1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Computer has Virus that redirects brower to misc search sites. HELP

Discussion in 'Virus & Other Malware Removal' started by kaatn55, Jan 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    My computer (running XP) will not allow me to see searched content and redirects me to misc search sites. Also I get a Win32 host error and finally my computer locks up. Below are the required files for hijackthis and GEM. I could not get the DDS to finish running so that I get a log to post. Please help.

    hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:55:37 AM, on 1/23/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\lxdfcoms.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Toshiba\IVP\swupdate\swupdtmr.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Toshiba\Tvs\TvsTray.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    C:\Program Files\Lexmark 6500 Series\lxdfamon.exe
    C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\WINDOWS\system32\RAMASST.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Teleca Shared\logger.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Documents and Settings\Jeff\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [ZoomingHook] ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IA.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX700 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IA.EXE /P40 "EPSON Stylus Photo RX700 Series (Copy 1)" /O6 "USB003" /M "Stylus Photo RX700"
    O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    O4 - HKLM\..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AS00_WN511B] C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe -hide
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Program Files\Lexmark 6500 Series\lxdfmon.exe"
    O4 - HKLM\..\Run: [lxdfamon] "C:\Program Files\Lexmark 6500 Series\lxdfamon.exe"
    O4 - HKLM\..\Run: [AgentMonitor] "C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Jeff\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
    O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Philips GoGear VIBE Device Manager.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie.htm
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ANYCOM\Blue USB-200-250\bin\btwdins.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe
    O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    --
    End of file - 14690 bytes


    GEM Log or ark.txt:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-23 11:28:48
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK1032GAX rev.AB211A
    Running: GMER tool.exe; Driver: C:\DOCUME~1\Jeff\LOCALS~1\Temp\pxtdypoc.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 28: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 35: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 38: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 44: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 48: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 52: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 55: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    ---- Devices - GMER 1.0.15 ----
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8A2F439B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8A2F439B
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8A2F439B
    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK1032GAX_______________________AB211A__#5&3a7d3c33&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    ---- EOF - GMER 1.0.15 ----
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    uninstall AVG & then

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds & then reboot

    post back with its log

    then

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Here or Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues
     
  3. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    I tried to run combofix on my PC but it locks up or freezes during the search phase for malware. I waited for 40 minutes and notice there was no hard drive action so I do not have a report to post. During running the tdss killer application it came up with the following virus

    Rootkit.Win32.TDSS.tdl4

    I cure this and then ran it again to check and below is the log after that scan.

    The computer runs better and I do not have the redirect action when doing a search in a browser either internet explorer or firefox.

    My PC seems to be running a little slower so is there anything else that you suggest to help fixing this problem as well as the combofix running issue.

    Thank you for the help so far, it is much appreciated.

    Jeff

    2011/01/24 20:47:19.0328 TDSS rootkit removing tool 2.4.15.0 Jan 22 2011 19:37:53
    2011/01/24 20:47:19.0328 ================================================================================
    2011/01/24 20:47:19.0328 SystemInfo:
    2011/01/24 20:47:19.0328
    2011/01/24 20:47:19.0328 OS Version: 5.1.2600 ServicePack: 3.0
    2011/01/24 20:47:19.0328 Product type: Workstation
    2011/01/24 20:47:19.0328 ComputerName: JMULLER
    2011/01/24 20:47:19.0328 UserName: Jeff
    2011/01/24 20:47:19.0328 Windows directory: C:\WINDOWS
    2011/01/24 20:47:19.0328 System windows directory: C:\WINDOWS
    2011/01/24 20:47:19.0328 Processor architecture: Intel x86
    2011/01/24 20:47:19.0328 Number of processors: 1
    2011/01/24 20:47:19.0328 Page size: 0x1000
    2011/01/24 20:47:19.0328 Boot type: Normal boot
    2011/01/24 20:47:19.0328 ================================================================================
    2011/01/24 20:47:19.0468 Initialize success
    2011/01/24 20:47:52.0890 ================================================================================
    2011/01/24 20:47:52.0890 Scan started
    2011/01/24 20:47:52.0890 Mode: Manual;
    2011/01/24 20:47:52.0890 ================================================================================
    2011/01/24 20:47:53.0453 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/01/24 20:47:53.0484 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    2011/01/24 20:47:53.0546 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2011/01/24 20:47:53.0609 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    2011/01/24 20:47:53.0671 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2011/01/24 20:47:53.0734 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
    2011/01/24 20:47:53.0828 AgereSoftModem (029e01cb2938bec5af31bf47b6af0159) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
    2011/01/24 20:47:54.0046 ALCXWDM (95aa37bec6c72c277c2caeaee736dd2d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    2011/01/24 20:47:54.0265 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
    2011/01/24 20:47:54.0328 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    2011/01/24 20:47:54.0453 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    2011/01/24 20:47:54.0531 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/01/24 20:47:54.0593 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    2011/01/24 20:47:54.0656 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/01/24 20:47:54.0718 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/01/24 20:47:54.0781 AWINDIS5 (f62b70d3209e38a6c19a03109a25b903) C:\WINDOWS\system32\AWINDIS5.SYS
    2011/01/24 20:47:54.0875 BCM43XX (164a0ac9ef86ef4b9c5bc6081f9acbeb) C:\WINDOWS\system32\DRIVERS\wn511b.sys
    2011/01/24 20:47:54.0953 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/01/24 20:47:55.0031 btaudio (f9457b95d98e5dda90f8efca98a1c7fa) C:\WINDOWS\system32\drivers\btaudio.sys
    2011/01/24 20:47:55.0140 BTDriver (3944041e640710afffaec52b7957ef5d) C:\WINDOWS\system32\DRIVERS\btport.sys
    2011/01/24 20:47:55.0218 BTKRNL (62c53cc7d8fc4848bb7a492faa2edef4) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
    2011/01/24 20:47:55.0281 BTWDNDIS (054ee206461237e3399708ea4543138f) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
    2011/01/24 20:47:55.0312 btwhid (c5f44dd7c7c8dbe4a78fce6a42e6d12f) C:\WINDOWS\system32\DRIVERS\btwhid.sys
    2011/01/24 20:47:55.0375 btwmodem (5ed3735f8538f637c350d2d6bdb95543) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
    2011/01/24 20:47:55.0406 BTWUSB (8fe038caf82e18260e8230a9bb8b98ab) C:\WINDOWS\system32\Drivers\btwusb.sys
    2011/01/24 20:47:55.0468 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
    2011/01/24 20:47:55.0515 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/01/24 20:47:55.0562 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/01/24 20:47:55.0625 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/01/24 20:47:55.0687 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/01/24 20:47:55.0750 cdrbsdrv (351735695e9ead93de6af85d8beb1ca8) C:\WINDOWS\system32\drivers\cdrbsdrv.sys
    2011/01/24 20:47:55.0781 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/01/24 20:47:55.0859 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2011/01/24 20:47:55.0906 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2011/01/24 20:47:56.0031 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/01/24 20:47:56.0093 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/01/24 20:47:56.0218 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2011/01/24 20:47:56.0250 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/01/24 20:47:56.0296 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/01/24 20:47:56.0375 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/01/24 20:47:56.0421 drvmcdb (96bc8f872f0270c10edc3931f1c03776) C:\WINDOWS\system32\drivers\drvmcdb.sys
    2011/01/24 20:47:56.0453 drvnddm (5afbec7a6ac61b211633dfdb1d9e0c89) C:\WINDOWS\system32\drivers\drvnddm.sys
    2011/01/24 20:47:56.0531 EMSCR (d3d0ef132eb8f7351e0f6e8072e26331) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
    2011/01/24 20:47:56.0562 ESDCR (fcf25b9eb1876dbb3efe13baf37b7bf8) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
    2011/01/24 20:47:56.0593 ESMCR (7cec9e3a81142ea0294f2abba0b0a846) C:\WINDOWS\system32\DRIVERS\ESM7SK.sys
    2011/01/24 20:47:56.0671 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/01/24 20:47:56.0718 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2011/01/24 20:47:56.0750 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2011/01/24 20:47:56.0781 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2011/01/24 20:47:56.0812 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    2011/01/24 20:47:56.0875 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/01/24 20:47:56.0921 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/01/24 20:47:56.0984 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/01/24 20:47:57.0015 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/01/24 20:47:57.0062 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/01/24 20:47:57.0203 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    2011/01/24 20:47:57.0281 HTCAND32 (203e078b915eb67e100c972f9d337250) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
    2011/01/24 20:47:57.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/01/24 20:47:57.0453 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/01/24 20:47:57.0515 ialm (d4405bd2b6e95efdc8e674ed4032874f) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    2011/01/24 20:47:57.0562 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/01/24 20:47:57.0625 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    2011/01/24 20:47:57.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/01/24 20:47:57.0703 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    2011/01/24 20:47:57.0750 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/01/24 20:47:57.0796 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/01/24 20:47:57.0843 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/01/24 20:47:57.0890 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/01/24 20:47:57.0937 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/01/24 20:47:57.0968 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/01/24 20:47:58.0015 Iviaspi (f59c3569a2f2c464bb78cb1bdcdca55e) C:\WINDOWS\system32\drivers\iviaspi.sys
    2011/01/24 20:47:58.0078 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
    2011/01/24 20:47:58.0109 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/01/24 20:47:58.0140 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/01/24 20:47:58.0171 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/01/24 20:47:58.0265 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/01/24 20:47:58.0375 meiudf (7efac183a25b30fb5d64cc9d484b1eb6) C:\WINDOWS\system32\Drivers\meiudf.sys
    2011/01/24 20:47:58.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/01/24 20:47:58.0468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2011/01/24 20:47:58.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/01/24 20:47:58.0562 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/01/24 20:47:58.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/01/24 20:47:58.0671 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/01/24 20:47:58.0750 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/01/24 20:47:58.0796 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/01/24 20:47:58.0843 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/01/24 20:47:58.0875 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/01/24 20:47:58.0906 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/01/24 20:47:58.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/01/24 20:47:59.0000 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/01/24 20:47:59.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/01/24 20:47:59.0093 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/01/24 20:47:59.0125 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/01/24 20:47:59.0171 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/01/24 20:47:59.0203 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/01/24 20:47:59.0250 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/01/24 20:47:59.0453 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/01/24 20:47:59.0562 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/01/24 20:47:59.0640 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/01/24 20:47:59.0687 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/01/24 20:47:59.0765 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    2011/01/24 20:47:59.0781 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/01/24 20:47:59.0843 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/01/24 20:47:59.0890 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/01/24 20:47:59.0937 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/01/24 20:47:59.0968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/01/24 20:47:59.0984 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    2011/01/24 20:48:00.0046 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2011/01/24 20:48:00.0062 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/01/24 20:48:00.0109 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/01/24 20:48:00.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/01/24 20:48:00.0203 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/01/24 20:48:00.0234 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    2011/01/24 20:48:00.0453 Pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
    2011/01/24 20:48:00.0484 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/01/24 20:48:00.0515 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/01/24 20:48:00.0562 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/01/24 20:48:00.0593 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/01/24 20:48:00.0765 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/01/24 20:48:00.0796 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/01/24 20:48:00.0875 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/01/24 20:48:00.0906 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/01/24 20:48:00.0953 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/01/24 20:48:00.0984 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/01/24 20:48:01.0046 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/01/24 20:48:01.0093 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/01/24 20:48:01.0171 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
    2011/01/24 20:48:01.0218 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
    2011/01/24 20:48:01.0265 s24trans (85a26a3bb748dfd3170cdbf45b0dd7fd) C:\WINDOWS\system32\DRIVERS\s24trans.sys
    2011/01/24 20:48:01.0312 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    2011/01/24 20:48:01.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/01/24 20:48:01.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2011/01/24 20:48:01.0468 SerTVOutCtlr (c996c839a3261cab5409c61e5702b620) C:\WINDOWS\system32\drivers\EPIOMngr.sys
    2011/01/24 20:48:01.0515 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
    2011/01/24 20:48:01.0562 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
    2011/01/24 20:48:01.0593 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/01/24 20:48:01.0687 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/01/24 20:48:01.0734 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
    2011/01/24 20:48:01.0812 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/01/24 20:48:01.0875 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/01/24 20:48:02.0000 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/01/24 20:48:02.0031 SrvcEKIOMngr (3b01a9316255cdd17f9c8e79aa573406) C:\WINDOWS\system32\Drivers\EKIoMngr.sys
    2011/01/24 20:48:02.0046 SrvcSSIOMngr (79b7af340d55861df1d69e7bac975fcc) C:\WINDOWS\system32\Drivers\SSIoMngr.sys
    2011/01/24 20:48:02.0093 sscdbhk5 (98625722ad52b40305e74aaa83c93086) C:\WINDOWS\system32\drivers\sscdbhk5.sys
    2011/01/24 20:48:02.0125 ssrtln (d79412e3942c8a257253487536d5a994) C:\WINDOWS\system32\drivers\ssrtln.sys
    2011/01/24 20:48:02.0281 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    2011/01/24 20:48:02.0343 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/01/24 20:48:02.0390 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/01/24 20:48:02.0421 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/01/24 20:48:02.0546 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/01/24 20:48:02.0609 TBiosDrv (eeca2b57545e7b7be949b5e70e31444f) C:\WINDOWS\system32\drivers\TBiosDrv.sys
    2011/01/24 20:48:02.0687 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/01/24 20:48:02.0718 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/01/24 20:48:02.0750 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/01/24 20:48:02.0781 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/01/24 20:48:02.0812 tfsnboio (d0177776e11b0b3f272eebd262a69661) C:\WINDOWS\system32\dla\tfsnboio.sys
    2011/01/24 20:48:02.0843 tfsncofs (599804bc938b8305a5422319774da871) C:\WINDOWS\system32\dla\tfsncofs.sys
    2011/01/24 20:48:02.0875 tfsndrct (a1902c00adc11c4d83f8e3ed947a6a32) C:\WINDOWS\system32\dla\tfsndrct.sys
    2011/01/24 20:48:02.0890 tfsndres (d8ddb3f2b1bef15cff6728d89c042c61) C:\WINDOWS\system32\dla\tfsndres.sys
    2011/01/24 20:48:02.0906 tfsnifs (c4f2dea75300971cdaee311007de138d) C:\WINDOWS\system32\dla\tfsnifs.sys
    2011/01/24 20:48:02.0937 tfsnopio (272925be0ea919f08286d2ee6f102b0f) C:\WINDOWS\system32\dla\tfsnopio.sys
    2011/01/24 20:48:02.0968 tfsnpool (7b7d955e5cebc2fb88b03ef875d52a2f) C:\WINDOWS\system32\dla\tfsnpool.sys
    2011/01/24 20:48:03.0015 tfsnudf (e3d01263109d800c1967c12c10a0b018) C:\WINDOWS\system32\dla\tfsnudf.sys
    2011/01/24 20:48:03.0031 tfsnudfa (b9e9c377906e3a65bc74598fff7f7458) C:\WINDOWS\system32\dla\tfsnudfa.sys
    2011/01/24 20:48:03.0093 toshidpt (62c57e7411b5f20980e70530ca69d5a7) C:\WINDOWS\system32\drivers\Toshidpt.sys
    2011/01/24 20:48:03.0156 tosporte (e46fb54be8a2a395fe96633b838baafe) C:\WINDOWS\system32\DRIVERS\tosporte.sys
    2011/01/24 20:48:03.0203 Tosrfbd (81546df5dea8abf2c8864d6d1f724b35) C:\WINDOWS\system32\Drivers\tosrfbd.sys
    2011/01/24 20:48:03.0281 Tosrfbnp (fe200eece7521061cdad658c6ee4f341) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    2011/01/24 20:48:03.0328 Tosrfcom (d185be751021bcf1e5d58566d408314a) C:\WINDOWS\system32\Drivers\tosrfcom.sys
    2011/01/24 20:48:03.0359 tosrfec (28c252f4311244a07b6dafc1fa0a2b0e) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
    2011/01/24 20:48:03.0406 Tosrfhid (341612b9758054e5965bcd6ae111b8f9) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    2011/01/24 20:48:03.0437 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    2011/01/24 20:48:03.0468 TosRfSnd (350814a87f8ba3b0e28278feddf36f82) C:\WINDOWS\system32\drivers\TosRfSnd.sys
    2011/01/24 20:48:03.0515 Tosrfusb (ddb8a339e57d514768f45d33b11bdb50) C:\WINDOWS\system32\Drivers\tosrfusb.sys
    2011/01/24 20:48:03.0562 TPwSav (542dd0c0d8a1aa428a8c8d1517edb679) C:\WINDOWS\system32\Drivers\TPwSav.sys
    2011/01/24 20:48:03.0609 Tvs (7bc87d123f504d161693f672cfe99ec4) C:\WINDOWS\system32\DRIVERS\Tvs.sys
    2011/01/24 20:48:03.0656 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/01/24 20:48:03.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/01/24 20:48:03.0828 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/01/24 20:48:03.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/01/24 20:48:03.0921 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/01/24 20:48:03.0953 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/01/24 20:48:04.0000 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/01/24 20:48:04.0031 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/01/24 20:48:04.0078 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/01/24 20:48:04.0140 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/01/24 20:48:04.0171 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    2011/01/24 20:48:04.0250 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2011/01/24 20:48:04.0296 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/01/24 20:48:04.0484 w29n51 (c89da341fcc883a3d79dc11727484fc2) C:\WINDOWS\system32\DRIVERS\w29n51.sys
    2011/01/24 20:48:04.0609 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/01/24 20:48:04.0703 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/01/24 20:48:04.0781 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/01/24 20:48:04.0859 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/01/24 20:48:04.0953 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    2011/01/24 20:48:05.0000 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/01/24 20:48:05.0125 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/01/24 20:48:05.0171 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/01/24 20:48:05.0500 ================================================================================
    2011/01/24 20:48:05.0500 Scan finished
    2011/01/24 20:48:05.0500 ================================================================================
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    delete any existing version of combofix from desktop
    download a new copy from original downlaod site

    Make sure AVG in uninstalled before running combofix as it stops CF working
    run the new combofix & see what happens
     
  5. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    Ok, first sorry for it taking a couple of days to get back but I was away on work issues. Since I can download stuff on this PC again I deleted the current combofix on my computer and downloaded it again once from the first site and ran it and it still locked up and did nothing. So I deleted it rebooted my PC and downloaded it from the second site and it too locked up and did not finish. I actually let the program run or try to run for at least 5 hours each download. It never finished. Not sure what the issue would be.

    Jeff
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Please download Malwarebytes' Anti-Malware to your desktop
    from HERE orHERE

    Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to the following:

    Update Malwarebytes' Anti-Malware. Launch Malwarebytes' Anti-Malware. Then click Finish.

    If an update is found, it will download and install the latest version. Press Update to make sure the latest database is loaded.
    Once the program has loaded, select Perform quick scan, then click Scan.
    When the scan is complete, click OK, then Show Results to view the results.
    Be sure that everything is checked, and click Remove Selected.
    When completed, a log will open in Notepad.
    Please include this log in your next reply.

    It might ask you to reboot to finish cleaning. Please do so. ( Press YES on the alert)
    If you receive an (Error Loading xxxxxxxxxx .dll) error on reboot please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it continues on every boot
     
  7. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    I downloaded and ran the malwarebytes program from the first link you included and below is the log from running that program.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5643

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/30/2011 10:21:16 PM
    mbam-log-2011-01-30 (22-21-16).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 270794
    Time elapsed: 59 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets see what this shows

    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  9. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    I ran the OTS software and attached the text log from that. Let me know if you have issues opening it.

    Jeff
     

    Attached Files:

    • OTS.Txt
      File size:
      161.9 KB
      Views:
      1
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I don't expect this to fix it but this will clear up a few things

    Start OTS. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


    Code:
    [Unregister Dlls]
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-4045514439-488458682-3945186458-1006\] > -> 
    YN -> HKEY_USERS\S-1-5-21-4045514439-488458682-3945186458-1006\: "ProxyEnable" -> 1
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Jeff\Application Data\Mozilla\FireFox\Profiles\nt4dy46b.default\prefs.js
    YN -> network.proxy.type -> 1
    [Files/Folders - Created Within 30 Days]
    NY ->  25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY ->  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY ->  1 C:\Documents and Settings\Jeff\My Documents\*.tmp files -> C:\Documents and Settings\Jeff\My Documents\*.tmp
    [Files/Folders - Modified Within 30 Days]
    NY ->  25 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
    NY ->  2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY ->  2 C:\Documents and Settings\Jeff\Local Settings\Temp\G2_438\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\G2_438\*.tmp
    NY ->  152 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
    NY ->  152 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
    NY ->  152 C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jeff\Local Settings\Temp\*.tmp
    NY ->  14 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
    NY ->  14 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
    NY ->  14 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
    NY ->  1 C:\Documents and Settings\Jeff\My Documents\*.tmp files -> C:\Documents and Settings\Jeff\My Documents\*.tmp
    [Empty Temp Folders]
    [EmptyFlash]
    [Start Explorer]
    [Reboot]

    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here .

    I will review the information when it comes back in.

    Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

    then
    Download MBR Check to your desktop

    • Right click MBRcheck.exe and select Run as Administrator (Vista or windows 7) or Double click MBRcheck.exe to run it (XP)
    • It will show a Black screen with some data on it
    • it will create a log called MBRcheck_time and date.txt on desktop
    • Post that resultant log here please
    • Do NOT fix anything or run any suggested fix before we see the report
     
  11. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    attahed is the file from running the OTS search with the fix information you gave me. below is the text file that was generated from MBR check. Let me now what is next.

    Jeff

    MBRCheck, version 1.2.3
    (c) 2010, AD
    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c
    Kernel Drivers (total 163):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806EE000 \WINDOWS\system32\hal.dll
    0xF7987000 \WINDOWS\system32\KDCOM.DLL
    0xF7897000 \WINDOWS\system32\BOOTVID.dll
    0xF75A8000 ACPI.sys
    0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF7597000 pci.sys
    0xF75F7000 isapnp.sys
    0xF7607000 ohci1394.sys
    0xF7617000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xF789B000 compbatt.sys
    0xF789F000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xF7A4F000 pciide.sys
    0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF798B000 intelide.sys
    0xF74D9000 pcmcia.sys
    0xF7627000 MountMgr.sys
    0xF74BA000 ftdisk.sys
    0xF78A3000 ACPIEC.sys
    0xF7A50000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xF770F000 PartMgr.sys
    0xF7637000 VolSnap.sys
    0xF74A2000 atapi.sys
    0xF7647000 disk.sys
    0xF7657000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF7482000 fltmgr.sys
    0xF7470000 sr.sys
    0xF745A000 drvmcdb.sys
    0xF7717000 PxHelp20.sys
    0xF7443000 KSecDD.sys
    0xF7430000 WudfPf.sys
    0xF7B52000 Ntfs.sys
    0xF7403000 NDIS.sys
    0xF787D000 Mup.sys
    0xF7677000 \SystemRoot\system32\DRIVERS\nic1394.sys
    0xF7547000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xB9C56000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB9C42000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF774F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB9C1E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF7757000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB9C0B000 \SystemRoot\system32\DRIVERS\Rtlnicxp.sys
    0xB98F8000 \SystemRoot\system32\DRIVERS\w29n51.sys
    0xB97BE000 \SystemRoot\system32\DRIVERS\wn511b.sys
    0xF7537000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
    0xB97AA000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0xB9797000 \SystemRoot\system32\DRIVERS\ESM7SK.sys
    0xF7527000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
    0xB9561000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0xB953D000 \SystemRoot\system32\drivers\portcls.sys
    0xF7517000 \SystemRoot\system32\drivers\drmk.sys
    0xB951A000 \SystemRoot\system32\drivers\ks.sys
    0xF775F000 \SystemRoot\system32\DRIVERS\Tvs.sys
    0xF7507000 \SystemRoot\system32\DRIVERS\wowxt_kern_i386.sys
    0xF7767000 \SystemRoot\system32\DRIVERS\tsxt_kern_i386.sys
    0xB9415000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0xF776F000 \SystemRoot\System32\Drivers\Modem.SYS
    0xBA4A2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xF74F7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xF7777000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB93FC000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0xF777F000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA7A0000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA49A000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
    0xBA790000 \SystemRoot\System32\Drivers\AFS2K.SYS
    0xF7787000 \SystemRoot\system32\drivers\pfc.sys
    0xF778F000 \SystemRoot\system32\drivers\iviaspi.sys
    0xF79BD000 \SystemRoot\system32\drivers\sscdbhk5.sys
    0xBA780000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA770000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7797000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xBA760000 \SystemRoot\System32\Drivers\tosrfcom.sys
    0xB932E000 \SystemRoot\system32\DRIVERS\btkrnl.sys
    0xF79BF000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xB92F1000 \SystemRoot\system32\DRIVERS\iwca.sys
    0xBA172000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA750000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xBA48E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB9279000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA740000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA730000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF77A7000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB9268000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA720000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF77AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF77B7000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA089000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF79C1000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB919F000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA482000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xBA079000 \SystemRoot\system32\DRIVERS\tosporte.sys
    0xB9136000 \SystemRoot\system32\drivers\btaudio.sys
    0xBA069000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xBA029000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF79CF000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF79D7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF7ABB000 \SystemRoot\System32\Drivers\Null.SYS
    0xF79D9000 \SystemRoot\System32\Drivers\Beep.SYS
    0xF7817000 \SystemRoot\system32\drivers\ssrtln.sys
    0xF781F000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xF7737000 \SystemRoot\System32\drivers\vga.sys
    0xF79DB000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF79DD000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xA8D72000 \SystemRoot\System32\Drivers\meiudf.sys
    0xA8D61000 \SystemRoot\System32\Drivers\Udfs.SYS
    0xF773F000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xF7747000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xF7937000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA8D4E000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA8CF5000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA8CCD000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA8CAB000 \SystemRoot\System32\drivers\afd.sys
    0xBA019000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xF793F000 \SystemRoot\System32\Drivers\TPwSav.sys
    0xF79DF000 \SystemRoot\System32\Drivers\SSIoMngr.sys
    0xF79E1000 \SystemRoot\System32\Drivers\EKIoMngr.sys
    0xF79E3000 \SystemRoot\system32\drivers\EPIOMngr.sys
    0xA8C80000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA8C10000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xBA009000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA8BEA000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xB9FF9000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xF7687000 \SystemRoot\system32\DRIVERS\arp1394.sys
    0xB92C1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xA84BE000 \SystemRoot\system32\DRIVERS\lvuvc.sys
    0xF76A7000 \SystemRoot\system32\drivers\usbaudio.sys
    0xA83DC000 \SystemRoot\system32\DRIVERS\lvrs.sys
    0xA83A6000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xF79FB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xB9D1B000 \SystemRoot\System32\drivers\Dxapi.sys
    0xF779F000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA8E61000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF03F000 \SystemRoot\System32\ialmdev5.DLL
    0xBF068000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0xA843E000 \SystemRoot\system32\drivers\drvnddm.sys
    0xA8D97000 \??\C:\WINDOWS\system32\drivers\TBiosDrv.sys
    0xA8F97000 \SystemRoot\system32\dla\tfsndres.sys
    0xA82F0000 \SystemRoot\system32\dla\tfsnifs.sys
    0xA8376000 \SystemRoot\system32\dla\tfsnopio.sys
    0xA8D95000 \SystemRoot\system32\dla\tfsnpool.sys
    0xF780F000 \SystemRoot\system32\dla\tfsnboio.sys
    0xA841E000 \SystemRoot\system32\dla\tfsncofs.sys
    0xF7A5B000 \SystemRoot\system32\dla\tfsndrct.sys
    0xA82D7000 \SystemRoot\system32\dla\tfsnudf.sys
    0xA82BE000 \SystemRoot\system32\dla\tfsnudfa.sys
    0xA8DD7000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0xA81E2000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA81CA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xA7F71000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xF79D3000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0xA7E01000 \SystemRoot\system32\DRIVERS\srv.sys
    0xA7C84000 \SystemRoot\system32\drivers\wdmaud.sys
    0xA7EC9000 \SystemRoot\system32\drivers\sysaudio.sys
    0xA8DF7000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0xA75D5000 \SystemRoot\System32\Drivers\HTTP.sys
    0xA7B3E000 \??\C:\WINDOWS\system32\AWINDIS5.SYS
    0xA6AEF000 \SystemRoot\system32\drivers\kmixer.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll
    Processes (total 90):
    0 System Idle Process
    4 System
    960 C:\WINDOWS\system32\smss.exe
    1012 csrss.exe
    1036 C:\WINDOWS\system32\winlogon.exe
    1080 C:\WINDOWS\system32\services.exe
    1092 C:\WINDOWS\system32\lsass.exe
    1252 C:\WINDOWS\system32\svchost.exe
    1356 svchost.exe
    1396 C:\WINDOWS\system32\svchost.exe
    1428 C:\WINDOWS\system32\svchost.exe
    1572 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1632 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    1696 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1724 svchost.exe
    1880 svchost.exe
    264 C:\WINDOWS\system32\spoolsv.exe
    400 svchost.exe
    432 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    444 C:\Program Files\Bonjour\mDNSResponder.exe
    460 C:\WINDOWS\system32\DVDRAMSV.exe
    548 C:\Program Files\Java\jre6\bin\jqs.exe
    592 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    624 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    636 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    752 C:\WINDOWS\system32\svchost.exe
    788 C:\WINDOWS\system32\svchost.exe
    880 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    108 C:\WINDOWS\system32\svchost.exe
    1000 C:\Toshiba\IVP\swupdate\swupdtmr.exe
    2032 C:\WINDOWS\explorer.exe
    2152 C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
    2496 alg.exe
    3412 C:\WINDOWS\system32\igfxtray.exe
    3456 C:\WINDOWS\system32\hkcmd.exe
    3480 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    3496 C:\WINDOWS\system32\dla\tfswctrl.exe
    3536 C:\WINDOWS\agrsmmsg.exe
    3556 C:\Program Files\Apoint2K\Apoint.exe
    3580 C:\Program Files\Toshiba\TouchPad\TPTray.exe
    3592 C:\Program Files\Toshiba\Accessibility\FnKeyHook.exe
    3604 C:\WINDOWS\system32\TCtrlIOHook.exe
    3752 C:\Program Files\Apoint2K\ApntEx.exe
    3764 C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    3820 C:\Program Files\Toshiba\E-KEY\CeEKey.exe
    3888 C:\Program Files\Toshiba\Touch and Launch\PadExe.exe
    3900 C:\WINDOWS\system32\ZoomingHook.exe
    3920 C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
    3964 C:\Program Files\Toshiba\Tvs\TvsTray.exe
    4044 C:\Program Files\QuickTime\QTTask.exe
    1996 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    164 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    188 C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
    208 C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe
    1928 C:\Program Files\iTunes\iTunesHelper.exe
    472 C:\Program Files\NETGEAR\WN511B\Utility\WN511B.exe
    680 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    532 C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
    736 C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
    732 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    820 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    804 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    956 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
    1848 C:\Program Files\Messenger\msmsgs.exe
    2060 C:\WINDOWS\system32\ctfmon.exe
    2080 C:\WINDOWS\system32\TPSBattM.exe
    348 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    1872 C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
    2232 C:\Program Files\ANYCOM\Blue USB-200-250\BTTray.exe
    1844 C:\Program Files\Common Files\Teleca Shared\logger.exe
    1860 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2292 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    2348 C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
    1640 C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    2812 C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    2904 C:\WINDOWS\system32\RAMASST.exe
    1460 C:\Program Files\Webshots\webshots.scr
    536 C:\Program Files\iPod\bin\iPodService.exe
    3004 C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    2320 C:\Program Files\Common Files\Teleca Shared\Generic.exe
    3044 C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
    3120 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
    2956 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
    3948 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
    2900 C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
    1720 C:\Program Files\Internet Explorer\iexplore.exe
    2068 C:\Program Files\Internet Explorer\iexplore.exe
    3232 C:\Program Files\Logitech\LWS\LU\LULnchr.exe
    2868 C:\Program Files\Logitech\LWS\LU\LogitechUpdate.exe
    1380 C:\Documents and Settings\Jeff\Desktop\MBRCheck.exe
    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    PhysicalDrive0 Model Number: TOSHIBAMK1032GAX, Rev: AB211A
    Size Device Name MBR Status
    --------------------------------------------
    92 GB \\.\PhysicalDrive0 Windows 98 MBR code detected
    SHA1: 48F01D7E76A0F3C038D08611E3FDC0EE4EF9FD3E

    Done!
     

    Attached Files:

  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    • Run MBRCheck.exe
    • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
    • Please push the 'Y' key and then press Enter
    • When program ask you Enter your choice: enter 2 and press the Enter key
    • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
    • Enter 0 and press the Enter key.
    • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
    • The program will prompt for confirmation. Type 'YES' and hit Enter.
    • Left click on the title bar (where program name and path is written).
    • From menu chose Edit -> Select All
    • Hit the Enter key on your keyboard to copy selected text.
    • Paste that text into Notepad, save it to your desktop as "MBRCheck results.txt"
    • Important! Restart your PC for the fix to take effect.
    • Post the contents of the MBRCheck results log in your next reply
     
  13. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    I just got back into town to do you previous MBRcheck program. I have tryed several times including rebooting my PC but I never get the following line:

    * Wait until you see the following line: *Enter 'Y' and hit ENTER for more options, or 'N' to exit:*

    Not sure what to do now.

    Jeff
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    we will skip that then
    how is the computer now
    atre you havimg any problems or is it all OK
     
  15. kaatn55

    kaatn55 Thread Starter

    Joined:
    Jan 23, 2011
    Messages:
    8
    The computer is running pretty good. I don't have any other issues with the internet but I was wondering if you could help me with the performance of the PC. It seems that I have a lot of services that start up with my computer that probably don't need to start. Is there something that I could send you to see if there are redundant services started.

    Jeff
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/976478

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice