Solved i open search in new tab it opens othe search

August 23, 2011 at 08:50:27
Specs: Windows XP, 1800/800
when i try to open in other tabs the search on google, it opens not website what i want but it opens another search for that key word in another search engines.

i downloaded melwarebytes and run complete scan and it found some viruses but the problem is still present....

please do you know what i can do?

should i format everything and install new windows..?


See More: i open search in new tab it opens othe search

Report •


✔ Best Answer
August 23, 2011 at 20:09:02
Josef,

Next step…

If you have run ComboFix before, please remove it from your computer!!

There is a new and updated version that you need to use:

Please download ComboFix:
http://download.bleepingcomputer.co...

** IMPORTANT- Save ComboFix.exe to your Desktop


>>Temporarily disable your AntiVirus and AntiSpyware programs, as they interfere with this tool and malware removal.<<

If you are unsure how to do this, please refer to How to Disable your Security Applications:
http://www.techsupportforum.com/sec...

XP users - Double click on ComboFix.exe and follow the prompts.

As part of it's process, ComboFix checks if the Microsoft Windows Recovery Console (RC) is installed. If not, it is strongly recommended you install the RC on your machine before doing any malware removal.

If needed, the RC allows the computer to boot up into a special recovery/repair mode.

Follow the prompts for ComboFix to download and install the Microsoft Windows Recovery Console.

Click on ‘Yes‘, to continue scanning.

When finished, ComboFix produces a log: C:\ComboFix.txt

Since this report can also be quite large, please go to the ‘Uploading’ website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE



#1
August 23, 2011 at 11:04:45
Josef,

Open Malwarebytes', go to the 'Logs' tab, find the report that was created, and post it in your reply.

It will give us a starting point to work with.

Thanks!

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

#2
August 23, 2011 at 12:19:55
Thank you very much for help


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7544

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

8/23/2011 10:58:50 AM
mbam-log-2011-08-23 (10-58-50).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 193287
Time elapsed: 53 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NVSvc (Trojan.PatchLoad) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\redbook (Heuristics.Shuriken) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FileHunter (PUP.FileHunter) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Jozef\application data\filehunter (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\downloads (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\downloads\cinderella.man.ws.dvdrip.xvid-diamond (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\metafiles (PUP.FileHunter) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\nvsvc32.exe (Trojan.PatchLoad) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\redbook.sys (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\my documents\downloads\crack.isobuster.2.8.5 (1).exe (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\my documents\downloads\crack.isobuster.2.8.5.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\pumpa.state (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\filehunter.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\pumpa.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\uninstall.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\update.exe (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\version (PUP.FileHunter) -> Quarantined and deleted successfully.
c:\documents and settings\Jozef\application data\filehunter\metafiles\e8066161babd29f454bb9d367c6095fde07031f9.torrent (PUP.FileHunter) -> Quarantined and deleted successfully.


Report •

#3
August 23, 2011 at 12:34:57
Josef,

Please download TDSSKiller
http://support.kaspersky.com/downlo...

Execute TDSSKiller.exe by double-clicking on it.

Click: ‘Start Scan’

If Malicious objects are found, DO NOT allow the tool to Cure.
Click the arrow next to 'Cure' and select Skip
We need to see the report first, as it may show false detections!!

Click Continue.

When the tool is done, a log is produced at the root drive which is typically C:\
For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

Please post the log in your reply.

Thanks.


~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

Related Solutions

#4
August 23, 2011 at 15:01:26
I am sorry, when i was trying to fix my PC i used this utility... i found it on this website in some similar case... i already scanned my pc and it found 1 virus and i cured that...

now i downloaded it again and it found 2 treats...

those are the info what it is giving

file: C:\WINDOWS\system32\DRIVERS\ipsec.sys
MD5: 518d980950174fead090b4d1a62f2e17

C:\WINDOWS\2504183242:892517738.exe
8f2bb1827cac01aee6a16e30a1260199

i dont know if it is what you need... i am afraid that not..

please is there some way that it can get the needed info?


Report •

#5
August 23, 2011 at 15:39:58
Josef,

If you already used TDSSKiller, please find its log, located here:
C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt

Please post its entire content. There is info in the report that is needed.

Thanks.

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

#6
August 23, 2011 at 16:16:41
i have 2 so i will upload bought of them

2011/08/23 12:02:23.0031 3236 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/23 12:02:23.0375 3236 ================================================================================
2011/08/23 12:02:23.0375 3236 SystemInfo:
2011/08/23 12:02:23.0375 3236
2011/08/23 12:02:23.0375 3236 OS Version: 5.1.2600 ServicePack: 2.0
2011/08/23 12:02:23.0375 3236 Product type: Workstation
2011/08/23 12:02:23.0375 3236 ComputerName: KINGDOMOFGOD
2011/08/23 12:02:23.0375 3236 UserName: Jozef
2011/08/23 12:02:23.0375 3236 Windows directory: C:\WINDOWS
2011/08/23 12:02:23.0375 3236 System windows directory: C:\WINDOWS
2011/08/23 12:02:23.0375 3236 Processor architecture: Intel x86
2011/08/23 12:02:23.0375 3236 Number of processors: 1
2011/08/23 12:02:23.0375 3236 Page size: 0x1000
2011/08/23 12:02:23.0375 3236 Boot type: Normal boot
2011/08/23 12:02:23.0375 3236 ================================================================================
2011/08/23 12:02:24.0171 3236 Initialize success
2011/08/23 12:07:55.0406 0472 ================================================================================
2011/08/23 12:07:55.0406 0472 Scan started
2011/08/23 12:07:55.0406 0472 Mode: Manual;
2011/08/23 12:07:55.0406 0472 ================================================================================
2011/08/23 12:07:55.0812 0472 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/23 12:07:55.0906 0472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/08/23 12:07:55.0953 0472 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/08/23 12:07:56.0000 0472 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
2011/08/23 12:07:56.0062 0472 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/08/23 12:07:56.0218 0472 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/23 12:07:56.0484 0472 ASNDIS5 (05a56c3156e1b6cc7bbd8e1d54d491f2) C:\WINDOWS\system32\ASNDIS5.SYS
2011/08/23 12:07:56.0546 0472 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/23 12:07:56.0578 0472 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/23 12:07:56.0640 0472 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/23 12:07:56.0687 0472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/23 12:07:56.0750 0472 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/08/23 12:07:56.0812 0472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/23 12:07:56.0843 0472 cacd4295 (8f2bb1827cac01aee6a16e30a1260199) C:\WINDOWS\2504183242:892517738.exe
2011/08/23 12:07:56.0875 0472 Suspicious file (Hidden): C:\WINDOWS\2504183242:892517738.exe. md5: 8f2bb1827cac01aee6a16e30a1260199
2011/08/23 12:07:56.0890 0472 cacd4295 - detected HiddenFile.Multi.Generic (1)
2011/08/23 12:07:56.0921 0472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/23 12:07:56.0968 0472 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/08/23 12:07:57.0046 0472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/23 12:07:57.0093 0472 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/23 12:07:57.0156 0472 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/23 12:07:57.0234 0472 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/08/23 12:07:57.0296 0472 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/08/23 12:07:57.0468 0472 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/23 12:07:57.0531 0472 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/23 12:07:57.0593 0472 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
2011/08/23 12:07:57.0625 0472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/23 12:07:57.0671 0472 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/23 12:07:57.0750 0472 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/23 12:07:57.0812 0472 eamon (1b5ca1caffc594bd37dcc8d7ef849e0b) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/08/23 12:07:57.0859 0472 ehdrv (a4241545ecff3ee97041847d83936e1f) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
2011/08/23 12:07:57.0906 0472 epfwtdir (367a97a632ec5e8521f68ffa2c700610) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/08/23 12:07:57.0984 0472 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/23 12:07:58.0031 0472 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
2011/08/23 12:07:58.0046 0472 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/23 12:07:58.0093 0472 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/08/23 12:07:58.0140 0472 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/23 12:07:58.0171 0472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/23 12:07:58.0203 0472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/23 12:07:58.0234 0472 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/23 12:07:58.0281 0472 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/23 12:07:58.0328 0472 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/23 12:07:58.0406 0472 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/23 12:07:58.0500 0472 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/23 12:07:58.0531 0472 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/23 12:07:58.0750 0472 IntcAzAudAddService (0782317ca4b1c229a0854c998c4595fe) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/23 12:07:58.0843 0472 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/23 12:07:58.0890 0472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/23 12:07:58.0937 0472 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/23 12:07:58.0968 0472 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/23 12:07:59.0031 0472 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/23 12:07:59.0078 0472 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/23 12:07:59.0125 0472 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/23 12:07:59.0171 0472 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/23 12:07:59.0218 0472 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/23 12:07:59.0250 0472 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/23 12:07:59.0265 0472 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/23 12:07:59.0343 0472 libusb0 (b280c4608ac389da9515a35ac4cab0fd) C:\WINDOWS\system32\drivers\libusb0.sys
2011/08/23 12:07:59.0390 0472 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/23 12:07:59.0437 0472 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/23 12:07:59.0484 0472 MDC8021X (d7010580bf4e45d5e793a1fe75758c69) C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
2011/08/23 12:07:59.0546 0472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/23 12:07:59.0593 0472 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/23 12:07:59.0625 0472 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/23 12:07:59.0671 0472 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/23 12:07:59.0703 0472 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/23 12:07:59.0750 0472 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/23 12:07:59.0812 0472 MRxSmb (ac397967e75a08075e7cce6a7102f383) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 12:07:59.0828 0472 MRxSmb - detected Rootkit.Win32.ZAccess.c (0)
2011/08/23 12:07:59.0859 0472 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/23 12:07:59.0906 0472 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/23 12:07:59.0921 0472 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/23 12:07:59.0937 0472 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/23 12:07:59.0968 0472 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/23 12:08:00.0015 0472 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/08/23 12:08:00.0046 0472 MTsensor (e333010a50bf603acc350f6019e9ce02) C:\WINDOWS\system32\DRIVERS\ATKACPI.sys
2011/08/23 12:08:00.0093 0472 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/23 12:08:00.0156 0472 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/08/23 12:08:00.0187 0472 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/23 12:08:00.0234 0472 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/08/23 12:08:00.0281 0472 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/23 12:08:00.0328 0472 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/23 12:08:00.0359 0472 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/23 12:08:00.0390 0472 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/23 12:08:00.0437 0472 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/23 12:08:00.0468 0472 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/23 12:08:00.0531 0472 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/23 12:08:00.0578 0472 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/23 12:08:00.0625 0472 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/23 12:08:00.0671 0472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/23 12:08:00.0843 0472 nv (b79e623da3614cef319b03696e821ba9) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/23 12:08:01.0031 0472 nvsmu (e0f76fab86fec98778047d0c7c39cbb9) C:\WINDOWS\system32\DRIVERS\nvsmu.sys
2011/08/23 12:08:01.0093 0472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/23 12:08:01.0125 0472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/23 12:08:01.0171 0472 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/23 12:08:01.0218 0472 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/23 12:08:01.0234 0472 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/23 12:08:01.0281 0472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/23 12:08:01.0296 0472 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/23 12:08:01.0343 0472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/23 12:08:01.0359 0472 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/08/23 12:08:01.0546 0472 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/23 12:08:01.0593 0472 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/23 12:08:01.0625 0472 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/23 12:08:01.0656 0472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/23 12:08:01.0781 0472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/23 12:08:01.0828 0472 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/23 12:08:01.0843 0472 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/23 12:08:01.0875 0472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/23 12:08:01.0906 0472 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/23 12:08:01.0937 0472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/23 12:08:01.0984 0472 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/23 12:08:02.0062 0472 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/23 12:08:02.0140 0472 RTL8023xp (d6e1b1bd04fad422af17fc4b810cb9af) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2011/08/23 12:08:02.0203 0472 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/08/23 12:08:02.0250 0472 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/23 12:08:02.0312 0472 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/23 12:08:02.0343 0472 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/23 12:08:02.0406 0472 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/08/23 12:08:02.0484 0472 smserial (ce2e9d6b8c26c38779581cff1f14b65b) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/08/23 12:08:02.0546 0472 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/23 12:08:02.0593 0472 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/23 12:08:02.0625 0472 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/23 12:08:02.0703 0472 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/08/23 12:08:02.0750 0472 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/23 12:08:02.0781 0472 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/23 12:08:02.0890 0472 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/23 12:08:02.0937 0472 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/23 12:08:03.0000 0472 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/23 12:08:03.0031 0472 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/23 12:08:03.0078 0472 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/23 12:08:03.0171 0472 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/23 12:08:03.0218 0472 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/23 12:08:03.0281 0472 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/08/23 12:08:03.0343 0472 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/23 12:08:03.0406 0472 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/23 12:08:03.0421 0472 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/23 12:08:03.0453 0472 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/08/23 12:08:03.0578 0472 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/23 12:08:03.0593 0472 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/23 12:08:03.0640 0472 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/23 12:08:03.0687 0472 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/08/23 12:08:03.0734 0472 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/08/23 12:08:03.0765 0472 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/23 12:08:03.0796 0472 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/23 12:08:03.0859 0472 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/23 12:08:03.0953 0472 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/08/23 12:08:04.0000 0472 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/23 12:08:04.0093 0472 Boot (0x1200) (f9c204d4637f6649e32e2c15b19d8bdc) \Device\Harddisk0\DR0\Partition0
2011/08/23 12:08:04.0125 0472 Boot (0x1200) (f356ecc52b5e3853966ee45e838a156c) \Device\Harddisk0\DR0\Partition1
2011/08/23 12:08:04.0140 0472 ================================================================================
2011/08/23 12:08:04.0140 0472 Scan finished
2011/08/23 12:08:04.0140 0472 ================================================================================
2011/08/23 12:08:04.0140 3944 Detected object count: 2
2011/08/23 12:08:04.0140 3944 Actual detected object count: 2
2011/08/23 12:08:12.0796 3944 HiddenFile.Multi.Generic(cacd4295) - User select action: Skip
2011/08/23 12:08:12.0906 3944 MRxSmb (ac397967e75a08075e7cce6a7102f383) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/23 12:08:12.0906 3944 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\mrxsmb.sys) error 1813
2011/08/23 12:08:13.0515 3944 Backup copy found, using it..
2011/08/23 12:08:13.0546 3944 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys - will be cured after reboot
2011/08/23 12:08:13.0546 3944 Rootkit.Win32.ZAccess.c(MRxSmb) - User select action: Cure
2011/08/23 12:08:31.0671 3736 Deinitialize success


Report •

#7
August 23, 2011 at 18:37:33
Josef,

Please post the second TDSSKiller report, and, also, which report contained the information that follows?

file: C:\WINDOWS\system32\DRIVERS\ipsec.sys
MD5: 518d980950174fead090b4d1a62f2e17

C:\WINDOWS\2504183242:892517738.exe
8f2bb1827cac01aee6a16e30a1260199

~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

#8
August 23, 2011 at 20:09:02
✔ Best Answer
Josef,

Next step…

If you have run ComboFix before, please remove it from your computer!!

There is a new and updated version that you need to use:

Please download ComboFix:
http://download.bleepingcomputer.co...

** IMPORTANT- Save ComboFix.exe to your Desktop


>>Temporarily disable your AntiVirus and AntiSpyware programs, as they interfere with this tool and malware removal.<<

If you are unsure how to do this, please refer to How to Disable your Security Applications:
http://www.techsupportforum.com/sec...

XP users - Double click on ComboFix.exe and follow the prompts.

As part of it's process, ComboFix checks if the Microsoft Windows Recovery Console (RC) is installed. If not, it is strongly recommended you install the RC on your machine before doing any malware removal.

If needed, the RC allows the computer to boot up into a special recovery/repair mode.

Follow the prompts for ComboFix to download and install the Microsoft Windows Recovery Console.

Click on ‘Yes‘, to continue scanning.

When finished, ComboFix produces a log: C:\ComboFix.txt

Since this report can also be quite large, please go to the ‘Uploading’ website:
http://uploading.com/files/upload/

In: Select files to upload, click 'Browse', and 'Look in' the Desktop.
Select the ComboFix report, and click on 'Open'
You will see the following:
“Your file has been uploaded successfully: (Name and size of the file)”

Please copy the 'Download link', and provide it in your reply.

Notes:

1.Do not mouse-click the ComboFix window while it is running.
This action may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


~~~~
Retired - Doin' Dis, Dat, and slapping malware.
Malware Eliminator/ Member of UNITE


Report •

#9
August 24, 2011 at 05:38:19
Hello

this is the file

http://uploading.com/files/78f266a6...


thank you very much for help


Report •

#10
August 24, 2011 at 06:28:36
my machine is working correctly... it is amazing...

thank you very very much for help

it is really great

thank you


Report •


Ask Question