Search Results Redirected After Virus Removed

Dell / Latitude d430
April 10, 2010 at 14:20:09
Specs: Windows XP Pro SP3
About a month ago I got a Trojan Vundo virus on my computer, it was "successfully" removed by my company's IT department.Symptoms of the virus were browser crashing (Firefox and IE) and most importantly my exe file directory was deleted so I couldn't run any exe files. Recently while using Google or Yahoo my search results are being redirected. I'm not taken to ad sites but rather to sites related to to my search query, but not the page I requested. For instance I search for "Costa Rica Travel Information" and click on a link for a site with information and instead I am taken to Booking Buddy's Costa Rica page to book tickets.

I have installed and scanned my computer with Malwarebytes' Anti-Malware and Hijack This. My computer is protected by ESET Smart Security and Avast. Nothing is detecting any problems.

I'm a Marketing Director/SEO Specialist so it's rather annoying when I'm trying to do keyword research and am taken to incorrect pages. If I'm not careful my research can be based the wrong pages.

How can I get my search results to stop redirecting me? It seems to be happening more frequently, almost every time I click a link in the SERPs.


See More: Search Results Redirected After Virus Removed

Report •


#1
April 10, 2010 at 15:48:45
Run these scans and post their logs please.

Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt (do not zip just copy/paste)

Save both reports to your desktop then post them please.You may need to post in segments to get all the info to us as the logs may be to large to fit in one post.

Download TDSSKiller to your Desktop from the following link.

TDSSKiller

1. Extract the contents of TDSSKiller.zip to your Desktop.

2. Double click on TDSSKiller.exe to run it.

3. If it finds something and asks you what to do, follow the instructions to type in "delete".

4. When done, a log file should be created on your C: drive called TDSSKiller.txt(with time+date appended) please post this log in your next reply.


Report •

#2
April 11, 2010 at 11:13:15
'My computer is protected by ESET Smart Security and Avast. Nothing is detecting any problems.'

That is probably one of your biggest problems, you CANNOT use 2 anti-virus progs at the same time, they will conflict and not work properly. Uninstall one and use the other.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#3
April 11, 2010 at 15:35:03
@ XpUser4Real - I should have been more clear, I'm sorry. My computer was running Avast, I uninstalled it before installing and running ESET.

Here are the logs requested by jabuck:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Chris Wray at 18:07:37.37 on Sun 04/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.153 [GMT -4:00]

AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ACT\ACT for Win 7\Act.Outlook.Service.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Eraser\Eraser.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
svchost.exe
C:\XAMPP\apache\bin\httpd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\XAMPP\mysql\bin\mysqld.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\XAMPP\apache\bin\httpd.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe
C:\Documents and Settings\Chris Wray\Desktop\dds.scr
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

============== Pseudo HJT Report ===============

uStart Page = https://adwords.google.com/select/KeywordToolExternal
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070712
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - c:\program files\seoquake\SeoQuake.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: SeoQuake: {9c590067-8a6a-4db6-b052-069283790b04} - c:\program files\seoquake\SeoQuake.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Act.Outlook.Service] "c:\program files\act\act for win 7\Act.Outlook.Service.exe"
mRun: [Act! Preloader] "c:\program files\act\act for win 7\ActSage.exe" -preload
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Eraser] "c:\progra~1\eraser\Eraser.exe" --atRestart
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Sprint SmartView] "c:\program files\sprint\sprint smartview\SprintSV.exe" -a
mRun: [RDVCHG] "c:\program files\sprint\sprint smartview\RDVCHG.exe"
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\biolsp.dll
LSP: bmnet.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chrisw~1\applic~1\mozilla\firefox\profiles\kyrsmp8c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\chris wray\application data\mozilla\firefox\profiles\kyrsmp8c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\chris wray\application data\mozilla\firefox\profiles\kyrsmp8c.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - plugin: c:\documents and settings\chris wray\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {CC846775-794D-4C92-93C6-760AB7F4B48B} - c:\documents and settings\chris wray\local settings\application data\{CC846775-794D-4C92-93C6-760AB7F4B48B}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 587096]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2010-2-28 29416]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
S0 pekgj;pekgj;c:\windows\system32\drivers\opumhetm.sys --> c:\windows\system32\drivers\opumhetm.sys [?]
S0 rgdgx;rgdgx; [x]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for win 7\Act.Scheduler.exe [2009-8-24 81920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-3 135664]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\nsdriver.sys [2007-6-4 9344]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-9-3 280576]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-9-3 51456]
S3 cm_net;C-motech USB Network Adapter Drivers;c:\windows\system32\drivers\cm_net.sys [2010-3-23 112640]
S3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\drivers\cm_ser.sys [2010-3-23 103680]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-12 29744]

=============== Created Last 30 ================

2010-04-08 00:58:02 0 d-----w- c:\docume~1\chrisw~1\applic~1\PrimoPDF
2010-04-08 00:57:24 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2010-04-08 00:57:21 0 d-----w- c:\program files\Nitro PDF
2010-03-26 15:17:47 209192 ----a-w- c:\windows\system32\TABCTL32.OCX
2010-03-26 15:17:47 117507 ----a-w- c:\windows\system32\MSINET.OCX
2010-03-26 15:17:46 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-03-26 15:17:46 163096 ----a-w- c:\windows\system32\SPLITTER.OCX
2010-03-26 15:17:45 198656 ----a-w- c:\windows\system32\COMDLG32.OCX
2010-03-23 17:04:41 103680 ----a-r- c:\windows\system32\drivers\cm_ser32.sys
2010-03-23 17:04:41 103680 ----a-r- c:\windows\system32\drivers\cm_ser.sys
2010-03-23 17:04:23 112640 ----a-r- c:\windows\system32\drivers\cm_net32.sys
2010-03-23 17:04:23 112640 ----a-r- c:\windows\system32\drivers\cm_net.sys
2010-03-23 16:45:34 0 d-----w- c:\docume~1\chrisw~1\applic~1\Sprint
2010-03-23 16:45:18 17920 ----a-w- c:\windows\system32\apintfnt.dll
2010-03-23 16:45:06 28288 ----a-w- c:\windows\system32\drivers\swmsflt.sys
2010-03-23 16:45:06 0 d-----w- c:\docume~1\chrisw~1\applic~1\Sierra Wireless
2010-03-23 16:45:01 27072 ----a-w- c:\windows\system32\drivers\PCASp50.sys
2010-03-23 16:39:35 0 d-----w- c:\program files\Sierra Wireless
2010-03-23 16:39:27 0 d-----w- c:\program files\Novatel Wireless
2010-03-23 16:39:21 0 d-----w- c:\program files\Sprint
2010-03-23 16:39:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Sprint
2010-03-22 18:27:35 0 dc-h--w- c:\windows\ie8

==================== Find3M ====================

2010-03-11 15:10:32 94714794 ----a-w- C:\regback.reg
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-11 08:25:16 952 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-01-25 00:17:11 121308 ----a-w- c:\windows\HPHins15.dat
2009-09-24 13:23:17 56 --sh--r- c:\windows\system32\600994EC32.sys
2009-09-25 15:07:24 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 18:08:51.93 ===============


Report •

Related Solutions

#4
April 11, 2010 at 15:36:04
Attach file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/17/2007 11:32:54 AM
System Uptime: 4/9/2010 11:08:32 AM (55 hours ago)

Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz | Microprocessor | 789/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 74 GiB total, 51.88 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell Wireless 1390 WLAN Mini-Card
Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Manufacturer: Broadcom
Name: Dell Wireless 1390 WLAN Mini-Card
PNP Device ID: PCI\VEN_14E4&DEV_4311&SUBSYS_00071028&REV_01\4&AB208E&0&00E1
Service: BCM43XX

==== System Restore Points ===================

RP242: 1/14/2010 9:18:43 AM - Software Distribution Service 3.0
RP243: 1/19/2010 12:45:17 PM - System Checkpoint
RP244: 1/20/2010 11:52:40 AM - Software Distribution Service 3.0
RP245: 1/22/2010 5:18:43 PM - System Checkpoint
RP246: 1/22/2010 8:02:09 PM - Installed Windows XP -- Software Updates KB952011.
RP247: 1/23/2010 3:00:34 AM - Software Distribution Service 3.0
RP248: 1/24/2010 10:08:41 AM - System Checkpoint
RP249: 1/25/2010 3:29:21 PM - System Checkpoint
RP250: 1/28/2010 10:13:01 AM - Installed Windows Internet Explorer 8.
RP251: 1/28/2010 10:14:22 AM - Software Distribution Service 3.0
RP252: 1/29/2010 12:54:27 PM - System Checkpoint
RP253: 2/1/2010 11:20:34 AM - System Checkpoint
RP254: 2/2/2010 9:41:15 AM - Software Distribution Service 3.0
RP255: 2/3/2010 11:08:57 AM - System Checkpoint
RP256: 2/6/2010 12:09:05 PM - System Checkpoint
RP257: 2/7/2010 12:52:25 PM - System Checkpoint
RP258: 2/8/2010 1:08:53 PM - System Checkpoint
RP259: 2/11/2010 3:00:43 AM - Software Distribution Service 3.0
RP260: 2/12/2010 3:45:24 AM - System Checkpoint
RP261: 2/14/2010 1:08:31 PM - System Checkpoint
RP262: 2/15/2010 1:38:36 PM - System Checkpoint
RP263: 2/16/2010 4:59:59 PM - System Checkpoint
RP264: 2/16/2010 6:48:31 PM - Installed Eraser 6.0.6.1376
RP265: 2/19/2010 12:51:48 PM - System Checkpoint
RP266: 2/22/2010 11:49:15 AM - System Checkpoint
RP267: 2/23/2010 6:02:37 PM - System Checkpoint
RP268: 2/25/2010 1:51:02 PM - Software Distribution Service 3.0
RP269: 2/26/2010 3:43:10 PM - System Checkpoint
RP270: 2/27/2010 6:07:14 PM - System Checkpoint
RP271: 2/28/2010 6:24:01 PM - System Checkpoint
RP272: 3/1/2010 7:11:33 PM - System Checkpoint
RP273: 3/3/2010 10:45:52 AM - System Checkpoint
RP274: 3/4/2010 1:04:42 PM - Installed PowerMapper 5.0 Evaluation
RP275: 3/5/2010 6:05:50 PM - avast! Free Antivirus Setup
RP276: 3/5/2010 8:15:47 PM - Configured ACT! by Sage 2010
RP277: 3/9/2010 8:26:32 AM - avast! Free Antivirus Setup
RP278: 3/9/2010 11:23:41 AM - avast! Free Antivirus Setup
RP279: 3/9/2010 5:59:59 PM - avast! Free Antivirus Setup
RP280: 3/10/2010 6:25:19 PM - System Checkpoint
RP281: 3/11/2010 12:31:06 PM - Installed ESET Smart Security
RP282: 3/12/2010 3:00:20 AM - Software Distribution Service 3.0
RP283: 3/16/2010 3:16:03 PM - System Checkpoint
RP284: 3/17/2010 5:05:52 PM - System Checkpoint
RP285: 3/22/2010 2:29:25 PM - Installed Windows Internet Explorer 8.
RP286: 3/22/2010 2:30:45 PM - Software Distribution Service 3.0
RP287: 3/22/2010 3:26:18 PM - Software Distribution Service 3.0
RP288: 3/23/2010 12:39:06 PM - Installed Sprint SmartView.
RP289: 3/24/2010 1:50:24 PM - System Checkpoint
RP290: 3/25/2010 3:06:52 PM - System Checkpoint
RP291: 3/29/2010 7:33:32 PM - System Checkpoint
RP292: 3/30/2010 11:02:50 PM - System Checkpoint
RP293: 3/31/2010 3:00:17 AM - Software Distribution Service 3.0
RP294: 4/1/2010 10:27:30 AM - System Checkpoint
RP295: 4/2/2010 3:56:32 PM - System Checkpoint
RP296: 4/3/2010 5:28:23 PM - System Checkpoint
RP297: 4/4/2010 6:02:32 PM - System Checkpoint
RP298: 4/5/2010 10:46:42 PM - System Checkpoint
RP299: 4/7/2010 8:57:31 PM - Printer Driver PrimoPDF Installed
RP300: 4/9/2010 10:17:23 AM - System Checkpoint
RP301: 4/10/2010 11:22:11 AM - System Checkpoint

==== Installed Programs ======================

ACT! by Sage 2010
Ad-Aware 2007
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Standard
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Apple Application Support
Apple Mobile Device Support
Apple Software Update
biolsp patch
Bonjour
Broadcom ASF Management Applications
Broadcom Management Programs
Broadcom TPM Driver Installer
CamStudio
Canon PC1200/iC D700
CCleaner
Conexant HDA D330 MDC V.92 Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Embassy Trust Suite by Wave Systems
Dell Support 3.2.1
Dell Touchpad
Dell Wireless WLAN Card
Digital Line Detect
dj_sf_software_req
Document Manager Lite
Driver Detective
eFax Messenger 4.3
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
Eraser 6.0.6.1376
ESC Home Page Plugin
ESET Smart Security
ETS Upgrade
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google AdWords Editor
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet Printer Driver Software 9.0
HTML-Kit
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
KeePass Password Safe 2.10
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Basic 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Modem Diagnostic Tool
Mozilla Firefox (3.6.3)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NetWaiting
NTRU TCG Software Stack
O2Micro USB Smart Card Reader
OGA Notifier 2.0.0048.0
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 3
PowerDVD
PowerMapper 5.0 Evaluation
Preboot Manager
PrimoPDF -- by Nitro PDF Software
Private Information Manager
QuickSet
QuickTime
Rhapsody Player Engine
SearchAssist
Secure Update
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Security Wizards
Segoe UI
SeoQuake
SigmaTel Audio
Sprint SmartView
Toolbox
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
upekmsi
URL Assistant
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

4/9/2010 7:13:23 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the STacSV service.
4/9/2010 1:22:41 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/6/2010 7:40:07 AM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
4/5/2010 9:41:10 AM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 001BFCA780E6 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
4/4/2010 7:59:49 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================


Report •

#5
April 11, 2010 at 15:36:42
TDSSKiller:

18:17:03:468 3788 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
18:17:03:468 3788 ================================================================================
18:17:03:468 3788 SystemInfo:

18:17:03:468 3788 OS Version: 5.1.2600 ServicePack: 3.0
18:17:03:468 3788 Product type: Workstation
18:17:03:484 3788 ComputerName: DCP027D1
18:17:03:484 3788 UserName: Chris Wray
18:17:03:484 3788 Windows directory: C:\WINDOWS
18:17:03:484 3788 Processor architecture: Intel x86
18:17:03:484 3788 Number of processors: 2
18:17:03:484 3788 Page size: 0x1000
18:17:03:484 3788 Boot type: Normal boot
18:17:03:484 3788 ================================================================================
18:17:03:484 3788 UnloadDriverW: NtUnloadDriver error 2
18:17:03:484 3788 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:17:03:515 3788 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:17:03:515 3788 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:17:03:515 3788 wfopen_ex: Trying to KLMD file open
18:17:03:515 3788 wfopen_ex: File opened ok (Flags 2)
18:17:03:515 3788 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:17:03:515 3788 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:17:03:515 3788 wfopen_ex: Trying to KLMD file open
18:17:03:515 3788 wfopen_ex: File opened ok (Flags 2)
18:17:03:515 3788 Initialize success
18:17:03:515 3788
18:17:03:515 3788 Scanning Services ...
18:17:04:218 3788 Raw services enum returned 398 services
18:17:04:234 3788
18:17:04:234 3788 Scanning Kernel memory ...
18:17:04:234 3788 Devices to scan: 3
18:17:04:234 3788
18:17:04:234 3788 Driver Name: Disk
18:17:04:234 3788 IRP_MJ_CREATE : F7644BB0
18:17:04:234 3788 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:04:234 3788 IRP_MJ_CLOSE : F7644BB0
18:17:04:234 3788 IRP_MJ_READ : F763ED1F
18:17:04:234 3788 IRP_MJ_WRITE : F763ED1F
18:17:04:234 3788 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:04:234 3788 IRP_MJ_SET_INFORMATION : 804F4562
18:17:04:234 3788 IRP_MJ_QUERY_EA : 804F4562
18:17:04:234 3788 IRP_MJ_SET_EA : 804F4562
18:17:04:234 3788 IRP_MJ_FLUSH_BUFFERS : F763F2E2
18:17:04:234 3788 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:04:234 3788 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:04:234 3788 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:04:234 3788 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:04:234 3788 IRP_MJ_DEVICE_CONTROL : F763F3BB
18:17:04:234 3788 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7642F28
18:17:04:234 3788 IRP_MJ_SHUTDOWN : F763F2E2
18:17:04:234 3788 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:04:234 3788 IRP_MJ_CLEANUP : 804F4562
18:17:04:234 3788 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:04:234 3788 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:04:234 3788 IRP_MJ_SET_SECURITY : 804F4562
18:17:04:234 3788 IRP_MJ_POWER : F7640C82
18:17:04:234 3788 IRP_MJ_SYSTEM_CONTROL : F764599E
18:17:04:234 3788 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:04:234 3788 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:04:234 3788 IRP_MJ_SET_QUOTA : 804F4562
18:17:04:265 3788 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:17:04:265 3788
18:17:04:265 3788 Driver Name: Disk
18:17:04:265 3788 IRP_MJ_CREATE : F7644BB0
18:17:04:265 3788 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:04:265 3788 IRP_MJ_CLOSE : F7644BB0
18:17:04:265 3788 IRP_MJ_READ : F763ED1F
18:17:04:265 3788 IRP_MJ_WRITE : F763ED1F
18:17:04:265 3788 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_SET_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_EA : 804F4562
18:17:04:265 3788 IRP_MJ_SET_EA : 804F4562
18:17:04:265 3788 IRP_MJ_FLUSH_BUFFERS : F763F2E2
18:17:04:265 3788 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:04:265 3788 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:04:265 3788 IRP_MJ_DEVICE_CONTROL : F763F3BB
18:17:04:265 3788 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7642F28
18:17:04:265 3788 IRP_MJ_SHUTDOWN : F763F2E2
18:17:04:265 3788 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:04:265 3788 IRP_MJ_CLEANUP : 804F4562
18:17:04:265 3788 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:04:265 3788 IRP_MJ_SET_SECURITY : 804F4562
18:17:04:265 3788 IRP_MJ_POWER : F7640C82
18:17:04:265 3788 IRP_MJ_SYSTEM_CONTROL : F764599E
18:17:04:265 3788 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:04:265 3788 IRP_MJ_SET_QUOTA : 804F4562
18:17:04:265 3788 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:17:04:265 3788
18:17:04:265 3788 Driver Name: atapi
18:17:04:265 3788 IRP_MJ_CREATE : F744D6F2
18:17:04:265 3788 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:17:04:265 3788 IRP_MJ_CLOSE : F744D6F2
18:17:04:265 3788 IRP_MJ_READ : 804F4562
18:17:04:265 3788 IRP_MJ_WRITE : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_SET_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_EA : 804F4562
18:17:04:265 3788 IRP_MJ_SET_EA : 804F4562
18:17:04:265 3788 IRP_MJ_FLUSH_BUFFERS : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:17:04:265 3788 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:17:04:265 3788 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:17:04:265 3788 IRP_MJ_DEVICE_CONTROL : F744D712
18:17:04:265 3788 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7449852
18:17:04:265 3788 IRP_MJ_SHUTDOWN : 804F4562
18:17:04:265 3788 IRP_MJ_LOCK_CONTROL : 804F4562
18:17:04:265 3788 IRP_MJ_CLEANUP : 804F4562
18:17:04:265 3788 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_SECURITY : 804F4562
18:17:04:265 3788 IRP_MJ_SET_SECURITY : 804F4562
18:17:04:265 3788 IRP_MJ_POWER : F744D73C
18:17:04:265 3788 IRP_MJ_SYSTEM_CONTROL : F7454336
18:17:04:265 3788 IRP_MJ_DEVICE_CHANGE : 804F4562
18:17:04:265 3788 IRP_MJ_QUERY_QUOTA : 804F4562
18:17:04:265 3788 IRP_MJ_SET_QUOTA : 804F4562
18:17:04:281 3788 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
18:17:04:281 3788
18:17:04:281 3788 Completed
18:17:04:281 3788
18:17:04:281 3788 Results:
18:17:04:281 3788 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
18:17:04:281 3788 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:17:04:281 3788 File objects infected / cured / cured on reboot: 0 / 0 / 0
18:17:04:281 3788
18:17:04:281 3788 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:17:04:281 3788 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:17:04:281 3788 KLMD(ARK) unloaded successfully


Report •

#6
April 11, 2010 at 18:57:53

I can see two bad files. We may have to remove them manually but first lets see if Combofix will remove them.

Do you know what these items are in your Services, they are stopped but unusual:


S0 pekgj;pekgj;c:\windows\system32\drivers\opumhetm.sys --> c:\windows\system32\drivers\opumhetm.sys [?]
S0 rgdgx;rgdgx; [x]


Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 19.

Please download Combofix with internet explorer instead of any other browser if possible.

Remember..your Eset antivirus must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

#7
June 23, 2010 at 11:48:36
@ jabuck, I am having the same problem as MichelleLeeOV, although I do not know the origin of the problem... Shall I take the same preliminary diagnostic steps as outlined for her?

Thanks!


Report •

Ask Question