Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

browser hijack, windows update fails, firewall fails...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

browser hijack, windows update fails, firewall fails...

Unread postby mapatasi » April 3rd, 2011, 9:48 am

Please could you help me to remove this malware:
browser hijack, windows update fails, firewall fails, system restore fails.

DDS:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Owner at 14:32:58.09 on 03/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.63 [GMT 1:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Media Player\setup_wm.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\Owner\My Documents\Downloads\WindowsXP-KB936929-SP3-x86-ENU.exe
c:\02d76215a39966d75c51f3\i386\update\update.exe
C:\WINDOWS\system32\shmgrate.exe
C:\Documents and Settings\Owner\My Documents\Downloads\hijackthis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
uRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lq6sxfeq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17241
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-21 11608]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl353a7409;MpKsl353a7409;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bb254c31-f92c-4865-a8d3-175070be4568}\MpKsl353a7409.sys [2011-4-3 28752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-21 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-21 61960]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2010-10-2 1373480]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-10-26 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2005-6-8 20608]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2005-10-4 280064]
S3 X-Micro WLAN 11g USB Adapter(X-Micro);X-Micro WLAN 11g USB Adapter Driver(X-Micro);c:\windows\system32\drivers\ZD1211U.sys [2005-10-4 280064]
.
=============== Created Last 30 ================
.
2011-04-03 13:04:57 19569 ----a-w- c:\windows\000001_.tmp
2011-04-03 12:55:22 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-04-03 12:49:43 -------- d-----w- C:\02d76215a39966d75c51f3
2011-04-02 23:06:45 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bb254c31-f92c-4865-a8d3-175070be4568}\MpKsl353a7409.sys
2011-04-02 17:12:54 -------- d-----w- c:\program files\Analog Devices
2011-04-02 17:06:09 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bb254c31-f92c-4865-a8d3-175070be4568}\MpKsl7d093b95.sys
2011-04-02 16:44:25 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2011-04-02 16:44:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-02 16:44:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-04-02 16:44:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-02 16:44:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-02 15:49:02 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bb254c31-f92c-4865-a8d3-175070be4568}\MpKsl342d2d0d.sys
2011-04-02 15:48:50 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{bb254c31-f92c-4865-a8d3-175070be4568}\mpengine.dll
2011-04-02 15:48:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-02 15:44:04 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-24 18:42:39 580992 ----a-w- c:\windows\system32\drivers\smwdm.sys
2011-03-24 18:42:39 49152 ----a-w- c:\windows\system32\DSndUp.exe
2011-03-24 18:42:39 4816 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2011-03-24 18:42:39 45056 ----a-w- c:\windows\system32\CleanUp.exe
2011-03-24 18:42:39 3744 ----a-w- c:\windows\system32\drivers\smsens.sys
2011-03-24 18:22:35 -------- d-----w- c:\program files\Lavalys
2011-03-23 10:23:16 -------- d-----w- C:\WTablet
2011-03-14 17:54:46 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\BitTorrentBar
.
==================== Find3M ====================
.
2011-02-12 22:01:42 32768 ------w- c:\windows\system32\MWLPS.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST3160023AS rev.8.12 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86370439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x863767b8]; MOV EAX, [0x86376834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x86348AB8]
3 CLASSPNP[0xF74E7FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x863CFE90]
\Driver\atapi[0x86351988] -> IRP_MJ_CREATE -> 0x86370439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskST3160023AS_____________________________8.12____#5&2b236d9a&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8637027F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 14:34:34.19 ===============


Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 26/07/2010 17:09:23
System Uptime: 03/04/2011 00:05:46 (14 hours ago)
.
Motherboard: Dell Computer Corp. | | 0U2575
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 118.718 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: IDE\CDROM_NEC_DVD+-RW_ND-3530A___________________102B____\5&70107E7&0&0.0.0
Manufacturer: (Standard CD-ROM drives)
Name: _NEC DVD+-RW ND-3530A
PNP Device ID: IDE\CDROM_NEC_DVD+-RW_ND-3530A___________________102B____\5&70107E7&0&0.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP113: 03/01/2011 19:30:26 - System Checkpoint
RP114: 04/01/2011 20:11:08 - System Checkpoint
RP115: 05/01/2011 21:02:35 - System Checkpoint
RP116: 08/01/2011 17:01:11 - System Checkpoint
RP117: 09/01/2011 17:06:02 - System Checkpoint
RP118: 10/01/2011 19:07:24 - System Checkpoint
RP119: 11/01/2011 19:18:06 - System Checkpoint
RP120: 12/01/2011 20:08:04 - System Checkpoint
RP121: 13/01/2011 21:09:09 - System Checkpoint
RP122: 14/01/2011 11:19:11 - Software Distribution Service 3.0
RP123: 15/01/2011 15:46:56 - System Checkpoint
RP124: 16/01/2011 16:37:31 - System Checkpoint
RP125: 17/01/2011 18:07:31 - System Checkpoint
RP126: 18/01/2011 18:17:17 - System Checkpoint
RP127: 19/01/2011 18:54:45 - System Checkpoint
RP128: 23/01/2011 11:33:27 - System Checkpoint
RP129: 24/01/2011 11:42:46 - System Checkpoint
RP130: 25/01/2011 18:41:23 - System Checkpoint
RP131: 26/01/2011 19:26:35 - System Checkpoint
RP132: 27/01/2011 19:43:08 - System Checkpoint
RP133: 28/01/2011 20:11:35 - System Checkpoint
RP134: 29/01/2011 21:11:37 - System Checkpoint
RP135: 31/01/2011 09:13:07 - System Checkpoint
RP136: 01/02/2011 09:33:40 - System Checkpoint
RP137: 02/02/2011 09:33:46 - System Checkpoint
RP138: 03/02/2011 11:18:06 - System Checkpoint
RP139: 04/02/2011 11:32:18 - System Checkpoint
RP140: 05/02/2011 12:32:18 - System Checkpoint
RP141: 06/02/2011 12:47:30 - System Checkpoint
RP142: 07/02/2011 14:12:44 - System Checkpoint
RP143: 08/02/2011 14:46:09 - System Checkpoint
RP144: 09/02/2011 11:08:36 - Installed X-Micro WLAN 11g USB Adapter
RP145: 09/02/2011 14:58:41 - Configured X-Micro WLAN 11g USB Adapter
RP146: 09/02/2011 21:34:25 - Software Distribution Service 3.0
RP147: 10/02/2011 23:18:33 - System Checkpoint
RP148: 11/02/2011 23:39:05 - System Checkpoint
RP149: 12/02/2011 19:20:30 - Installed ZyDAS Wireless LAN - USB
RP150: 12/02/2011 19:25:26 - Installed X-Micro WLAN 11g USB Adapter
RP151: 13/02/2011 20:20:20 - System Checkpoint
RP152: 14/02/2011 21:57:59 - System Checkpoint
RP153: 15/02/2011 22:42:08 - System Checkpoint
RP154: 17/02/2011 19:20:31 - System Checkpoint
RP155: 18/02/2011 21:37:26 - System Checkpoint
RP156: 19/02/2011 22:36:18 - System Checkpoint
RP157: 20/02/2011 23:36:17 - System Checkpoint
RP158: 22/02/2011 18:26:29 - System Checkpoint
RP159: 23/02/2011 21:34:48 - System Checkpoint
RP160: 24/02/2011 22:31:13 - System Checkpoint
RP161: 26/02/2011 10:46:22 - System Checkpoint
RP162: 27/02/2011 11:14:30 - System Checkpoint
RP163: 28/02/2011 11:43:00 - System Checkpoint
RP164: 01/03/2011 12:08:04 - System Checkpoint
RP165: 02/03/2011 20:27:28 - System Checkpoint
RP166: 04/03/2011 20:11:26 - System Checkpoint
RP167: 09/03/2011 20:08:44 - System Checkpoint
RP168: 10/03/2011 21:06:45 - System Checkpoint
RP169: 11/03/2011 22:02:44 - System Checkpoint
RP170: 13/03/2011 17:20:42 - System Checkpoint
RP171: 14/03/2011 17:55:06 - Removed Bonjour
RP172: 14/03/2011 17:58:32 - Removed Sonic DLA
RP173: 14/03/2011 17:59:10 - Removed Sonic RecordNow! Plus
RP174: 14/03/2011 17:59:45 - Removed Sonic Update Manager
RP175: 16/03/2011 10:26:04 - System Checkpoint
RP176: 17/03/2011 18:25:40 - System Checkpoint
RP177: 18/03/2011 19:01:25 - System Checkpoint
RP178: 19/03/2011 20:06:34 - System Checkpoint
RP179: 20/03/2011 21:02:14 - System Checkpoint
RP180: 22/03/2011 21:26:04 - System Checkpoint
RP181: 24/03/2011 07:56:00 - System Checkpoint
RP182: 24/03/2011 18:31:11 - Installed Windows Defender
RP183: 25/03/2011 20:26:54 - System Checkpoint
RP184: 27/03/2011 11:55:08 - System Checkpoint
RP185: 28/03/2011 17:48:34 - System Checkpoint
RP186: 29/03/2011 18:42:12 - System Checkpoint
RP187: 30/03/2011 19:07:07 - System Checkpoint
RP188: 31/03/2011 19:42:40 - System Checkpoint
RP189: 02/04/2011 11:12:57 - System Checkpoint
RP190: 02/04/2011 18:06:46 - Restore Operation
RP191: 02/04/2011 18:14:29 - Restore Operation
RP192: 03/04/2011 14:05:03 - Installed Windows XP Service Pack 3.
.
==== Installed Programs ======================
.
Ableton Live v7.0.2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.4.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Conexant D850 56K V.9x DFVc Modem
Counter-Strike: Source
Dell ResourceCD
EPSON TWAIN 5
EVEREST Home Edition v2.20
Free FTP
Google Chrome
Google Update Helper
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
iTunes
Macromedia Dreamweaver 8
Macromedia Extension Manager
Malwarebytes' Anti-Malware
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Security Client
Microsoft Security Essentials
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 4.0 (x86 en-US)
NVIDIA Drivers
PowerDVD 5.1
QuickTime
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 5.0
SoundMAX
Steam
System Requirements Lab for Intel
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Wacom Tablet
WebFldrs XP
Windows Defender
Windows Internet Explorer 8
Windows XP Service Pack 3
WinRAR archiver
X-Micro WLAN 11g USB Adapter
.
==== Event Viewer Messages From Past Week ========
.
31/03/2011 18:05:22, error: Service Control Manager [7022] - The WebClient service hung on starting.
03/04/2011 01:53:46, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.702.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
03/04/2011 00:06:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
02/04/2011 16:50:03, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.702.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
02/04/2011 16:50:03, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.702.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
02/04/2011 16:50:03, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.702.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
02/04/2011 16:50:03, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.702.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
02/04/2011 16:50:03, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.101.702.0 Update Source: Microsoft Malware Protection Center Update Stage: Install Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.6702.0 Error code: 0x80070008 Error description: Not enough storage is available to process this command.
02/04/2011 16:47:27, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
02/04/2011 16:46:36, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
02/04/2011 16:45:37, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
02/04/2011 16:44:48, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
.
==== End Of File ===========================

Thanking you in advance,
Tom
mapatasi
Active Member
 
Posts: 3
Joined: April 3rd, 2011, 9:43 am
Advertisement
Register to Remove

Re: browser hijack, windows update fails, firewall fails...

Unread postby deltalima » April 5th, 2011, 4:15 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: browser hijack, windows update fails, firewall fails...

Unread postby deltalima » April 5th, 2011, 4:29 pm

Hi mapatasi,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    AntiVir Desktop
    Microsoft Security Essentials

  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

  • Please remove one of them.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Important!: Run this fix once and once only.
  • Double click the TDSSKiller icon on you're desktop then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found click Cure > Continue > Reboot now.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: browser hijack, windows update fails, firewall fails...

Unread postby mapatasi » April 6th, 2011, 2:31 pm

Thank you for helping me. TDSS report:

2011/04/06 19:24:16.0843 1136 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 19:24:17.0296 1136 ================================================================================
2011/04/06 19:24:17.0296 1136 SystemInfo:
2011/04/06 19:24:17.0296 1136
2011/04/06 19:24:17.0296 1136 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/06 19:24:17.0296 1136 Product type: Workstation
2011/04/06 19:24:17.0296 1136 ComputerName: USER-04E18C5326
2011/04/06 19:24:17.0296 1136 UserName: Owner
2011/04/06 19:24:17.0296 1136 Windows directory: C:\WINDOWS
2011/04/06 19:24:17.0296 1136 System windows directory: C:\WINDOWS
2011/04/06 19:24:17.0296 1136 Processor architecture: Intel x86
2011/04/06 19:24:17.0296 1136 Number of processors: 1
2011/04/06 19:24:17.0296 1136 Page size: 0x1000
2011/04/06 19:24:17.0296 1136 Boot type: Normal boot
2011/04/06 19:24:17.0296 1136 ================================================================================
2011/04/06 19:24:18.0625 1136 Initialize success
2011/04/06 19:24:22.0328 3212 ================================================================================
2011/04/06 19:24:22.0328 3212 Scan started
2011/04/06 19:24:22.0328 3212 Mode: Manual;
2011/04/06 19:24:22.0328 3212 ================================================================================
2011/04/06 19:24:25.0734 3212 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/06 19:24:26.0093 3212 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/06 19:24:26.0500 3212 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/04/06 19:24:26.0765 3212 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/06 19:24:27.0093 3212 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/06 19:24:29.0062 3212 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/06 19:24:29.0343 3212 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/06 19:24:29.0687 3212 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/06 19:24:30.0031 3212 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/06 19:24:30.0234 3212 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/06 19:24:30.0531 3212 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/06 19:24:30.0750 3212 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/06 19:24:31.0046 3212 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/06 19:24:31.0265 3212 BRGSp50 (ee0f41fa0466189a2c8b9caf7d1cddd5) C:\WINDOWS\system32\Drivers\BRGSp50.sys
2011/04/06 19:24:31.0562 3212 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2011/04/06 19:24:31.0843 3212 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2011/04/06 19:24:32.0171 3212 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2011/04/06 19:24:33.0187 3212 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2011/04/06 19:24:33.0500 3212 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/06 19:24:33.0843 3212 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/06 19:24:34.0062 3212 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/06 19:24:34.0437 3212 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/06 19:24:35.0953 3212 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/06 19:24:36.0406 3212 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/06 19:24:37.0109 3212 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/06 19:24:37.0484 3212 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/06 19:24:37.0734 3212 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/06 19:24:38.0406 3212 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/06 19:24:38.0750 3212 E100B (98b46b331404a951cabad8b4877e1276) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/06 19:24:38.0921 3212 EverestDriver (76984d46b2abaa46f8b3fcef82c9217d) C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt
2011/04/06 19:24:39.0265 3212 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/06 19:24:39.0593 3212 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/06 19:24:39.0812 3212 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/06 19:24:40.0046 3212 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/06 19:24:40.0265 3212 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/06 19:24:40.0578 3212 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/06 19:24:41.0000 3212 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/06 19:24:41.0281 3212 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 19:24:41.0593 3212 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/06 19:24:41.0828 3212 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/06 19:24:42.0265 3212 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/04/06 19:24:42.0750 3212 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/04/06 19:24:43.0656 3212 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/06 19:24:44.0171 3212 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/06 19:24:44.0578 3212 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/06 19:24:45.0562 3212 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/06 19:24:46.0046 3212 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/06 19:24:46.0250 3212 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/06 19:24:46.0437 3212 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/06 19:24:46.0687 3212 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/06 19:24:47.0125 3212 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/06 19:24:47.0750 3212 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/06 19:24:48.0015 3212 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/06 19:24:48.0468 3212 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/06 19:24:48.0671 3212 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/06 19:24:49.0453 3212 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/06 19:24:49.0656 3212 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/04/06 19:24:50.0125 3212 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/06 19:24:50.0578 3212 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/06 19:24:51.0328 3212 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/06 19:24:51.0546 3212 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/06 19:24:51.0703 3212 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/06 19:24:52.0593 3212 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/04/06 19:24:52.0843 3212 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/06 19:24:53.0046 3212 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/06 19:24:53.0468 3212 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/06 19:24:53.0750 3212 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/04/06 19:24:54.0609 3212 MpKsl95a992df (5f53edfead46fa7adb78eee9ecce8fdf) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BB254C31-F92C-4865-A8D3-175070BE4568}\MpKsl95a992df.sys
2011/04/06 19:24:55.0734 3212 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/06 19:24:56.0343 3212 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/06 19:24:56.0843 3212 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/06 19:24:57.0093 3212 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/06 19:24:57.0421 3212 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/06 19:24:58.0187 3212 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/06 19:24:58.0453 3212 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/06 19:24:58.0656 3212 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/06 19:24:59.0078 3212 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
2011/04/06 19:24:59.0671 3212 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/06 19:25:00.0671 3212 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/06 19:25:00.0890 3212 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/06 19:25:01.0625 3212 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/06 19:25:02.0312 3212 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/06 19:25:02.0578 3212 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/06 19:25:03.0187 3212 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/06 19:25:03.0703 3212 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/06 19:25:04.0953 3212 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/06 19:25:05.0578 3212 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/06 19:25:08.0656 3212 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/06 19:25:17.0656 3212 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/06 19:25:18.0281 3212 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/06 19:25:18.0562 3212 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2011/04/06 19:25:19.0093 3212 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/06 19:25:19.0484 3212 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/06 19:25:19.0734 3212 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/06 19:25:20.0671 3212 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/06 19:25:21.0421 3212 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/06 19:25:21.0640 3212 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/06 19:25:25.0093 3212 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/06 19:25:25.0125 3212 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/06 19:25:25.0187 3212 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/06 19:25:25.0328 3212 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/06 19:25:25.0375 3212 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/06 19:25:25.0406 3212 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/06 19:25:25.0437 3212 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/06 19:25:25.0484 3212 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/06 19:25:25.0531 3212 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/06 19:25:25.0578 3212 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/06 19:25:26.0203 3212 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/06 19:25:26.0468 3212 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2011/04/06 19:25:27.0140 3212 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/06 19:25:27.0375 3212 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/06 19:25:27.0625 3212 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/06 19:25:28.0078 3212 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/06 19:25:28.0312 3212 smwdm (5018a9db5eb62e3edb3110f82f556285) C:\WINDOWS\system32\drivers\smwdm.sys
2011/04/06 19:25:28.0421 3212 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/06 19:25:28.0484 3212 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/06 19:25:28.0546 3212 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/06 19:25:29.0234 3212 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/06 19:25:29.0484 3212 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/06 19:25:29.0718 3212 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/06 19:25:34.0531 3212 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/06 19:25:35.0671 3212 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/06 19:25:37.0671 3212 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/06 19:25:39.0171 3212 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/06 19:25:39.0500 3212 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/06 19:25:40.0609 3212 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/06 19:25:41.0703 3212 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/06 19:25:42.0390 3212 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/06 19:25:42.0437 3212 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/06 19:25:42.0468 3212 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/06 19:25:42.0515 3212 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/06 19:25:42.0578 3212 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/06 19:25:42.0640 3212 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/06 19:25:42.0890 3212 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/06 19:25:43.0125 3212 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/06 19:25:43.0531 3212 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/06 19:25:43.0859 3212 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/04/06 19:25:44.0093 3212 wacomvhid (73e6f16a1f187d71fb26af308551e54a) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/04/06 19:25:44.0296 3212 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2011/04/06 19:25:44.0500 3212 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/06 19:25:44.0906 3212 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/06 19:25:45.0281 3212 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/06 19:25:45.0859 3212 WLAN(WLAN) (3c185892dd5c13975966e8d1c2a65290) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/04/06 19:25:46.0171 3212 X-Micro WLAN 11g USB Adapter(X-Micro) (3c185892dd5c13975966e8d1c2a65290) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/04/06 19:25:46.0406 3212 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys
2011/04/06 19:25:46.0546 3212 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/06 19:25:46.0546 3212 ================================================================================
2011/04/06 19:25:46.0546 3212 Scan finished
2011/04/06 19:25:46.0546 3212 ================================================================================
2011/04/06 19:25:46.0562 2864 Detected object count: 1
2011/04/06 19:26:27.0125 2864 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/06 19:26:27.0125 2864 \HardDisk0 - ok
2011/04/06 19:26:27.0406 2864 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/06 19:26:31.0468 1972 Deinitialize success
mapatasi
Active Member
 
Posts: 3
Joined: April 3rd, 2011, 9:43 am

Re: browser hijack, windows update fails, firewall fails...

Unread postby mapatasi » April 6th, 2011, 2:38 pm

Already I've got windows updates to work. Thank you for helping me even though we both know I've been very silly using bittorent (It's gone and I shan't use it again).
mapatasi
Active Member
 
Posts: 3
Joined: April 3rd, 2011, 9:43 am

Re: browser hijack, windows update fails, firewall fails...

Unread postby deltalima » April 6th, 2011, 3:04 pm

Hi mapatasi,

Already I've got windows updates to work.


That's good, please wait until we have completed the cleanup before running anything else.

Please reboot the computer.

Next, run a quick scan with Malwarebytes and post the log in your next reply.

Please also run another scan with DDS and post only the DDS.txt log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: browser hijack, windows update fails, firewall fails...

Unread postby Carolyn » April 9th, 2011, 4:31 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware