Jump to content

a50a50

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thank you again for all of your help. I was a little worried when ComboFix wasn't working for awhile. Hope you had a nice Easter!
  2. I think I have completed all of your final requests. I still wish we could have figured out what the virus was exactly and where it came from. I left both CCleaner and MalwareBytes Antimalware installed. How often would you recommend running these? Also, I installed WinPatrol. I'm curious to see how it works.
  3. I reset the DMA and deleted all the files you listed using delfile.bat. I have two questions at this point. 1. One of the files that I deleted per your request was FoxitReader545.0124_enu_Setup.exe. I had downloaded this per your suggestion in an earlier post (to replace Adobe Reader). I guess it's good I never installed it. Is there a safe substitute for Adobe Reader that I can use? 2. I do not understand this paragraph from your last post. We didn't use Qoobox and the last sentence seems incomplete: I will continue with the rest of your directions now.
  4. Gringo, I removed ALL of those optional start-up entries. If you see any others, let me know because my computer has gotten to be very slow. I wonder if there is a problem with the RAM. I used to be able to have several windows and tabs open at a time. I believe I once had 32 windows open in IE! However, now if I have two or three open, sometimes there is crashes or actual memory errors pop up. Here is the ESET report: C:\TDSSKiller_Quarantine\19.03.2013_19.01.17\mbr0000\tdlfs0000\tsk0001.dta a variant of Win32/Olmarik.AYI trojan C:\TDSSKiller_Quarantine\19.03.2013_19.01.17\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AM trojan C:\TDSSKiller_Quarantine\19.03.2013_19.01.17\mbr0000\tdlfs0000\tsk0003.dta a variant of Win32/Rootkit.Kryptik.PR trojan C:\TDSSKiller_Quarantine\19.03.2013_19.01.17\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AN trojan C:\TDSSKiller_Quarantine\19.03.2013_19.01.17\mbr0000\tdlfs0000\tsk0008.dta Win32/Olmarik.AFK trojan C:\TDSSKiller_Quarantine\19.03.2013_19.01.17\mbr0000\tdlfs0000\tsk0009.dta Win64/Olmarik.AK trojan K:\Exe files\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application K:\Exe files\GOMPLAYERENSETUP.EXE a variant of Win32/Bundled.Toolbar.Ask application K:\Exe files\LimeWireWin.exe multiple threats K:\Program Files\ImgBurn\SetupImgBurn_2.5.5.0.exe a variant of Win32/Bundled.Toolbar.Ask application L:\Exe Files\FoxitReader545.0124_enu_Setup (To Use In Place Of Adobe Reader).exe a variant of Win32/Bundled.Toolbar.Ask application
  5. Here are the next two reports you requested. I didn't have trouble running either of them. Note that I did install Java and Adobe Reader because certain applications weren't working without them. Do you think those two programs will cause trouble in the future? Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.27.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Steve :: MONARCHCOMPUTER [administrator] 3/27/2013 6:31:52 AM mbam-log-2013-03-27 (06-31-52).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 291028 Time elapsed: 15 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:05:47 PM, on 3/27/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG9\avgchsvx.exe C:\Program Files\AVG9\avgrsx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\AVG9\avgcsrvx.exe C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe C:\Program Files\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE C:\Program Files\Java\jre7\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG9\avgam.exe C:\Program Files\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\RUNDLL32.EXE K:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe C:\PROGRA~1\AVG9\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\VxBlockServer.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG9\avgemc.exe C:\Program Files\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AVG9\avgcsrvx.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\notepad.exe C:\Program Files\Utilities\Revo Uninstaller\Revouninstaller.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Steve\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Desktop Disc Tool] "K:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG9\avgtray.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: http://*.roxio.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG9\avgemc.exe O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG9\avgwdsvc.exe O23 - Service: BitRaider Mini-Support Service (BRSptSvc) - BitRaider, LLC - c:\documents and settings\all users\application data\bitraider\BRSptSvc.exe O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing) O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) -- End of file - 7838 bytes
  6. Gringo, I have removed all of the files you listed (below) with Revo Uninstaller except Vuze. It wasn't listed as an option in Revo Uninstaller. Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 7.0 Coupon Printer for Windows Java 7 Update 9 Java™ 6 Update 17 JavaFX 2.1.1 Vuze I have also run ccleaner. However, I have not installed Adobe Reader yet. Also, I have a concern. I was trying to watch a video on Youtube and it said, "The Adobe Flash Player or an HTML5 supported browser is required for video playback." I read some different things about HTML5, but it doesn't seem like any browser is truly where it needs to be regarding HTML5. Is it safe to download the Adobe Flash Player? If so, where is a reliable place to download it? Or, if not, what should I do to watch Youtube?
  7. Another question.... I was checking out Foxit, and the download I found is 15.6 mb. Is there a different file that I shouid be downloading that is only 7mb?
  8. I'm still working on your last requests. I wasn't home all weekend. I am deleting the Java and Adobe files you listed, but I have a question. Aren't Java and Adobe Reader programs required to view certain other files on the net or on a computer? If so, where is a safe place to download Java? When I have downloaded/updated both of these programs, I have felt they have negatively impacted my computer.
  9. Here is the new ComboFix report you wanted: ComboFix 13-03-21.02 - Steve 03/22/2013 20:39:14.9.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1477 [GMT -4:00] Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Files Created from 2013-02-23 to 2013-03-23 ))))))))))))))))))))))))))))))) . . 2013-03-20 03:08 . 2013-03-20 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\GNU 2013-03-19 23:12 . 2013-03-19 23:12 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-18 22:59 . 2013-03-18 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2013-03-16 14:41 . 2013-03-16 14:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\GNU 2013-03-15 05:18 . 2013-03-21 11:11 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\GNU 2013-03-07 21:52 . 2013-03-22 00:24 -------- d-----w- c:\documents and settings\All Users\Application Data\bitraider . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-17 20:14 . 2013-01-16 23:01 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-17 20:14 . 2013-01-16 23:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 04:25 . 2013-02-08 04:25 1409 ----a-w- c:\windows\QTFont.for 2013-01-16 01:35 . 2009-01-05 00:37 226016 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 14477312] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-24 282624] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Desktop Disc Tool"="k:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712] "AVG9_TRAY"="c:\progra~1\AVG9\avgtray.exe" [2012-01-26 2077536] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-21 16:58 12536 ------w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\12116232.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\36686608.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winda43.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk backup=c:\windows\pss\Event Planner Reminder 2009.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk backup=c:\windows\pss\Event Planner Reminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RoxWatch10"=2 (0x2) "RoxMediaDB10"=3 (0x3) "Roxio Upnp Server 10"=2 (0x2) "Roxio UPnP Renderer 10"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "o:\\Program Files\\Secret Identity Studios\\Marvel Heroes Beta\\Marvel Heroes Beta\\UnrealEngine3\\Binaries\\Win32\\MarvelGame.exe"= . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/23/2009 11:09 PM 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/23/2010 10:58 AM 64288] R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/30/2010 8:16 AM 21488] R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/30/2010 8:16 AM 15856] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/4/2009 8:37 PM 226016] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/4/2009 8:37 PM 243152] R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [4/27/2008 3:21 PM 244736] R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/30/2010 8:16 AM 25584] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [1/23/2008 4:19 AM 501560] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG9\avgemc.exe [6/21/2010 12:57 PM 921952] R2 avg9wd;AVG WatchDog;c:\program files\AVG9\avgwdsvc.exe [6/21/2010 12:58 PM 308136] S0 oqovp;oqovp; [x] S0 Winda43;Winda43;c:\windows\system32\Drivers\Winda43.sys --> c:\windows\system32\Drivers\Winda43.sys [?] S1 MpKsla8ba781a;MpKsla8ba781a;\??\c:\program files\Windows Live Safety Center\MpKsla8ba781a.sys --> c:\program files\Windows Live Safety Center\MpKsla8ba781a.sys [?] S1 MpKslbe4c5fe5;MpKslbe4c5fe5;\??\c:\program files\Windows Live Safety Center\MpKslbe4c5fe5.sys --> c:\program files\Windows Live Safety Center\MpKslbe4c5fe5.sys [?] S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?] S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632] S2 SessionLauncher;SessionLauncher;c:\docume~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 BRDriver;BRDriver;c:\documents and settings\All Users\Application Data\bitraider\BRDriver.sys [3/14/2013 10:46 PM 63784] S3 BRSptSvc;BitRaider Mini-Support Service;c:\documents and settings\All Users\Application Data\bitraider\BRSptSvc.exe [3/7/2013 5:52 PM 949528] S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656] S4 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352] . Contents of the 'Scheduled Tasks' folder . 2013-03-23 c:\windows\Tasks\Clean System Memory.job - c:\windows\system32\CleanMem.exe [2011-07-12 19:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ Trusted Zone: roxio.com TCP: DhcpNameServer = 192.168.200.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\q7of971q.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-22 20:56 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-796845957-839522115-496803368-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2f,2d,0b,c9,8e,be,27,ab,fd,97,ac,a7,78,a4,52,f6,fe,02,40,ee,f1,5a,1c, dc,af,07,b5,0a,b4,18,12,70,92,f6,95,bc,9e,fa,cd,c9,70,d5,81,ec,21,27,3e,a2,\ "??"=hex:ec,38,17,a4,31,e0,fd,97,ab,ba,dc,f7,d2,ac,0d,8b . [HKEY_USERS\S-1-5-21-796845957-839522115-496803368-1004\Software\SecuROM\License information*] "datasecu"=hex:cd,e7,d7,0f,56,07,9b,18,21,0b,5f,df,72,0c,e0,0a,87,19,07,ce,48, 0c,7d,eb,17,3a,7a,fe,a2,e5,41,e9,02,6e,3e,d1,6a,db,fb,61,75,95,27,6e,cc,93,\ "rkeysecu"=hex:ff,98,45,06,db,c1,cb,aa,86,34,57,9a,39,d5,89,05 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f3,a8,ce,09,05,0e,96,73,f4,ed,7f,4b,51,12,39,14,ca,43,6e,85,9b, c7,a4,c9,dd,cc,ca,49,7e,95,0a,0a,bb,50,83,eb,e1,36,dc,7a,7c,66,7b,d1,79,c7,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0a\01\03\015\1e?" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f3,a8,ce,09,05,0e,96,73,f4,ed,7f,4b,51,12,39,14,ca,43,6e,85,9b, c7,a4,c9,dd,cc,ca,49,7e,95,0a,0a,bb,50,83,eb,e1,36,dc,7a,7c,66,7b,d1,79,c7,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(972) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(5144) c:\windows\system32\WININET.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2013-03-22 21:00:17 ComboFix-quarantined-files.txt 2013-03-23 01:00 ComboFix2.txt 2013-03-21 11:26 . Pre-Run: 8,733,511,680 bytes free Post-Run: 9,451,618,304 bytes free . - - End Of File - - D6EBBF3255FA64F5217586FE35289289
  10. Here is the ComboFix report. I have briefly tried out the Google Search and don't seem to be getting redirected. Also, it's been a short while, but I haven't had the "This tab has been recovered yet." I don't want to jinx anything, but it's looking good at the present time. Can you tell from looking at ComboFix (or any of the other reports) what the problem was? ComboFix 13-03-20.02 - Steve 03/21/2013 6:52.8.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1480 [GMT -4:00] Running from: c:\documents and settings\Steve\Desktop\ComboFix.exe AV: AVG Internet Security *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Steve\Local Settings\Application Data\CAPCOM\Nova Development\oknomw.dll c:\documents and settings\Steve\Local Settings\Application Data\GNU\nupvakpm.dll c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2013-02-21 to 2013-03-21 ))))))))))))))))))))))))))))))) . . 2013-03-20 03:08 . 2013-03-20 03:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\GNU 2013-03-19 23:12 . 2013-03-19 23:12 -------- d-----w- C:\TDSSKiller_Quarantine 2013-03-18 22:59 . 2013-03-18 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia 2013-03-16 14:41 . 2013-03-16 14:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\GNU 2013-03-15 05:18 . 2013-03-21 11:11 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\GNU 2013-03-07 21:52 . 2013-03-20 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\bitraider . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-17 20:14 . 2013-01-16 23:01 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-17 20:14 . 2013-01-16 23:01 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-08 04:25 . 2013-02-08 04:25 1409 ----a-w- c:\windows\QTFont.for 2013-01-16 01:35 . 2009-01-05 00:37 226016 ----a-w- c:\windows\system32\drivers\avgldx86.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "RTHDCPL"="RTHDCPL.EXE" [2005-05-25 14477312] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-05-24 282624] "nwiz"="nwiz.exe" [2008-10-07 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "Desktop Disc Tool"="k:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-06-08 611712] "AVG9_TRAY"="c:\progra~1\AVG9\avgtray.exe" [2012-01-26 2077536] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-21 16:58 12536 ------w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winda43.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder 2009.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2009.lnk backup=c:\windows\pss\Event Planner Reminder 2009.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk backup=c:\windows\pss\Event Planner Reminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "RoxWatch10"=2 (0x2) "RoxMediaDB10"=3 (0x3) "Roxio Upnp Server 10"=2 (0x2) "Roxio UPnP Renderer 10"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "o:\\Program Files\\Secret Identity Studios\\Marvel Heroes Beta\\Marvel Heroes Beta\\UnrealEngine3\\Binaries\\Win32\\MarvelGame.exe"= . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [10/23/2009 11:09 PM 52872] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [7/23/2010 10:58 AM 64288] R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/30/2010 8:16 AM 21488] R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/30/2010 8:16 AM 15856] R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/4/2009 8:37 PM 226016] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/4/2009 8:37 PM 243152] R1 c2scsi;c2scsi;c:\windows\system32\drivers\c2scsi.sys [4/27/2008 3:21 PM 244736] R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/30/2010 8:16 AM 25584] R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 7:05 PM 457200] R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [1/23/2008 4:19 AM 501560] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG9\avgemc.exe [6/21/2010 12:57 PM 921952] R2 avg9wd;AVG WatchDog;c:\program files\AVG9\avgwdsvc.exe [6/21/2010 12:58 PM 308136] S0 oqovp;oqovp; [x] S0 Winda43;Winda43;c:\windows\system32\Drivers\Winda43.sys --> c:\windows\system32\Drivers\Winda43.sys [?] S1 MpKsla8ba781a;MpKsla8ba781a;\??\c:\program files\Windows Live Safety Center\MpKsla8ba781a.sys --> c:\program files\Windows Live Safety Center\MpKsla8ba781a.sys [?] S1 MpKslbe4c5fe5;MpKslbe4c5fe5;\??\c:\program files\Windows Live Safety Center\MpKslbe4c5fe5.sys --> c:\program files\Windows Live Safety Center\MpKslbe4c5fe5.sys [?] S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" --> c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [?] S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 8:33 AM 219632] S2 SessionLauncher;SessionLauncher;c:\docume~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe --> c:\docume~1\Steve\LOCALS~1\Temp\DX9\SessionLauncher.exe [?] S3 BRDriver;BRDriver;c:\documents and settings\All Users\Application Data\bitraider\BRDriver.sys [3/14/2013 10:46 PM 63784] S3 BRSptSvc;BitRaider Mini-Support Service;c:\documents and settings\All Users\Application Data\bitraider\BRSptSvc.exe [3/7/2013 5:52 PM 952600] S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 8:33 AM 1116656] S4 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [6/23/2009 5:40 PM 127352] . Contents of the 'Scheduled Tasks' folder . 2013-03-21 c:\windows\Tasks\Clean System Memory.job - c:\windows\system32\CleanMem.exe [2011-07-12 19:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ Trusted Zone: roxio.com TCP: DhcpNameServer = 192.168.200.1 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\q7of971q.default\ FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Nova Development - c:\documents and settings\Steve\Local Settings\Application Data\CAPCOM\Nova Development\oknomw.dll HKCU-Run-GNU - c:\documents and settings\Steve\Local Settings\Application Data\GNU\nupvakpm.dll HKU-Default-Run-Adobe - c:\documents and settings\Steve\Local Settings\Application Data\Apple Computer\Adobe\kmxhaf.dll HKU-Default-Run-Nova Development - c:\documents and settings\Steve\Local Settings\Application Data\CAPCOM\Nova Development\oknomw.dll SafeBoot-12116232.sys SafeBoot-36686608.sys AddRemove-8461-7759-5462-8226 - c:\program files\Azureus\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-03-21 07:18 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKCU\Software\Microsoft\Windows\CurrentVersion\Run GNU = RUNDLL32.EXE "c:\documents and settings\Steve\Local Settings\Application Data\GNU\nupvakpm.dll",DllGetClassObject?????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-796845957-839522115-496803368-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:2f,2d,0b,c9,8e,be,27,ab,fd,97,ac,a7,78,a4,52,f6,fe,02,40,ee,f1,5a,1c, dc,af,07,b5,0a,b4,18,12,70,92,f6,95,bc,9e,fa,cd,c9,70,d5,81,ec,21,27,3e,a2,\ "??"=hex:ec,38,17,a4,31,e0,fd,97,ab,ba,dc,f7,d2,ac,0d,8b . [HKEY_USERS\S-1-5-21-796845957-839522115-496803368-1004\Software\SecuROM\License information*] "datasecu"=hex:cd,e7,d7,0f,56,07,9b,18,21,0b,5f,df,72,0c,e0,0a,87,19,07,ce,48, 0c,7d,eb,17,3a,7a,fe,a2,e5,41,e9,02,6e,3e,d1,6a,db,fb,61,75,95,27,6e,cc,93,\ "rkeysecu"=hex:ff,98,45,06,db,c1,cb,aa,86,34,57,9a,39,d5,89,05 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:f3,a8,ce,09,05,0e,96,73,f4,ed,7f,4b,51,12,39,14,ca,43,6e,85,9b, c7,a4,c9,dd,cc,ca,49,7e,95,0a,0a,bb,50,83,eb,e1,36,dc,7a,7c,66,7b,d1,79,c7,\ . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0a\01\03\015\1e?" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•A~*] "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered" . [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:f3,a8,ce,09,05,0e,96,73,f4,ed,7f,4b,51,12,39,14,ca,43,6e,85,9b, c7,a4,c9,dd,cc,ca,49,7e,95,0a,0a,bb,50,83,eb,e1,36,dc,7a,7c,66,7b,d1,79,c7,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(972) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(1220) c:\windows\system32\WININET.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG9\avgchsvx.exe c:\program files\AVG9\avgrsx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\AVG9\avgcsrvx.exe c:\windows\system32\DRIVERS\CDANTSRV.EXE c:\program files\Java\jre7\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG9\avgam.exe c:\program files\AVG9\avgnsx.exe c:\program files\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2013-03-21 07:26:22 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-21 11:26 . Pre-Run: 7,965,437,952 bytes free Post-Run: 9,404,588,032 bytes free . - - End Of File - - E80D7173ADED9C5B7C1185634C53D2D6
  11. Thanks for sticking with me on this problem, Gringo. I ran ComboFix this morning and it worked! I had to leave home before I could copy and paste the report here, but I thought this was a little encouraging. I'll post the report later today.
  12. Hey Gringo, Here is the FSS report: Farbar Service Scanner Version: 03-03-2013 Ran by Steve (administrator) on 19-03-2013 at 21:40:30 Running from "C:\Documents and Settings\Steve\Desktop" Microsoft Windows XP Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll [2007-04-15 13:14] - [2008-04-13 20:12] - 0006656 ____N (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe [2004-08-04 08:00] - [2009-02-06 07:11] - 0110592 ____N (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315 Extra List: ======= AvgTdiX(86) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 0x080000000500000001000000020000000300000004000000560000000600000007000000 IpSec Tag value is correct. **** End of log ****
  13. One more thing I forgot to mention: I did run fixdamage but it did not correct any of the issues.
  14. I just checked the status of the problems I was having. I cannot activate the Windows Firewall. I am still getting the "This tab has been recovered" crashes/viruses. I am still getting redirected for any Google Search I perform.
  15. There are three reports for TDSSKiller. The first time, I started running the report after clicking all 6 boxes since your instructions said to check all boxes. However, it was taking longer than two minutes, so I stopped that scan, unchecked the bottom two boxes, and reran the program. The second report is probably the one you want. (Note: I am only including a portion of the second report since the post would be too long otherwise, and I couldn't find any way to attach it). I'm not sure what the third report pertains to. The report for Malwarebytes Anti-Rootkit follows at the bottom. 19:11:08.0375 3436 ============================================================ 19:11:08.0375 3436 Scan finished 19:11:08.0375 3436 ============================================================ 19:11:08.0390 1884 Detected object count: 2 19:11:08.0390 1884 Actual detected object count: 2 19:12:33.0281 1884 sptd ( LockedFile.Multi.Generic ) - skipped by user 19:12:33.0281 1884 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 19:12:33.0968 1884 \Device\Harddisk0\DR0\# - copied to quarantine 19:12:33.0968 1884 \Device\Harddisk0\DR0 - copied to quarantine 19:12:33.0984 1884 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 19:12:34.0000 1884 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 19:12:34.0000 1884 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 19:12:34.0015 1884 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 19:12:34.0015 1884 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 19:12:34.0046 1884 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 19:12:34.0046 1884 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 19:12:34.0046 1884 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 19:12:34.0062 1884 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 19:12:34.0078 1884 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 19:12:34.0093 1884 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 19:12:34.0093 1884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 19:12:34.0093 1884 \Device\Harddisk0\DR0 - ok 19:12:39.0656 1884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 19:12:48.0468 2556 Deinitialize success The Malwarebytes program yielded this message: Congratulations, no cleanup is required! Scan Finished: No malware found!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.