Mourning the loss of our friend, WhitPhil.
There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Malware Removal & HijackThis Logs
Tag Cloud
access audio black screen blue screen boot bsod connection crash desktop driver drivers dvd email error excel firefox hard drive hardware hijackthis internet keyboard laptop malware monitor motherboard network networking outlook problem processor ram recovery registry cleaner router safe mode screen slow sound spyware trojan upgrade video virus vista vundo windows windows 7 windows vista windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
Tdlwsp.dll won't go! (In Progress)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

View First Unread View First Unread  
Thread Tools
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
06-Nov-2009, 06:34 PM #1
Unhappy Tdlwsp.dll won't go!
i have a virus on my system called Tdlwsp.dll and it wont go. i really need to get rid of this. i have tried AVG (which only recognizes it but cannot delete it), Avast and Windows defender but it still won't go. can anyone help?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:27:44, on 06/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - *{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe oqrk.pso dkhsx
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\Tom\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\osbootpf.nsu"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WAB] C:\Documents and Settings\Tom\Application Data\Macromedia\Common\dfe1c07619.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Wireless Configuration Utility HW.15.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Adapter HW.15 V.1.00\WlanCU.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1201183267968
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://138.237.46.59/activex/AMC.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 14311 bytes
Register for free to hide this ad!
NeonFx's Avatar
NeonFx NeonFx is offline NeonFx is authorized to help remove malware.   NeonFx has a birthday soon! NeonFx has a Profile Picture
Senior Member with 1,777 posts.
  
Join Date: Oct 2008
Location: California, USA
06-Nov-2009, 08:33 PM #2
Hello there Welcome to the Tech Support Guy forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:


  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Step 1


NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop




  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.




**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please attach the log in your next post. To do so click on the blue "Reply" button or "Go Advanced" and click on the "Manage Attachments" button

To ensure that I get all the information this log will need to be attached. If it is too large to attach then upload it to Dropio and post the sharing link/url (The Drop's URL will be similar to : http:://drop.io/daerk)
__________________
Please post the final results, good or bad. Let me know if you won't be responding any longer.
If I have not responded in three days, please feel free to PM me with a friendly reminder.
Please don't send me requests for help. Use the forums instead.
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
21-Nov-2009, 04:30 PM #3
sorry for the late response, i've posted it in two parts. here it is:
ComboFix 09-11-20.05 - Tom 21/11/2009 19:04.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3071.2465 [GMT 0:00]
Running from: c:\documents and settings\Tom\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090919-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\desktop.ini
c:\documents and settings\Tom\Favorites\Download programs.url
c:\documents and settings\Tom\Favorites\Games.url
c:\documents and settings\Tom\Favorites\Translator.url
c:\documents and settings\Tom\Favorites\Videos.url
c:\documents and settings\Tom\Local Settings\Temporary Internet Files\mcc2F.tmp
c:\documents and settings\Tom\Local Settings\Temporary Internet Files\mcc75.tmp
c:\documents and settings\Tom\Start Menu\Programs\Download programs.url
c:\documents and settings\Tom\Start Menu\Programs\Games.url
c:\documents and settings\Tom\Start Menu\Programs\Security Tool.lnk
c:\documents and settings\Tom\Start Menu\Programs\Translator.url
c:\documents and settings\Tom\Start Menu\Programs\Videos.url
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\temp\vtmp2
c:\temp\vtmp2\ktnv33.log
c:\windows\Install.txt
c:\windows\rasqervy.dll
c:\windows\sdfinacs.dll
c:\windows\sdfixwcs.dll
c:\windows\system32\BReWErS.dll
c:\windows\system32\config\systemprofile\Application Data\Macromedia\Common
c:\windows\system32\config\systemprofile\Start Menu\Programs\Security Tool.lnk
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Install.txt
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\tdlcmd.dll
c:\windows\system32\tmp73.tmp
c:\windows\system32\tmp74.tmp
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
F:\Autorun.inf
F:\install.exe

Infected copy of c:\windows\system32\DRIVERS\nvgts.sys was found and disinfected
Restored copy from - Kitty ate it
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.
2009-11-21 18:55 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\drivers\atapi.sys
2009-11-21 18:55 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-18 17:56 . 2009-11-21 18:52 12800 ----a-w- c:\windows\system32\tdlclk.dll
2009-11-17 15:38 . 2009-11-17 15:39 -------- d-----w- c:\program files\iTunes
2009-11-17 15:32 . 2009-11-17 15:32 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-15 19:30 . 2009-11-15 19:30 -------- d-----w- c:\program files\Mouse fix
2009-11-14 23:21 . 2009-11-14 23:21 -------- d-----w- c:\documents and settings\Tom\Application Data\Malwarebytes
2009-11-14 23:21 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 23:21 . 2009-11-14 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 23:21 . 2009-11-14 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-14 23:21 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-13 17:10 . 2009-11-13 18:00 117760 ----a-w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-13 17:09 . 2009-11-13 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-13 17:08 . 2009-11-13 17:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-13 17:08 . 2009-11-13 17:08 -------- d-----w- c:\documents and settings\Tom\Application Data\SUPERAntiSpyware.com
2009-11-12 15:24 . 2009-11-21 16:09 -------- d-----w- c:\program files\Steam
2009-11-12 15:22 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-11-12 15:22 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-11-12 15:22 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-11-12 15:22 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-11-12 15:22 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-11-12 15:22 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-11-12 15:22 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-11-08 13:58 . 2009-11-08 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2009-11-08 13:57 . 2009-11-08 13:57 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\Citrix
2009-11-08 13:57 . 2009-11-08 13:57 61480 ----a-w- c:\documents and settings\Tom\GoToAssistDownloadHelper.exe
2009-11-06 23:26 . 2009-11-06 23:26 -------- d-----w- c:\program files\Trend Micro
2009-11-06 20:19 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-06 20:13 . 2009-11-06 20:13 -------- d-----w- c:\program files\Windows Defender
2009-11-06 15:49 . 2009-10-25 13:55 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-05 21:58 . 2009-11-08 16:20 -------- d-----w- c:\documents and settings\Tom\Local Settings\Application Data\AskToolbar
2009-11-04 16:34 . 2009-11-04 16:34 21419 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-04 16:33 . 2009-11-04 16:33 -------- d-----w- c:\program files\802.11 Wireless LAN
2009-11-02 19:51 . 2009-11-02 20:10 -------- d-----w- c:\program files\Cheat Engine
2009-11-02 15:28 . 2009-10-25 13:55 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-01 10:50 . 2009-11-01 10:50 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Office Genuine Advantage
2009-10-31 22:17 . 2009-11-06 19:15 -------- d-----w- c:\program files\Ask.com
2009-10-31 20:05 . 2009-10-31 20:05 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-31 20:04 . 2009-10-31 20:04 -------- d-----w- c:\program files\real
2009-10-26 11:59 . 2009-10-26 11:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-26 02:07 . 2009-10-26 02:07 -------- d-----w- c:\documents and settings\Tom\Application Data\Jasc
2009-10-26 02:06 . 2009-10-26 02:06 -------- d-----w- c:\program files\Jasc Software Inc
2009-10-25 20:59 . 2009-10-25 20:59 3584 ----a-r- c:\documents and settings\Tom\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-10-25 20:59 . 2009-10-25 20:59 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-23 17:39 . 2009-11-17 15:38 -------- d-----w- c:\program files\iPod
2009-10-23 17:39 . 2009-10-23 17:39 -------- d-----w- c:\program files\QuickTime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 21:09 . 2009-06-04 21:13 4536608 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-21 21:01 . 2009-06-04 21:13 96149792 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-21 19:23 . 2009-06-04 21:13 429320 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-21 19:23 . 2009-06-04 21:13 1291472 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-21 19:23 . 2009-04-06 23:08 3887208 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-21 17:46 . 2008-08-09 10:59 -------- d-----w- c:\documents and settings\Tom\Application Data\DMCache
2009-11-21 17:32 . 2009-11-01 01:09 5632 --sha-w- c:\program files\Thumbs.db
2009-11-21 17:28 . 2009-04-05 20:54 -------- d-----w- c:\documents and settings\Tom\Application Data\uTorrent
2009-11-21 15:31 . 2009-05-28 19:56 -------- d-----w- c:\program files\MSECACHE
2009-11-17 15:38 . 2008-03-02 11:20 -------- d-----w- c:\program files\Common Files\Apple
2009-11-16 18:15 . 2008-04-12 16:14 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-14 23:01 . 2008-10-06 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-13 21:30 . 2009-09-01 18:42 -------- d-----w- c:\program files\Temp
2009-11-13 17:08 . 2008-09-28 10:14 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 16:47 . 2008-01-24 13:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-11 19:09 . 2009-02-13 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-11 17:36 . 2008-03-28 15:02 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-11-11 16:50 . 2008-06-28 17:42 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-11-06 20:44 . 2009-09-02 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-01 10:32 . 2009-04-05 20:54 -------- d-----w- c:\program files\uTorrent
2009-10-31 22:17 . 2009-04-05 20:10 -------- d-----w- c:\program files\BitComet
2009-10-31 20:05 . 2008-03-24 19:22 -------- d-----w- c:\program files\Common Files\Real
2009-10-31 11:33 . 2008-03-02 11:25 73984 -c--a-w- c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 14:04 . 2009-02-13 22:38 -------- d-----w- c:\program files\Microsoft Works
2009-10-27 21:28 . 2009-04-09 09:37 -------- d-----w- c:\program files\Xvid
2009-10-27 21:28 . 2009-04-02 18:38 -------- d-----w- c:\program files\WorldOfGoo
2009-10-27 21:28 . 2008-01-25 09:44 -------- d-----w- c:\program files\Windows Media Connect 2
2009-10-27 21:28 . 2009-05-09 23:15 -------- d-----w- c:\program files\RegCure
2009-10-27 21:28 . 2009-04-09 09:37 -------- d-----w- c:\program files\AoA DVD Ripper
2009-10-27 21:28 . 2009-05-30 10:59 -------- d-----w- c:\program files\Heli Traffic 2009
2009-10-27 21:28 . 2008-03-27 19:23 -------- d-----w- c:\program files\Incomplete
2009-10-27 21:28 . 2008-10-29 09:50 -------- d-----w- c:\program files\FlashGet
2009-10-26 16:54 . 2009-02-18 16:30 588392 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-25 19:53 . 2009-06-28 11:54 58884 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-24 21:51 . 2008-06-27 19:25 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-21 15:49 . 2009-10-21 15:49 -------- d-----w- c:\documents and settings\Tom\Application Data\Mael
2009-10-21 15:40 . 2009-10-21 15:40 -------- d-----w- c:\program files\HxD
2009-10-18 16:22 . 2009-10-18 16:22 -------- d-----w- c:\documents and settings\Tom\Application Data\Flight One Software
2009-10-18 15:26 . 2009-10-18 15:26 1032192 ----a-w- c:\documents and settings\Tom\Application Data\Mozilla\Firefox\Profiles\ucsn8dxp.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-10-14 15:38 . 2009-09-24 20:25 -------- d-----w- c:\documents and settings\Tom\Application Data\IDM
2009-10-08 21:59 . 2009-09-26 17:27 -------- d-----w- c:\program files\Registry Easy
2009-10-08 20:13 . 2008-09-28 11:18 -------- d-----w- c:\program files\NVIDIA Corporation
2009-10-06 18:54 . 2009-02-18 16:41 5922816 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-10-06 16:34 . 2009-02-18 16:40 18750976 ----a-w- c:\windows\RTHDCPL.EXE
2009-10-06 07:12 . 2007-01-29 16:27 823936 ----a-w- c:\windows\system32\drivers\rtl8185.sys
2009-10-02 14:41 . 2009-10-02 14:41 -------- d-----w- c:\documents and settings\Tom\Application Data\Office Genuine Advantage
2009-09-29 18:38 . 2009-06-20 19:44 352256 ----a-w- c:\windows\vncutil.exe
2009-09-28 19:49 . 2009-09-28 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-28 15:08 . 2008-08-16 12:44 -------- d-----w- c:\program files\Yahoo!
2009-09-28 15:08 . 2009-09-28 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-27 18:22 . 2009-09-27 18:22 -------- d-----w- c:\program files\BTHomeHub
2009-09-25 15:17 . 2008-08-06 23:24 -------- d-----w- c:\documents and settings\Tom\Application Data\Media Player Classic
2009-09-25 14:34 . 2009-09-25 14:33 198064 ----a-w- c:\documents and settings\Tom\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2009-09-25 14:34 . 2009-01-29 18:31 -------- d-----w- c:\program files\Internet Download Manager
2009-09-23 16:41 . 2009-09-23 16:41 8704 ----a-w- c:\documents and settings\Tom\cpuxp.sys
2009-09-23 16:17 . 2008-05-22 14:34 -------- d-----w- c:\documents and settings\Tom\Application Data\Skype
2009-09-23 15:39 . 2008-05-22 14:42 -------- d-----w- c:\documents and settings\Tom\Application Data\skypePM
2009-09-22 18:45 . 2008-01-25 10:01 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-21 16:47 . 2009-06-20 19:44 41472 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-09-11 14:18 . 2004-08-03 23:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-05-04 11:48 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-03 21:37 . 2009-09-03 21:32 6110 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2009-09-03 21:37 . 2009-09-03 21:37 67021 ----a-w- c:\windows\BricoPackUninst.cmd
2009-09-03 21:36 . 2004-08-03 23:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-09-02 21:36 . 2009-09-02 21:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-02 21:36 . 2009-09-02 21:36 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-02 21:36 . 2009-09-02 21:36 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 21:36 . 2009-09-02 21:36 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 10:58 . 2009-09-20 11:40 1107200 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-08-29 07:36 . 2004-08-03 23:56 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2009-07-11 11:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-27 12:57 . 2009-07-18 17:21 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-08-26 08:00 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-05-01 21:16 . 2009-05-01 21:16 61 --sh--w- c:\windows\cnerolf.bin
.
------- Sigcheck -------

[-] 2009-06-03 . 7EE936A57B5901D6B1C4AF9A9E6C500A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2009-06-03 . 7EE936A57B5901D6B1C4AF9A9E6C500A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 14:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-08-18 106496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2028312]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-12 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-31 198160]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-10-06 18750976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-09-19 21:12 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 21:36 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^My applications^Tibia Client.exe]
backup=c:\windows\pss\Tibia Client.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Configuration Utility HW.15.lnk]
backup=c:\windows\pss\Wireless Configuration Utility HW.15.lnkCommon Startup
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Wireless Configuration Utility HW.15.lnk

[HKLM\~\startupfolder\C:^Documents and Settings^Tom^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Virus PLUS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=2 (0x2)
"GoToAssist"=2 (0x2)
".norton2009Reset"=2 (0x2)
"usnjsvc"=2 (0x2)
"IDriverT"=3 (0x3)
"UpdateCenterService"=2 (0x2)
"prfldsvc"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"McciCMService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"f:\\Call Of Duty Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"f:\\Call of Duty WAW\\CoDWaWmp.exe"=
"c:\\Documents and Settings\\Tom\\My Documents\\My Games saves\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 2\\iw4mp.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [21/03/2009 20:30 114768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/09/2009 21:36 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/09/2009 21:36 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/03/2009 20:30 20560]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/09/2009 21:36 297752]
R2 Prvflder;Prvflder;c:\windows\system32\drivers\prvflder.sys [21/04/2006 07:22 70912]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [27/12/2008 17:40 17152]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [04/10/2008 07:42 22784]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [03/12/2008 22:28 4224]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18/02/2009 16:40 1684736]
S3 cpuxp;cpuxp;c:\documents and settings\Tom\cpuxp.sys [23/09/2009 16:41 8704]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 7408]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [06/04/2009 12:19 23064]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [02/10/2002 09:57 13532]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [28/07/2008 23:12 210216]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28/01/2008 09:14 721904]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder

2009-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1383384898-2147175445-1003Core.job
- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:38]

2009-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725345543-1383384898-2147175445-1003UA.job
- c:\documents and settings\Tom\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 19:38]

2009-11-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-11-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2009-11-21 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 08:20]

2009-07-05 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 08:20]

2009-11-14 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-09-26 15:43]

2009-11-21 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 14:56]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.bt.com/gta
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\idmmbc.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://138.237.46.59/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
HKLM-Run-81640726 - c:\docume~1\ALLUSE~1\APPLIC~1\81640726\81640726.exe
MSConfigStartUp-Comrade - (no file)
AddRemove-Aircraft Factory F4u Corsair - f:\micros~3\\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
21-Nov-2009, 04:31 PM #4
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-725345543-1383384898-2147175445-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-725345543-1383384898-2147175445-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14FF0484-2225-1D25-13C3-AAC73DB4B65B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abpipjcgpeajimlehbldlbmcbmfchhfbfb"=hex:65,62,70,69,6f,68,6e,6a,69,70,6c,6 c,
69,68,6a,64,6a,6f,64,69,6a,68,6a,65,70,6a,70,63,61,6b,68,6a,62,64,65,6e,6e, \
"bbpipjcgpeajimlehbgdccoaipdegmcimclm"=hex:61,62,63,64,6c,6f,6f,6a,61,65,6e ,70,
6d,61,65,6f,6f,66,6a,6a,69,61,66,63,65,65,6f,69,67,63,6b,67,6f,6a,00,6e

[HKEY_USERS\S-1-5-21-725345543-1383384898-2147175445-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8a,fc,34,80,7e,87,8b,38,b4,ff,f7,f2,61,cf,0d,0d,a1,16,91,9e,51,83, ea,
6f,9f,1e,c0,59,b8,18,50,5a,da,37,b6,38,82,bc,98,77,39,a9,f0,20,b4,31,c4,b8, \
"??"=hex:25,65,bb,27,8b,92,55,34,10,3f,d9,49,2f,0e,31,37

[HKEY_USERS\S-1-5-21-725345543-1383384898-2147175445-1003\Software\SecuROM\License information*]
"datasecu"=hex:90,4f,ff,89,3d,a3,23,02,4e,01,39,af,a5,a0,91,04,c6,e4,58,ce, f0,
ac,91,a9,85,06,f7,69,b6,30,b4,0d,56,0d,38,bb,48,6c,07,16,b9,cd,5f,fc,c1,5e, \
"rkeysecu"=hex:fc,c0,7e,17,05,7d,fc,b5,1a,af,54,29,89,3b,60,32

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):f9,0b,34,a4,4c,82,b8,c5,dd,cd,ca,81,0e,97,ef,1f,c1,fd,7f,bb ,f8,
67,ee,03,ff,27,d3,fa,62,a5,4f,21,91,f6,d1,34,0f,73,12,cf,00,00,00,00,00,00, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{65117192-79ea-4fbb-a7a9-9d2f21292b4c}]
@Denied: (Full) (Everyone)
"Model"=dword:00000123
"Therad"=dword:0000002d
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81, 26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):b4,2d,cc,e5,d1,92,51,b0,21,48,17,e4,1f,eb,dd,34,75,6e,75,15 ,d5,
2f,07,22,95,52,21,8a,79,a7,78,03,69,82,a7,58,08,43,d5,f3,00,00,00,00,00,00, \

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f4e7ddaf-a7b5-437f-903d-af997877dbc2}]
@Denied: (Full) (Everyone)
"Model"=dword:00000067
"Therad"=dword:0000000f
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc, 5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,0c,b3,1d,9e,a2,08,6f,a3,74,fe,7e,25,5f,c0, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Citrix\GoToAssist\570\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\idmmbc.dll

- - - - - - - > 'explorer.exe'(656)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\idmmbc.dll
c:\program files\Microsoft Private Folder 1.0\ShellExt.dll
c:\windows\system32\PFLib.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
f:\spybot~1\SDHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\progra~1\mcafee\SITEAD~1\mcieplg.dll
c:\program files\Ask.com\GenericAskToolbar.dll
c:\windows\system32\mmfinfo.dll
c:\windows\system32\mkunicode.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\netdde.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\locator.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\tlntsvr.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2009-11-21 21:20 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 21:19

Pre-Run: 116,194,099,200 bytes free
Post-Run: 116,411,695,104 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
- - End Of File - - 20A3039B198A76A2049270D5C00A8F4D
NeonFx's Avatar
NeonFx NeonFx is offline NeonFx is authorized to help remove malware.   NeonFx has a birthday soon! NeonFx has a Profile Picture
Senior Member with 1,777 posts.
  
Join Date: Oct 2008
Location: California, USA
21-Nov-2009, 05:10 PM #5
Good Job. Please do the following:

STEP 1

Please uninstall the following by going to Start > Control Panel > Add/Remove Programs

Ask ToolBar

STEP 2

1. Close any open open programs before running the fix.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the codebox below into it:

Code:
KillAll::

FCopy::
c:\windows\ServicePackFiles\i386\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
c:\windows\ServicePackFiles\i386\tcpip.sys | c:\windows\system32\dllcache\tcpip.sys

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ParetoLogic Anti-Virus PLUS]

File::
d:\ntglm7x.sys
C:\Windows\btwsrv.dll
C:\Windows\System32\btwsrv.dll
c:\windows\system32\tdlclk.dll
c:\windows\system32\tdlwsp.dll

Driver::
BtwSrv
SetupNTGLM7X

NetSvc::
BtwSrv

Folder::
c:\docume~1\ALLUSE~1\APPLIC~1\81640726
c:\program files\Ask.com
c:\documents and settings\Tom\Local Settings\Application Data\AskToolbar

RegLock::
[HKEY_USERS\S-1-5-21-725345543-1383384898-2147175445-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

RegLockDel::
[HKEY_USERS\S-1-5-21-725345543-1383384898-2147175445-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{14FF0484-2225-1D25-13C3-AAC73DB4B65B}*]
NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

You can attach it instead of copy and pasting it by clicking on either the blue Reply button or the Go Advanced button and then on the "Manage Attachments" button.
__________________
Please post the final results, good or bad. Let me know if you won't be responding any longer.
If I have not responded in three days, please feel free to PM me with a friendly reminder.
Please don't send me requests for help. Use the forums instead.
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
21-Nov-2009, 07:19 PM #6
i have attached the new log.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
NeonFx's Avatar
NeonFx NeonFx is offline NeonFx is authorized to help remove malware.   NeonFx has a birthday soon! NeonFx has a Profile Picture
Senior Member with 1,777 posts.
  
Join Date: Oct 2008
Location: California, USA
21-Nov-2009, 07:24 PM #7
Good. That should have fixed the problem. I see you have MalwareBytes installed so let's run a full scan with it. I want to see if there's something I missed.

STEP 1

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean


STEP 2

Run MalwareBytes AntiMalware

  • Update it by clicking on the Update tab and then on the button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan. Scan all of your harddrives.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
__________________
Please post the final results, good or bad. Let me know if you won't be responding any longer.
If I have not responded in three days, please feel free to PM me with a friendly reminder.
Please don't send me requests for help. Use the forums instead.
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
21-Nov-2009, 10:19 PM #8
i think its back
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log.
NeonFx's Avatar
NeonFx NeonFx is offline NeonFx is authorized to help remove malware.   NeonFx has a birthday soon! NeonFx has a Profile Picture
Senior Member with 1,777 posts.
  
Join Date: Oct 2008
Location: California, USA
22-Nov-2009, 01:19 AM #9
Why do you think it's back? Are you still being redirected?
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
22-Nov-2009, 06:15 AM #10
Posted via Mobile Device
tombayly13's Avatar
Computer Specs
Junior Member with 7 posts.
  
Join Date: Nov 2009
Experience: Intermediate
22-Nov-2009, 06:16 AM #11
Because it said in the log that it found tdlcmd
NeonFx's Avatar
NeonFx NeonFx is offline NeonFx is authorized to help remove malware.   NeonFx has a birthday soon! NeonFx has a Profile Picture
Senior Member with 1,777 posts.
  
Join Date: Oct 2008
Location: California, USA
22-Nov-2009, 02:03 PM #12
It's not back. If you'll notice it's in our Quarantine folder Which means we already took care of it.

Let's do the following to make absolutely sure you're clean. The online scan will take a while but it's well worth it as it can often find things all other scanners will miss.

STEP 1

The online scanner uses Java, so I will need you to download and install the latest version for that.

Please go here to download the installer:

http://java.com/en/download/index.jsp

Reboot your machine when that's done.


STEP 2

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.



2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.


The program will then begin downloading and installing and will also update the database.


Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
__________________
Please post the final results, good or bad. Let me know if you won't be responding any longer.
If I have not responded in three days, please feel free to PM me with a friendly reminder.
Please don't send me requests for help. Use the forums instead.
Reply Bookmark and Share

Tags
tdlwsp.dll

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 06:12 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.