Inactive (new TDL4) Keylogged & IE with a mind of its own

The connectivity is still down with the same issue. It may have been combofix that caused the issue. I didn't need to restart until OTL forced me to from my recollection. Should I restore to an even earlier point?
 
Last Combofix didn't remove anything.

See if you can run Farbar Service Scanner now.
 
It's like Blackmagic... I restored to 12/03/11 4:38:28 am EST

That is the same restore point I took it to last night, before CF and aswMBR logs.

Everything works, but I'm pretty sure we brought back the traces of AVG 2011 we keep spotting after running CF.

However!

I don't get redirected nor does IE control itself. So I'm unsure just how threatening the virus is in this state, if at all.
 
We'll leave Combofix alone.

Create new restore point again and run my OTL fix script.
 
I'm pretty sure it didn't work this time around, here's the log:

Error: Unable to interpret <netsvcs> in the current context!
Error: Unable to interpret <drivers32> in the current context!
Error: Unable to interpret <%SYSTEMDRIVE%\*.*> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.com> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.dll> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.ini2> in the current context!
Error: Unable to interpret <%systemroot%\Fonts\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\spool\prtprocs\w32x86\*.*> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.bak1> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.ini> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.jpg> in the current context!
Error: Unable to interpret <%systemroot%\*.jpg> in the current context!
Error: Unable to interpret <%systemroot%\*.png> in the current context!
Error: Unable to interpret <%systemroot%\*.scr> in the current context!
Error: Unable to interpret <%systemroot%\*._sy> in the current context!
Error: Unable to interpret <%APPDATA%\Adobe\Update\*.*> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Favorites\*.*> in the current context!
Error: Unable to interpret <%APPDATA%\Microsoft\*.*> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\*.*> in the current context!
Error: Unable to interpret <%APPDATA%\Update\*.*> in the current context!
Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\bak. /s> in the current context!
Error: Unable to interpret <%systemroot%\system32\bak. /s> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\Start Menu\*.lnk /x> in the current context!
Error: Unable to interpret <%systemroot%\system32\config\systemprofile\*.dat /x> in the current context!
Error: Unable to interpret <%systemroot%\*.config> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.db> in the current context!
Error: Unable to interpret <%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x> in the current context!
Error: Unable to interpret <%USERPROFILE%\Desktop\*.exe> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Common Files\*.*> in the current context!
Error: Unable to interpret <%systemroot%\*.src> in the current context!
Error: Unable to interpret <%systemroot%\install\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\DLL\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\HelpFiles\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\rundll\*.*> in the current context!
Error: Unable to interpret <%systemroot%\winn32\*.*> in the current context!
Error: Unable to interpret <%systemroot%\Java\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\test\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\Rundll32\*.*> in the current context!
Error: Unable to interpret <%systemroot%\AppPatch\Custom\*.*> in the current context!
Error: Unable to interpret <%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\PC-Doctor\Downloads\*.*> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\*.tmp> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Internet Explorer\*.dat> in the current context!
Error: Unable to interpret <%USERPROFILE%\My Documents\*.exe> in the current context!
Error: Unable to interpret <%USERPROFILE%\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\ADDINS\*.*> in the current context!
Error: Unable to interpret <%systemroot%\assembly\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\Config\*.*> in the current context!
Error: Unable to interpret <%systemroot%\REPAIR\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\SECURITY\Database\*.sdb /x> in the current context!
Error: Unable to interpret <%systemroot%\SYSTEM\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\Web\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\Driver Cache\*.*> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\0*.exe> in the current context!
Error: Unable to interpret <%ProgramFiles%\Microsoft Common\*.*> in the current context!
Error: Unable to interpret <%ProgramFiles%\TinyProxy.> in the current context!
Error: Unable to interpret <%USERPROFILE%\Favorites\*.url /x> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.bk> in the current context!
Error: Unable to interpret <%systemroot%\*.te> in the current context!
Error: Unable to interpret <%systemroot%\system32\system32\*.*> in the current context!
Error: Unable to interpret <%ALLUSERSPROFILE%\*.dat /x> in the current context!
Error: Unable to interpret <%systemroot%\system32\drivers\*.rmv> in the current context!
Error: Unable to interpret <dir /b "%systemroot%\system32\*.exe" | find /i " " /c> in the current context!
Error: Unable to interpret <dir /b "%systemroot%\*.exe" | find /i " " /c> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Microsoft\*.*> in the current context!
Error: Unable to interpret <%systemroot%\System32\Wbem\proquota.exe> in the current context!
Error: Unable to interpret <%PROGRAMFILES%\Mozilla Firefox\*.dat> in the current context!
Error: Unable to interpret <%USERPROFILE%\Cookies\*.txt /x> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\fonts\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\winlog\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\Language\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\Settings\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.quo> in the current context!
Error: Unable to interpret <%SYSTEMROOT%\AppPatch\*.exe> in the current context!
Error: Unable to interpret <%SYSTEMROOT%\inf\*.exe> in the current context!
Error: Unable to interpret <%SYSTEMROOT%\Installer\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\config\*.bak2> in the current context!
Error: Unable to interpret <%systemroot%\system32\Computers\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\Sound\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\SpecialImg\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\code\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\draft\*.*> in the current context!
Error: Unable to interpret <%SystemRoot%\system32\MSSSys\*.*> in the current context!
Error: Unable to interpret <%ProgramFiles%\Javascript\*.*> in the current context!
Error: Unable to interpret <%systemroot%\pchealth\helpctr\System\*.exe /s> in the current context!
Error: Unable to interpret <%systemroot%\Web\*.exe> in the current context!
Error: Unable to interpret <%systemroot%\system32\msn\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\*.tro> in the current context!
Error: Unable to interpret <%AppData%\Microsoft\Installer\msupdates\*.*> in the current context!
Error: Unable to interpret <%ProgramFiles%\Messenger\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system32\systhem32\*.*> in the current context!
Error: Unable to interpret <%systemroot%\system\*.exe> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU> in the current context!
Error: Unable to interpret <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs> in the current context!
Error: Unable to interpret </md5start> in the current context!
Error: Unable to interpret </md5stop> in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12042011_164130
 
I was trying to run the wrong script entirely, we've created quite the long thread. haha

Running it now, thanks for pointing that out.
 
Alright, since running the OTL fix windows refuses to boot up. I ran an automatic repair that did nothing to fix the issue. Recovery disk time?
 
It's currently attempting another automatic repair, it's searching longer this time instead of immediatley attempting to repair, could stumble on the problem so going to let it run.
 
Since running correct OTL fix?

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

bootrec /fixboot

exit

Restart computer.
 
So windows cannot make it past the 4 glowing lights that form the windows flag. System restore comes up with the error that startup repair cannot automatically fix this computer.

I ran the commands you wrote out in bold but nothing changed, it still stops just short of the windows password screen and tells me windows failed to launch.

Both those commands entered successfully.
 
Uh oh...

I'm slightly worried now. Even though I "KNOW" I created a restore point, and had multiple ones besides the one I created. The system isn't finding any restore points.
 
I'm afraid we're dealing with some serious Windows corruption.
Did you try to boot to Safe Mode?
 
Safe mode stops loading waaaaaay too earlier at something like WMLIB.sys and reboots the computer. Same any other safe mode.
 
You must log in or register to reply here.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
dubs1987
Solved Possible virus infection (slowing down of browsing, programs, etc)
Replies
22
Views
5K
Broni
Broni

Latest posts

Back