1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Numerous issues with Dell Precision 370.

Discussion in 'Virus & Other Malware Removal' started by TattooedMamaMeg, Dec 10, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    Sooo... I'm not even sure where to begin. My father has a Dell Precision 370 desktop computer. It's running WinXP Pro SP3. He has had two trojans in the past two weeks that I have successfully (I think) removed thanks to the help of bleepingcomputer.com. They were both fake anti-virus programs that installed a rootkit so that I couldn't open any new programs. The virus would try to tell me that this program was infected and it wouldn't open it. I followed the guides given on bleepingcomputer to remove the trojans and I had no further issues with those particular viruses. My dad uses AOL as his main email source and that comes with AOL Computer Checkup and McAfee. I uninstalled both programs and downloaded Trend Micro Titanium Internet Security 2012. My boyfriend and I have a subscription and had a free slot to protect an additional computer. Since installing it 3 nights ago, it has been blocking "threats" like mad. It has blocked over 3,000 "threats" since it was installed. 19 trojans, 1 spyware, and the remaining 3,112 (at current count) have been web threats. In the past 3 days on my personal laptop which runs Windows 7, Trend Micro has blocked 3 web threats. I understand that not all threats are true threats, but the fact that it's basically constantly blocking stuff makes me feel that there still something left on this machine and/or that someone/thing is attacking this computer. I don't know enough about viruses to really form a conclusion. I have run Malwarebytes, CCleaner, Full scans of Trend Micro, and removed everything that came up but the computer is running crazy slow and Trend Micro is still blocking stuff left and right. I want to just reinstall Windows but I found out today that my father has no reinstall disc. Nothing came with the computer, there isn't a hidden file on the computer containing a reinstall, and he didn't create a recovery disc. I've torn apart his desk looking for anything to reinstall Windows with and I can't find anything, and he has no recollection of ever receiving anything when he purchased the computer.

    I'm also unable to access Windows Update. When I click Start, All Programs, Windows Update, the webpage comes up saying that Internet Explorer cannot display the webpage. He has IE8 on this computer. I removed IE8 and tried again with IE7, but that didn't work either so I reinstalled IE8. Still doesn't work. I ran TDSSKiller but it found nothing. I found a Microsoft article which gave me instructions on how to reinstall the Windows Update components and I did that as well. It still won't open Windows Update. I wouldn't be surprised if this were somehow related to the virus stuff that's happening, but I'm not certain. Sorry this post is so long! Requested logs to follow.

    ***** Every time I try to reply to my own thread, I get a message saying the connection has been reset. I'll post logs as soon as I'm allowed to... *****

    ***** To add to the list of things that's wrong - it wasn't letting me reply to my own threads with Firefox or IE8. I emailed myself the logs, hopped on my laptop, and was able to post with zero issue. *****
     
  2. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:17:03 PM, on 12/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17103)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\PROGRA~1\COMMON~1\AOL\132120~2\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\132120~2\EE\AOLServiceHost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Owner\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
    O2 - BHO: IEHelperObj Class - {6754A456-BAD9-11D4-93D3-00B0D03A2F91} - (no file)
    O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
    O4 - HKLM\..\Run: [lxdxamon] "C:\Program Files\Lexmark 3600-4600 Series\lxdxamon.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1321205152\EE\AOLHostManager.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"
    O4 - HKLM\..\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
    O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe"
    O4 - HKCU\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - Global Startup: Wireless Configuration Utility HW.14.lnk = C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1215014387006
    O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
    O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
    O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10938 bytes
     
  3. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Owner at 15:21:40 on 2011-12-10
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.318 [GMT -6:00]
    .
    AV: Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxMsdMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
    C:\PROGRA~1\COMMON~1\AOL\132120~2\EE\AOLHOS~1.EXE
    C:\PROGRA~1\COMMON~1\AOL\132120~2\EE\AOLServiceHost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\America Online 9.0\waol.exe
    C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    C:\Program Files\TRENDnet\TEW-424UB\WlanCU.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Program Files\America Online 9.0\shellmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
    BHO: {6754a456-bad9-11d4-93d3-00b0d03a2f91} - IEHelperObj Class
    BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AOL Fast Start] "c:\program files\america online 9.0\AOL.EXE" -b
    uRun: [HydraVisionDesktopManager] "c:\program files\ati technologies\ati hydravision\HydraDM.exe"
    uRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
    mRun: [lxdxmon.exe] "c:\program files\lexmark 3600-4600 series\lxdxmon.exe"
    mRun: [lxdxamon] "c:\program files\lexmark 3600-4600 series\lxdxamon.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
    mRun: [HostManager] c:\program files\common files\aol\1321205152\ee\AOLHostManager.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
    mRun: [Trend Micro Titanium] "c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe" -set Silent "1" SplashURL ""
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
    StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\trendnet\tew-424ub\WlanCU.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: connwsp.dll
    LSP: mswsock.dll
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1215014387006
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    TCP: DhcpNameServer = 192.168.15.1
    TCP: Interfaces\{8E4F91FC-80DA-4A0B-8A24-2C1CED781E3C} : DhcpNameServer = 192.168.15.1
    Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\7.0.1086\7.0.1086\TmBpIe32.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\2.0.1313\6.8.1072\TmIEPlg.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\osg7z8xp.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-12-8 68368]
    R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-12-8 200632]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R3 RTL8187B;TRENDnet TEW-424UB 54M USB Dongle;c:\windows\system32\drivers\RTL8187B.sys [2011-11-21 215040]
    R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2002-10-2 13532]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2009-7-30 98984]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-1 135664]
    S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2011-10-15 24576]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
    S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys --> c:\windows\system32\drivers\ewusbdev.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
    .
    =============== Created Last 30 ================
    .
    2011-12-10 21:14:43 916480 ------w- c:\windows\system32\SET296.tmp
    2011-12-10 21:14:43 66560 ------w- c:\windows\system32\SET29B.tmp
    2011-12-10 21:14:43 611840 ------w- c:\windows\system32\SET29A.tmp
    2011-12-10 21:14:43 5971456 ------w- c:\windows\system32\SET29C.tmp
    2011-12-10 21:14:43 1212416 ------w- c:\windows\system32\SET297.tmp
    2011-12-10 21:14:43 105984 ------w- c:\windows\system32\SET298.tmp
    2011-12-10 21:14:42 55296 ------w- c:\windows\system32\SET29D.tmp
    2011-12-10 21:14:41 602112 ------w- c:\windows\system32\SET29E.tmp
    2011-12-10 21:14:41 2000384 ------w- c:\windows\system32\SET2A2.tmp
    2011-12-10 21:14:41 11081728 ------w- c:\windows\system32\SET2A4.tmp
    2011-12-10 21:13:34 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth
    2011-12-10 21:12:23 -------- dc-h--w- c:\windows\ie8
    2011-12-10 20:46:11 -------- d--h--w- c:\program files\WindowsUpdate
    2011-12-10 20:36:13 -------- d-----w- c:\documents and settings\all users\application data\Viewpoint
    2011-12-10 20:35:31 -------- d-----w- c:\documents and settings\owner\local settings\application data\ATI
    2011-12-10 20:34:22 0 ----a-w- c:\windows\ativpsrm.bin
    2011-12-10 05:57:38 192512 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
    2011-12-10 05:57:37 729088 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
    2011-12-10 05:57:37 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
    2011-12-10 05:57:37 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
    2011-12-10 05:57:37 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
    2011-12-10 05:57:37 188548 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
    2011-12-10 05:57:36 311428 ----a-w- c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
    2011-12-10 05:56:04 -------- d-----w- c:\program files\ATI Technologies
    2011-12-10 05:55:27 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
    2011-12-10 05:53:39 -------- d-----w- C:\AMD
    2011-12-08 08:31:37 -------- d-----w- c:\documents and settings\owner\local settings\application data\Trend Micro
    2011-12-08 08:29:56 92432 ----a-w- c:\windows\system32\drivers\tmtdi.sys
    2011-12-08 08:29:51 81168 ----a-w- c:\windows\system32\drivers\tmactmon.sys
    2011-12-08 08:29:51 68368 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
    2011-12-08 08:29:51 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
    2011-12-08 08:28:09 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
    2011-12-08 08:26:50 -------- d-----w- c:\documents and settings\all users\application data\Trend Micro
    2011-12-08 08:12:44 -------- d-----w- c:\program files\Trend Micro
    2011-12-08 07:54:01 54016 ----a-w- c:\windows\system32\drivers\mwjujni.sys
    2011-12-04 07:47:55 -------- d-----w- c:\program files\Titan Network
    2011-12-04 06:16:52 -------- d-----w- c:\documents and settings\owner\Saved Games
    2011-12-04 06:16:07 -------- d-----w- c:\documents and settings\owner\application data\iWin
    2011-12-04 06:15:51 -------- d-----w- c:\documents and settings\owner\application data\Oberon Media
    2011-12-04 06:08:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Oberon Media
    2011-11-26 06:44:47 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2011-11-26 06:44:43 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-11-26 06:25:20 -------- d-----w- c:\documents and settings\owner\application data\XcA1ivD2oFaHsJf
    2011-11-26 06:25:20 -------- d-----w- c:\documents and settings\owner\application data\l6dEK8fZ9YwU
    2011-11-26 06:20:35 -------- d-----w- c:\documents and settings\owner\application data\WONtxA0uv
    2011-11-26 06:20:34 -------- d-----w- c:\documents and settings\owner\application data\rlBtzPNyc1v2
    2011-11-26 05:56:28 -------- d-----w- c:\documents and settings\owner\application data\x2onF4pmHsJdLgZ
    2011-11-26 05:56:28 -------- d-----w- c:\documents and settings\owner\application data\BTXqjUCelBzNc1v
    2011-11-26 05:51:30 -------- d-----w- c:\documents and settings\owner\application data\KRRLL9ggTXjUCkB
    2011-11-26 05:51:30 -------- d-----w- c:\documents and settings\owner\application data\DPPPNyxxA1vD2b
    2011-11-26 05:51:16 -------- d-----w- c:\documents and settings\owner\application data\Z555aQQH6
    2011-11-26 05:51:14 -------- d-----w- c:\documents and settings\owner\application data\OoobbF3pmG5sJ6E
    2011-11-22 03:13:21 215040 ----a-w- c:\windows\system32\drivers\RTL8187B.sys
    2011-11-22 03:13:10 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2011-11-22 03:12:51 -------- d-----w- c:\windows\OPTIONS
    2011-11-22 03:12:51 -------- d-----w- c:\program files\TRENDnet
    2011-11-13 17:29:18 -------- d-----w- C:\Install iTunes
    2011-11-13 17:29:01 -------- d-----w- C:\Install ICQ
    2011-11-13 17:28:59 -------- d-----w- C:\AOL Instant Messenger
    2011-11-13 17:26:27 -------- d-----w- c:\program files\common files\AolCoach
    2011-11-13 17:25:47 -------- d-----w- c:\program files\common files\aolshare
    2011-11-13 17:25:47 -------- d-----w- c:\program files\America Online 9.0
    2011-11-13 16:52:11 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
    2011-11-13 16:52:11 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
    2011-11-13 16:52:11 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
    2011-11-13 16:52:11 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
    2011-11-13 16:52:11 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
    2011-11-13 16:52:10 106496 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
    2011-11-13 16:52:00 -------- d-----w- c:\windows\system32\QuickTime
    .
    ==================== Find3M ====================
    .
    2011-12-08 08:02:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-26 06:35:31 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-11-19 15:06:26 2576 ----a-w- c:\windows\system32\ASOROSet.bin
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-03 17:45:00 98304 -c--a-w- c:\windows\system32\CmdLineExt.dll
    2011-10-03 11:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 08:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 15:22:57.43 ===============
     
  4. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    This is the attach.txt file.
     

    Attached Files:

  5. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    ***** Side Note: Upon completion of the GMER scan, it DID pop up saying something about Rootkit activity. I didn't write down exactly what it said, but it seems to think that I still have Rootkit stuff on this computer. *****

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-10 17:02:55
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.ZH10
    Running: z7qjrde7.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kgairaod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 85FAF68C ZwCreateKey
    SSDT 85F79334 ZwCreateMutant
    SSDT 85DC217C ZwCreateProcess
    SSDT 86389184 ZwCreateProcessEx
    SSDT 85DAF22C ZwCreateSymbolicLinkObject
    SSDT 85F793A4 ZwCreateThread
    SSDT 85F90DFC ZwDeleteKey
    SSDT 85DA494C ZwDeleteValueKey
    SSDT 861EDD5C ZwDuplicateObject
    SSDT 85F7936C ZwLoadDriver
    SSDT 861F41D4 ZwOpenProcess
    SSDT 85DA4914 ZwOpenSection
    SSDT 861EA1D4 ZwOpenThread
    SSDT 85F7AA74 ZwRenameKey
    SSDT 85F7AA3C ZwRestoreKey
    SSDT 85DAF264 ZwSetSystemInformation
    SSDT 85F90E34 ZwSetValueKey
    SSDT 86387184 ZwTerminateProcess
    SSDT 85F775CC ZwTerminateThread
    SSDT 85DA48DC ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5D8A000, 0x1BDF16, 0xE8000020]
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF29EEF80]
    ? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\ping.exe[312] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BA000A
    .text C:\WINDOWS\System32\ping.exe[312] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00BB000A
    .text C:\WINDOWS\System32\ping.exe[312] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006B000A
    .text C:\WINDOWS\System32\ping.exe[312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006C000A
    .text C:\WINDOWS\System32\ping.exe[312] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006A000C
    .text C:\WINDOWS\System32\ping.exe[312] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00BE000A
    .text C:\WINDOWS\System32\ping.exe[312] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 00BF000A
    .text C:\WINDOWS\System32\ping.exe[312] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\System32\ping.exe[312] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00BD000A
    .text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B4000A
    .text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B5000A
    .text C:\WINDOWS\System32\svchost.exe[1116] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B3000C
    .text C:\WINDOWS\system32\SearchIndexer.exe[1888] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02AE000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 02AF000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4128] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 02AD000C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4128] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 013E5210 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5176] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5176] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5176] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5176] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B0726000-B073C000 (90112 bytes)

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt 0 bytes
    File C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt 1178 bytes
    File C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\3A2IV8YU\drts[1].htm 53 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\5W9XG4F9\base_movies[1].js 534 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6ELLT6XC\imp[1].htm 4455 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8CKWTPWR\redarrow_closed[1].gif 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8CKWTPWR\plcr_1845203_0_1322865825352[1].js 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8CKWTPWR\bg-nav-hover[1].gif 1314 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8CKWTPWR\bg-side-item-active[1].gif 1156 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8CKWTPWR\buttonTimes[1].gif 0 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GGDCB4H3\trend_logo[1].png 6066 bytes
    File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LRSD3O4F\p-01-0VIaSjnOLg[1].gif 0 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\1801348350 0 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376 0 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\bckfg.tmp 851 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\cfg.ini 208 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\Desktop.ini 4608 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\keywords 595 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\kwrd.dll 223744 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\L\rlcmmtmf 75264 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\lsflt7.ver 9011 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U\[email protected] 2048 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U\[email protected] 224768 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U\[email protected] 1024 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U\[email protected] 12800 bytes
    File C:\WINDOWS\$NtUninstallKB19102$\2223951376\U\[email protected] 98304 bytes

    ---- EOF - GMER 1.0.15 ----
     
  6. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
  7. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.

    IMPORTANT NOTE : Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
    Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.


    Vista and Windows 7 users:
    These tools MUST be run from the executable (.exe) every time you run them
    with Admin Rights (Right click, choose "Run as Administrator")


    Stay with this topic until I give you the all clean post.
    ----------

    I apologize for the delay in response but as you can see we are very busy.
    ----------

    **WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

    Unfortunately it seems that you have what is known as the ZeroAccess rootkit which is a particularly nasty infection. As a warning, if you choose to continue with the cleaning you may lose internet connectivity with the infected computer and we may in the end need to format your system due to the damage that is done by this infection.

    If you would like to format and reinstall your Operating System please let me know and I can assist you with that.

    If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
    ----------

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------

    Please read through these instructions to familarize yourself with what to expect when this tool runs

    Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Notes:

    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ----------

    If you choose to continue to clean the computer please post the logs created by TDSSKiller and ComboFix into your next reply.
     
  8. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    Thank you for your assistance Jeff. If it is possible to reinstall Windows that would probably be the best bet, however we have no install disc or recovery disc. I ran TDSSKiller with no problem. It didn't find any threats. However I had issues running ComboFix. I downloaded it to the desktop and ran it. It ran for a while, had me install the Windows Recovery thing, then said it needed to restart the computer. Upon restart it continued to scan for a while. It started to delete files, some of which were Cloud AV 2012 files which is the first Trojan the computer got a couple weeks ago. While it was deleting files the monitor suddenly turned off. I hit the spacebar and it came back on but I had an error on the screen that said, "The procedure * could not be located in the DLL WINTRUST.dll." I clicked okay and the computer was sort of "stuck". I was looking at my desktop image but without the taskbar at the bottom and without any icons - just the background image. So I restarted the computer and now we have zero internet access via high speed or dial up. I checked the C: drive and I have no ComboFix log. I do have a ComboFix folder but when I double click it, it takes me to the My Computer folder? Odd. Anyhow, here is the TDSSKiller log.

    16:29:06.0875 5880 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
    16:29:07.0859 5880 ============================================================
    16:29:07.0859 5880 Current date / time: 2011/12/11 16:29:07.0859
    16:29:07.0859 5880 SystemInfo:
    16:29:07.0859 5880
    16:29:07.0859 5880 OS Version: 5.1.2600 ServicePack: 3.0
    16:29:07.0859 5880 Product type: Workstation
    16:29:07.0859 5880 ComputerName: OWNER-5B17E3CB8
    16:29:07.0859 5880 UserName: Owner
    16:29:07.0859 5880 Windows directory: C:\WINDOWS
    16:29:07.0859 5880 System windows directory: C:\WINDOWS
    16:29:07.0859 5880 Processor architecture: Intel x86
    16:29:07.0859 5880 Number of processors: 2
    16:29:07.0859 5880 Page size: 0x1000
    16:29:07.0859 5880 Boot type: Normal boot
    16:29:07.0859 5880 ============================================================
    16:29:10.0109 5880 Initialize success
    16:29:13.0000 5788 ============================================================
    16:29:13.0000 5788 Scan started
    16:29:13.0000 5788 Mode: Manual;
    16:29:13.0000 5788 ============================================================
    16:29:14.0484 5788 Abiosdsk - ok
    16:29:14.0625 5788 abp480n5 - ok
    16:29:15.0031 5788 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    16:29:15.0062 5788 ACPI - ok
    16:29:15.0500 5788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    16:29:15.0515 5788 ACPIEC - ok
    16:29:15.0968 5788 adpu160m - ok
    16:29:16.0437 5788 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    16:29:16.0437 5788 aec - ok
    16:29:16.0703 5788 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
    16:29:16.0750 5788 AegisP - ok
    16:29:17.0156 5788 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
    16:29:17.0171 5788 Afc - ok
    16:29:17.0343 5788 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    16:29:17.0359 5788 AFD - ok
    16:29:17.0656 5788 Aha154x - ok
    16:29:18.0031 5788 aic78u2 - ok
    16:29:18.0218 5788 aic78xx - ok
    16:29:18.0250 5788 AliIde - ok
    16:29:18.0281 5788 amsint - ok
    16:29:18.0328 5788 asc - ok
    16:29:18.0343 5788 asc3350p - ok
    16:29:18.0375 5788 asc3550 - ok
    16:29:18.0484 5788 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
    16:29:18.0640 5788 ASCTRM - ok
    16:29:18.0703 5788 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    16:29:18.0718 5788 AsyncMac - ok
    16:29:18.0796 5788 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    16:29:18.0812 5788 atapi - ok
    16:29:18.0828 5788 Atdisk - ok
    16:29:19.0328 5788 ati2mtag (8c964272f5b021f726717347762c3d5b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    16:29:20.0156 5788 ati2mtag - ok
    16:29:20.0640 5788 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    16:29:20.0656 5788 Atmarpc - ok
    16:29:20.0765 5788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    16:29:20.0781 5788 audstub - ok
    16:29:20.0906 5788 b57w2k (e470738b601a7fbb1e1c34cec8355f5d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
    16:29:20.0921 5788 b57w2k - ok
    16:29:21.0062 5788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    16:29:21.0078 5788 Beep - ok
    16:29:21.0468 5788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    16:29:21.0484 5788 cbidf2k - ok
    16:29:21.0531 5788 cd20xrnt - ok
    16:29:21.0562 5788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    16:29:21.0562 5788 Cdaudio - ok
    16:29:21.0625 5788 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    16:29:21.0625 5788 Cdfs - ok
    16:29:21.0656 5788 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    16:29:21.0671 5788 Cdrom - ok
    16:29:21.0734 5788 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
    16:29:21.0796 5788 cercsr6 - ok
    16:29:21.0812 5788 Changer - ok
    16:29:21.0843 5788 CmdIde - ok
    16:29:21.0875 5788 Cpqarray - ok
    16:29:21.0906 5788 dac2w2k - ok
    16:29:21.0937 5788 dac960nt - ok
    16:29:22.0031 5788 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    16:29:22.0062 5788 Disk - ok
    16:29:22.0203 5788 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    16:29:22.0234 5788 dmboot - ok
    16:29:22.0312 5788 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    16:29:22.0343 5788 dmio - ok
    16:29:22.0359 5788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    16:29:22.0359 5788 dmload - ok
    16:29:22.0390 5788 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    16:29:22.0421 5788 DMusic - ok
    16:29:22.0437 5788 dpti2o - ok
    16:29:22.0468 5788 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    16:29:22.0468 5788 drmkaud - ok
    16:29:22.0500 5788 ewusbnet - ok
    16:29:22.0515 5788 ew_hwusbdev - ok
    16:29:22.0578 5788 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    16:29:22.0578 5788 Fastfat - ok
    16:29:22.0609 5788 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    16:29:22.0609 5788 Fdc - ok
    16:29:22.0671 5788 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    16:29:22.0671 5788 Fips - ok
    16:29:22.0703 5788 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    16:29:22.0703 5788 Flpydisk - ok
    16:29:22.0812 5788 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    16:29:22.0828 5788 FltMgr - ok
    16:29:22.0843 5788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    16:29:22.0843 5788 Fs_Rec - ok
    16:29:22.0859 5788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    16:29:22.0859 5788 Ftdisk - ok
    16:29:22.0906 5788 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    16:29:22.0906 5788 Gpc - ok
    16:29:22.0953 5788 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    16:29:22.0953 5788 hidusb - ok
    16:29:22.0968 5788 hpn - ok
    16:29:23.0015 5788 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
    16:29:23.0031 5788 HTCAND32 - ok
    16:29:23.0109 5788 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    16:29:23.0140 5788 HTTP - ok
    16:29:23.0171 5788 huawei_enumerator - ok
    16:29:23.0234 5788 hwdatacard - ok
    16:29:23.0250 5788 hwusbdev - ok
    16:29:23.0296 5788 i2omgmt - ok
    16:29:23.0328 5788 i2omp - ok
    16:29:23.0406 5788 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    16:29:23.0421 5788 i8042prt - ok
    16:29:23.0500 5788 iastor (5df93509037399b53d3ecaa8a67b6c58) C:\WINDOWS\system32\DRIVERS\iaStor.sys
    16:29:23.0500 5788 iastor - ok
    16:29:23.0562 5788 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    16:29:23.0562 5788 Imapi - ok
    16:29:23.0593 5788 ini910u - ok
    16:29:23.0625 5788 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    16:29:23.0625 5788 IntelIde - ok
    16:29:23.0671 5788 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    16:29:23.0671 5788 intelppm - ok
    16:29:23.0703 5788 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    16:29:23.0718 5788 Ip6Fw - ok
    16:29:23.0781 5788 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    16:29:23.0796 5788 IpFilterDriver - ok
    16:29:23.0828 5788 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    16:29:23.0828 5788 IpInIp - ok
    16:29:23.0875 5788 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    16:29:23.0890 5788 IpNat - ok
    16:29:23.0968 5788 IPSec (4eb0d03142d98d9145d834fc32ab91b9) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    16:29:24.0000 5788 IPSec - ok
    16:29:24.0031 5788 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    16:29:24.0031 5788 IRENUM - ok
    16:29:24.0078 5788 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    16:29:24.0093 5788 isapnp - ok
    16:29:24.0125 5788 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    16:29:24.0140 5788 Kbdclass - ok
    16:29:24.0359 5788 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    16:29:24.0375 5788 kbdhid - ok
    16:29:24.0468 5788 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    16:29:24.0468 5788 kmixer - ok
    16:29:24.0562 5788 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    16:29:24.0578 5788 KSecDD - ok
    16:29:24.0625 5788 Lbd - ok
    16:29:24.0640 5788 lbrtfdc - ok
    16:29:24.0687 5788 MBAMSwissArmy - ok
    16:29:24.0750 5788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    16:29:24.0765 5788 mnmdd - ok
    16:29:24.0828 5788 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    16:29:24.0828 5788 Modem - ok
    16:29:24.0890 5788 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    16:29:24.0890 5788 MODEMCSA - ok
    16:29:24.0937 5788 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    16:29:24.0937 5788 Mouclass - ok
    16:29:24.0984 5788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    16:29:25.0000 5788 mouhid - ok
    16:29:25.0031 5788 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    16:29:25.0046 5788 MountMgr - ok
    16:29:25.0062 5788 mraid35x - ok
    16:29:25.0078 5788 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    16:29:25.0093 5788 MRxDAV - ok
    16:29:25.0171 5788 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    16:29:25.0187 5788 MRxSmb - ok
    16:29:25.0234 5788 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    16:29:25.0250 5788 Msfs - ok
    16:29:25.0265 5788 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    16:29:25.0281 5788 MSKSSRV - ok
    16:29:25.0312 5788 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    16:29:25.0312 5788 MSPCLOCK - ok
    16:29:25.0343 5788 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    16:29:25.0343 5788 MSPQM - ok
    16:29:25.0375 5788 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    16:29:25.0375 5788 mssmbios - ok
    16:29:25.0453 5788 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    16:29:25.0468 5788 Mup - ok
    16:29:25.0546 5788 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    16:29:25.0562 5788 NDIS - ok
    16:29:25.0656 5788 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    16:29:25.0671 5788 NdisTapi - ok
    16:29:25.0765 5788 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    16:29:25.0796 5788 Ndisuio - ok
    16:29:25.0875 5788 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    16:29:25.0890 5788 NdisWan - ok
    16:29:25.0968 5788 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    16:29:25.0984 5788 NDProxy - ok
    16:29:26.0046 5788 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    16:29:26.0078 5788 NetBIOS - ok
    16:29:26.0187 5788 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    16:29:26.0218 5788 NetBT - ok
    16:29:26.0281 5788 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    16:29:26.0281 5788 Npfs - ok
    16:29:26.0328 5788 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    16:29:26.0359 5788 Ntfs - ok
    16:29:26.0390 5788 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    16:29:26.0390 5788 NuidFltr - ok
    16:29:26.0453 5788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    16:29:26.0468 5788 Null - ok
    16:29:26.0703 5788 nv (f7ee020dc255b40a83899c53d4147746) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    16:29:26.0781 5788 nv - ok
    16:29:27.0000 5788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    16:29:27.0000 5788 NwlnkFlt - ok
    16:29:27.0046 5788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    16:29:27.0046 5788 NwlnkFwd - ok
    16:29:27.0203 5788 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
    16:29:27.0218 5788 NwlnkIpx - ok
    16:29:27.0281 5788 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
    16:29:27.0296 5788 NwlnkNb - ok
    16:29:27.0375 5788 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
    16:29:27.0390 5788 NwlnkSpx - ok
    16:29:27.0453 5788 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    16:29:27.0484 5788 Parport - ok
    16:29:27.0515 5788 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    16:29:27.0531 5788 PartMgr - ok
    16:29:27.0578 5788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    16:29:27.0593 5788 ParVdm - ok
    16:29:27.0625 5788 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    16:29:27.0625 5788 PCI - ok
    16:29:27.0656 5788 PCIDump - ok
    16:29:27.0671 5788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
    16:29:27.0671 5788 PCIIde - ok
    16:29:27.0734 5788 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    16:29:27.0734 5788 Pcmcia - ok
    16:29:27.0750 5788 PCTINDIS5 - ok
    16:29:27.0765 5788 PDCOMP - ok
    16:29:27.0781 5788 PDFRAME - ok
    16:29:27.0796 5788 PDRELI - ok
    16:29:27.0828 5788 PDRFRAME - ok
    16:29:27.0843 5788 perc2 - ok
    16:29:27.0859 5788 perc2hib - ok
    16:29:27.0953 5788 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    16:29:27.0953 5788 PptpMiniport - ok
    16:29:28.0031 5788 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    16:29:28.0031 5788 PSched - ok
    16:29:28.0078 5788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    16:29:28.0093 5788 Ptilink - ok
    16:29:28.0203 5788 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    16:29:28.0218 5788 PxHelp20 - ok
    16:29:28.0234 5788 ql1080 - ok
    16:29:28.0250 5788 Ql10wnt - ok
    16:29:28.0312 5788 ql12160 - ok
    16:29:28.0328 5788 ql1240 - ok
    16:29:28.0359 5788 ql1280 - ok
    16:29:28.0421 5788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    16:29:28.0437 5788 RasAcd - ok
    16:29:28.0515 5788 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    16:29:28.0531 5788 Rasl2tp - ok
    16:29:28.0578 5788 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    16:29:28.0593 5788 RasPppoe - ok
    16:29:28.0687 5788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    16:29:28.0718 5788 Raspti - ok
    16:29:28.0828 5788 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    16:29:28.0843 5788 Rdbss - ok
    16:29:28.0875 5788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    16:29:28.0890 5788 RDPCDD - ok
    16:29:28.0921 5788 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    16:29:28.0937 5788 rdpdr - ok
    16:29:29.0031 5788 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    16:29:29.0046 5788 RDPWD - ok
    16:29:29.0078 5788 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    16:29:29.0078 5788 redbook - ok
    16:29:29.0203 5788 RTL8187B (180a0296bf259c1aeeb8dc100cc87a31) C:\WINDOWS\system32\DRIVERS\RTL8187B.sys
    16:29:29.0218 5788 RTL8187B - ok
    16:29:29.0312 5788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    16:29:29.0312 5788 Secdrv - ok
    16:29:29.0546 5788 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
    16:29:29.0578 5788 senfilt - ok
    16:29:29.0593 5788 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    16:29:29.0593 5788 serenum - ok
    16:29:29.0609 5788 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    16:29:29.0625 5788 Serial - ok
    16:29:29.0656 5788 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
    16:29:29.0656 5788 Sfloppy - ok
    16:29:29.0687 5788 Simbad - ok
    16:29:29.0750 5788 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
    16:29:29.0781 5788 SjyPkt - ok
    16:29:29.0843 5788 smbusp (64dce11279fde28f0abf6f04aa6a073a) C:\WINDOWS\system32\DRIVERS\intelsmb.sys
    16:29:29.0859 5788 smbusp - ok
    16:29:30.0140 5788 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\WINDOWS\system32\DRIVERS\smserial.sys
    16:29:30.0187 5788 smserial - ok
    16:29:30.0359 5788 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
    16:29:30.0359 5788 smwdm - ok
    16:29:30.0375 5788 Sparrow - ok
    16:29:30.0437 5788 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    16:29:30.0453 5788 splitter - ok
    16:29:30.0468 5788 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    16:29:30.0484 5788 sr - ok
    16:29:30.0562 5788 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    16:29:30.0578 5788 Srv - ok
    16:29:30.0625 5788 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    16:29:30.0640 5788 swenum - ok
    16:29:30.0687 5788 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    16:29:30.0687 5788 swmidi - ok
    16:29:30.0718 5788 symc810 - ok
    16:29:30.0750 5788 symc8xx - ok
    16:29:30.0765 5788 sym_hi - ok
    16:29:30.0781 5788 sym_u3 - ok
    16:29:30.0812 5788 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    16:29:30.0812 5788 sysaudio - ok
    16:29:30.0906 5788 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    16:29:30.0921 5788 Tcpip - ok
    16:29:30.0968 5788 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    16:29:30.0968 5788 TDPIPE - ok
    16:29:31.0000 5788 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    16:29:31.0000 5788 TDTCP - ok
    16:29:31.0031 5788 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    16:29:31.0062 5788 TermDD - ok
    16:29:31.0156 5788 tmactmon (e8e528896ff2595cfada88749cd72ef8) C:\WINDOWS\system32\DRIVERS\tmactmon.sys
    16:29:31.0156 5788 tmactmon - ok
    16:29:31.0218 5788 tmcomm (1837512d4aab862bd297a2ef035fba14) C:\WINDOWS\system32\DRIVERS\tmcomm.sys
    16:29:31.0218 5788 tmcomm - ok
    16:29:31.0281 5788 tmevtmgr (dbac510d1c7cc66b7a78eb2264f3072e) C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys
    16:29:31.0281 5788 tmevtmgr - ok
    16:29:31.0359 5788 tmtdi (a6e20b094a8d3e3f46d10bbe7e1ebb82) C:\WINDOWS\system32\DRIVERS\tmtdi.sys
    16:29:31.0359 5788 tmtdi - ok
    16:29:31.0375 5788 TosIde - ok
    16:29:31.0453 5788 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    16:29:31.0453 5788 Udfs - ok
    16:29:31.0531 5788 ultra (3a807187a85919ae4210c969a78842e9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    16:29:31.0531 5788 ultra - ok
    16:29:31.0671 5788 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    16:29:31.0703 5788 Update - ok
    16:29:31.0765 5788 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    16:29:31.0765 5788 usbaudio - ok
    16:29:31.0796 5788 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    16:29:31.0796 5788 usbccgp - ok
    16:29:31.0875 5788 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    16:29:31.0890 5788 usbehci - ok
    16:29:31.0968 5788 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    16:29:31.0968 5788 usbhub - ok
    16:29:32.0031 5788 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    16:29:32.0046 5788 usbprint - ok
    16:29:32.0078 5788 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    16:29:32.0078 5788 usbscan - ok
    16:29:32.0140 5788 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    16:29:32.0140 5788 USBSTOR - ok
    16:29:32.0203 5788 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    16:29:32.0218 5788 usbuhci - ok
    16:29:32.0265 5788 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    16:29:32.0296 5788 usb_rndisx - ok
    16:29:32.0312 5788 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    16:29:32.0312 5788 VgaSave - ok
    16:29:32.0328 5788 ViaIde - ok
    16:29:32.0375 5788 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    16:29:32.0390 5788 VolSnap - ok
    16:29:32.0453 5788 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    16:29:32.0468 5788 Wanarp - ok
    16:29:32.0531 5788 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\WINDOWS\system32\DRIVERS\wanatw4.sys
    16:29:32.0531 5788 wanatw - ok
    16:29:32.0609 5788 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    16:29:32.0625 5788 Wdf01000 - ok
    16:29:32.0640 5788 WDICA - ok
    16:29:32.0671 5788 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    16:29:32.0703 5788 wdmaud - ok
    16:29:32.0828 5788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    16:29:32.0828 5788 WudfPf - ok
    16:29:32.0859 5788 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    16:29:32.0859 5788 WudfRd - ok
    16:29:32.0906 5788 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    16:29:33.0312 5788 \Device\Harddisk0\DR0 - ok
    16:29:33.0328 5788 Boot (0x1200) (e0ae75d726bd318e211e7e022c08edef) \Device\Harddisk0\DR0\Partition0
    16:29:33.0328 5788 \Device\Harddisk0\DR0\Partition0 - ok
    16:29:33.0328 5788 ============================================================
    16:29:33.0328 5788 Scan finished
    16:29:33.0328 5788 ============================================================
    16:29:33.0359 1908 Detected object count: 0
    16:29:33.0359 1908 Actual detected object count: 0
    16:29:49.0656 5736 Deinitialize success
     
  9. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    I changed my settings so that the monitor wouldn't shut off after 20 minutes of inactivity and tried to run ComboFix again. This time it completed 3 stages and then popped up 10 errors. Six of them said "The system cannot execute the specified program." Four of them said "Insufficient system resources exist to complete the requested service." Then after the 10 errors, it said "10 was unexpected at this time." I had to manually turn the computer off and back on.
     
  10. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi TattooedMamaMeg,

    TDSSKiller looks good which is a plus. :) Please go ahead and delete your copy of ComboFix using right-click >> Delete.

    You will need a USB drive for this next step.

    Please download a fresh copy of ComboFix and save it to your USB drive but before saving it please rename it to svchost.exe. Once it is renamed I want you to save it directly to your USB drive and then transfer it to your C:\ folder. When it is saved there please run ComboFix again and if a log is produced please post the into your next reply. :)
     
  11. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    I followed your directions exactly. This time, ComboFix ran to Stage 48 then I got a similar pop up that said, "The procedure * could not be located in the DLL sfc.dll." I clicked okay and it popped up more messages about insufficient system resources, then got another pop up that said, "C:\ComboFix\pev.3xE" in the bar at the top, the actual error was, "The file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel." When I clicked okay the message kept popping up a few more times then nothing happened and I had to manually turn my computer off and on again.
     
  12. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi TattooedMamaMeg,

    Ok...let's try this another way. :) Please attempt to run your newly created ComboFix that was renamed to svchost.exe in your C:\ folder while in Safe Mode.

    Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode
    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode with Networking menu item
    • Press Enter.
    ---------

    Once in Safe Mode please attempt to run ComboFix again. If that works please post the log that is created...if not please let me know and we can attempt another route.
     
  13. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    How do I disable my anti virus in safe mode? I can't find it anywhere... Lol.
     
  14. jeffce

    jeffce Malware Specialist

    Joined:
    May 10, 2011
    Messages:
    1,727
    Hi Meg (I hope it's ok to call you that?),

    Don't worry about that. You should be alright if it is still running. Just go ahead and run ComboFix. If it asks you if you want to proceed please do so. :) If you have problems just let me know.
     
  15. TattooedMamaMeg

    TattooedMamaMeg Thread Starter

    Joined:
    Dec 10, 2011
    Messages:
    67
    Okay thanks! It's scanning now. And yes, you can call me Meg. :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Numerous issues Dell
  1. FusionTecg
    Replies:
    27
    Views:
    2,892
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030641

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice