501 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.FANTASNICK
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 934022 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 9765 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70363 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 0 bytes

User: Administrator

User: Administrator.FANTASNICK

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09162010_213417

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Status
Not open for further replies.

Similar threads

S
Solved Windows Task Manager crashes after opening
2
Replies
32
Views
10K
Broni
Broni
A
Solved My computer was hit by unknown malware
2
Replies
30
Views
11K
Broni
Broni
learninmypc
Solved Slow to boot up & shut down
Replies
6
Views
4K
Broni
Broni

Latest posts

Back