Inactive Malwarebytes won't Run and Some Browser Problems

[Gyvs]

I'm in the process of doing the 5-step virus/malware/spyware removal instrucions. I have already installed Malwarebytes but It doesn't seem to run. I tried to open it again but unfortunately, it still won't work. (Edit: so I've read that Instructions for others may not be instructions for me too so I removed that part, Sorry)

Another problem with my browser is that It keeps on redirecting(not sure if I'm really being redirected since the address doesn't really change) me to a site which somehow has the same layout as facebook. The states that I was chosen for some random human verification test (which is a survey) and then it will tell me that there are no available surveys for my country and then there would be nothing else for me to do but to refresh the page. this happens to any site that I try to visit. I can sometimes work around with this by stopping the browser from loading but, there are times where that won't just do.

Here is an Image of the site that I am being redirected to.

http://img834.imageshack.us/img834/2630/seccheck.jpg

 

[Gyvs]

Programs won't work

So, since the malwarebytes won't run, I tried to check the logs for the other 2 programs (GMER and DDS). My problem now is that both of them also doesn't work.

When I tried GMER it performed the initial scan but nothing came out even the log that I saved had nothing in it. I tried pressing the scan button and it was scanning normally until my computer froze and stopped working. (please tell me if there's is something wrong with my procedure, I might be doing something wrong.)

Next is the DDS. I saved it in the desktop, clicked it then allowed it to run. Now, the problem is that there was no small box explaining things about the tool that opened. A notepad opened named dds but the text inside is all jumbled with different kinds of symbols. Also, there was no attach.txt file that opened.

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================================================

Download TDSSKiller and save it to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[Gyvs]

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_26
Run by user at 9:12:21 on 2011-11-03
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.364 [GMT 8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\user\My Documents\My Backups\timmy\Plants vs Zombies\PlantsVsZombies.exe
C:\Documents and Settings\user\My Documents\My Backups\timmy\Plants vs Zombies\popcapgame1.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Globe Broadband\Globe Broadband.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Taskman=c:\documents and settings\user\fxmdk.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Microsoft Helper: {c9c42510-9b41-42c1-9dcd-7282a2d07c65} - c:\documents and settings\user\application data\microsoft\BHO32-WGSTI.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Microsoft Firewall 2.9] c:\docume~1\user\locals~1\temp\MSFW.exe
uRun: [Microsoft iexplorer11] c:\docume~1\user\locals~1\temp\iexplore.exe
uRun: [Exception Handler OEM] c:\documents and settings\user\application data\xi-h83df-384922-jo\winmsger.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Microsoft Firewall 2.9] c:\docume~1\user\locals~1\temp\MSFW.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Snap] c:\program files\usb 2.0 pc camera\Camera Snap.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 202.126.40.5 222.127.143.5
TCP: Interfaces\{A5BACF5E-6AB0-478C-A35E-C3AABEDAA924} : DhcpNameServer = 202.126.40.5 222.127.143.5
Notify: igfxcui - igfxdev.dll
IFEO: a2guard.exe - ntsd -d
IFEO: a2service.exe - ntsd -d
IFEO: a2start.exe - ntsd -d
IFEO: Ad-Aware.exe - ntsd -d
IFEO: Ad-AwareAdmin.exe - ntsd -d
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\30utfx20.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><description about=urn:mozilla:install-manifest><em:id>{a75dc39b-6438-4102-919f-f286bdd5c5e4}: {a75dc39b-6438-4102-919f-f286bdd5c5e4} - c:\program files\mozilla firefox\extensions\{a75dc39b-6438-4102-919f-f286bdd5c5e4}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-26 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-26 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-1-26 56816]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2009-11-19 582992]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2010-12-25 114432]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [2010-12-25 100736]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-2 27632]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2009-11-19 206608]
S2 ai7m5fmis4mqn;BCL easyPDF SDK Loader;c:\windows\system32\louhyt.exe --> c:\windows\system32\louhyt.exe [?]
S2 aoypd6oayuyu;BeTwin Terminal Services;c:\documents and settings\localservice\application data\microsoft\duridou.exe --> c:\documents and settings\localservice\application data\microsoft\duridou.exe [?]
S2 lo6moirc7diuot;Network Connectivity Service;c:\windows\system32\nafuwoul.exe --> c:\windows\system32\nafuwoul.exe [?]
S2 SSHNAS;SSHNAS;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 yj5y8iul9f;ASF Agent;c:\documents and settings\localservice\application data\microsoft\vipymmiroo.exe --> c:\documents and settings\localservice\application data\microsoft\vipymmiroo.exe [?]
S3 devlower;Audio Driver Afilter;c:\windows\system32\drivers\devlower.sys [2002-1-1 9216]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-7-2 13224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys --> c:\windows\system32\drivers\motodrv.sys [?]
S3 ntportio;ntportio;\??\c:\documents and settings\user\my documents\my backups\timmy\programs\phone\ericsson\semctool_v8.4_free\ntportio.sys --> c:\documents and settings\user\my documents\my backups\timmy\programs\phone\ericsson\semctool_v8.4_free\ntportio.sys [?]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2009-11-19 206608]
S3 usbcamcl;Driver for video Device;c:\windows\system32\drivers\usbcamcl.sys [2002-1-1 31104]
S4 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\supportappxl\cdrom_mon.exe [2010-9-22 81920]
S4 pdzui;pdzui; [x]
S4 zxwmxfaxf;zxwmxfaxf; [x]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-10-23 06:34:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-03 05:09:56 60416 ----a-w- c:\windows\ALCFDRTM.VER
2011-09-01 02:59:37 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2011-08-31 09:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 09:48:09 208896 ----a-w- c:\documents and settings\user\application data\30.exe
2011-08-19 09:47:55 253952 ----a-w- c:\documents and settings\user\application data\2C.exe
2011-08-19 09:47:26 350544 ----a-w- c:\windows\system32\msvcr100.dll
2011-08-19 09:46:17 253952 ----a-w- c:\documents and settings\user\application data\26.exe
2010-04-22 22:17:44 451 ----a-w- c:\program files\0422201015174431.bat
.
============= FINISH: 9:12:43.81 ===============

 

[Gyvs]

Here's the log for the attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/17/2009 10:04:12 AM
System Uptime: 11/3/2011 6:01:50 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5GC-MX/1333
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | LGA 775 | 2399/200mhz
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | LGA 775 | 2400/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 0.851 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_1969&DEV_2048&SUBSYS_82331043&REV_A0\4&38D2602C&0&00E1
Service:
.
==== System Restore Points ===================
.
RP296: 10/5/2011 12:48:06 PM - System Checkpoint
RP297: 10/12/2011 10:51:40 AM - System Checkpoint
RP298: 10/13/2011 6:12:12 PM - System Checkpoint
RP299: 10/20/2011 3:18:18 PM - System Checkpoint
RP300: 10/24/2011 6:19:47 PM - System Checkpoint
RP301: 10/27/2011 7:06:28 PM - System Checkpoint
RP302: 1/1/2002 12:30:56 AM - System Checkpoint
RP303: 10/29/2011 4:05:24 PM - System Checkpoint
RP304: 10/31/2011 11:24:00 AM - System Checkpoint
RP305: 11/1/2011 3:46:39 PM - System Checkpoint
RP306: 11/2/2011 11:23:57 PM - Restore Operation
.
==== Image File Execution Options =============
.
IFEO: a2guard.exe - ntsd -d
IFEO: a2service.exe - ntsd -d
IFEO: a2start.exe - ntsd -d
IFEO: Ad-Aware.exe - ntsd -d
IFEO: Ad-AwareAdmin.exe - ntsd -d
IFEO: AvastSvc.exe - ntsd -d
IFEO: avastUI.exe - ntsd -d
IFEO: AVK.exe - ntsd -d
IFEO: AVKWctl.exe - ntsd -d
IFEO: avp.exe - ntsd -d
IFEO: avshadow.exe - ntsd -d
IFEO: bdagent.exe - ntsd -d
IFEO: ccSvcHst.exe - ntsd -d
IFEO: cfp.exe - ntsd -d
IFEO: CLPSLS.exe - ntsd -d
IFEO: cmdagent.exe - ntsd -d
IFEO: conime.exe - wnpxbx.exe
IFEO: DefWatch.exe - ntsd -d
IFEO: egui.exe - ntsd -d
IFEO: ekrn.exe - ntsd -d
IFEO: GDSC.exe - ntsd -d
IFEO: GDScan.exe - ntsd -d
IFEO: guardxp.exe - ntsd -d
IFEO: KAV32.exe - ntsd -d
IFEO: KAVSVC.exe - ntsd -d
IFEO: livesrv.exe - ntsd -d
IFEO: mbam.exe - ntsd -d
IFEO: mbamservice.exe - ntsd -d
IFEO: MRT.exe - ntsd -d
IFEO: mrtstub.exe - ntsd -d
IFEO: msascui.exe - ntsd -d
IFEO: msmpeng.exe - ntsd -d
IFEO: PREVX.exe - ntsd -d
IFEO: Rtvscan.exe - ntsd -d
IFEO: seccenter.exe - ntsd -d
IFEO: symlcsvc.exe - ntsd -d
IFEO: virusutilities.exe - ntsd -d
IFEO: vsserv.exe - ntsd -d
.
==== Installed Programs ======================
.
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Any Video Converter 3.0.3
Apple Application Support
Apple Software Update
Arctic Quest 2
AutoCAD 2007 - English
Autodesk DWF Viewer
Avira AntiVir Personal - Free Antivirus
Charma
Cheat Engine 5.5
Dynomite Deluxe 2.71
Escape Rosecliff Island
Excel OM 2
Globe Broadband
Heavy Weapon Deluxe 1.0
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HP USB Disk Storage Format Tool
Iggle Pop Deluxe 1.0
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 26
Macromedia Flash Player 8
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan
Microsoft .NET Framework 2.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox (3.6.21)
MSXML 6.0 Parser
Ocean Quest
PDF reDirect (remove only)
PDF Settings
ProModel 6.0
QuickTime
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Skype™ 5.3
SMART BRO
Super Mario Flash v1.0
Tetris Game Gold
Trend Micro RUBotted
Typer Shark Deluxe 1.02
USB2.0 PC CAMERA
VBA (2627.01)
VLC media player 0.9.9
WebFldrs XP
Windows Installer 3.1 (KB893803)
WinRAR archiver
Word Harmony Deluxe 1.0
Yahoo! Messenger
YouTube Downloader 2.7
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
8/15/2012 10:58:45 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/13/2012 3:48:49 PM, error: Service Control Manager [7034] - The Autorun CDROM Monitor service terminated unexpectedly. It has done this 1 time(s).
8/11/2012 8:12:09 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/11/2012 5:29:47 AM, error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\D.
8/11/2012 12:09:03 AM, error: W32Time [34] - The time service has detected that the system time needs to be changed by -63644948 seconds. The time service will not change the system time by more than -54000 seconds. Verify that your time and time zone are correct, and that the time source time.windows.com (ntp.m|0x1|10.146.173.195:123->207.46.197.32:123) is working properly.
.
==== End Of File ===========================

 

[Broni]

Please disable "word wrap" in Notepad as your logs are harder to read.

I uploaded TDSSKiller for you here: http://www.filedropper.com/tdsskiller_2

 

[Gyvs]

I have edited the post above and where the word wrap is disabled.

I can't seem to open the TDSSKILLER. It's saying that TDSSKILLER is not a valid win32 application. I'm sorry for asking too much.

Here's my System Information By the way:

Microsoft Windows XP
Professional

Version 2002

Service Pack 2

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!