Solve : I'm having severe issues with Vundo, Iexplorer constantly runn

1.	Solve : I'm having severe issues with Vundo, Iexplorer constantly running?
Answer» The results of this last log C:\Documents and Settings\David L\Desktop\loaristrojanremover.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1236.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1239.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\Program Files\Loaris\Trojan Remover\ltr12.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1724\A0247188.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1766\A0252201.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253547.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253565.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1806\A0265195.exea variant of Win32/InstallCore.D applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1811\A0270486.exeWin32/Adware.OpenInstall applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1815\A0273502.exeWin32/RegistryBooster applicationdeleted - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1827\A0277747.exea variant of Win32/Adware.OpenInstall applicationcleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1839\A0283627.sysprobably a variant of Win32/Agent.JMJMETP trojancleaned by deleting - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283667.exea variant of Win32/1AntiVirus applicationdeleted - quarantined C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283668.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined and it's still doing the same thing These issues? I'm having severe issues with Vundo, Iexplorer constantly running in background, searches in yahoo & google being hijackedcorrect...that was the original message. INTERNET explorer just continually shows up in the windows task manager even though I cancel it several times....and sends several files, cookies, ETC in my internet explorer which I continually have to clean out with the Piriform CCleaner program. Also, when I look up anything on yahoo or google re-directs me to a find answers.com search. That's been the issue this whole time.Please download aswMBR.exe ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan Note: Do not take action against any Rootkit entries until I have reviewed the log. Often there are false positives On completion of the scan click save log, save it to your desktop and post in your next reply This program will not run on my computer. Similar to the tdsskiller.exe not working the other day.Let's try this one. Download the MBR Rootkit Detector to your desktop. * Doubleclick mbr.exe and follow prompts. * A black DOS window will quickly appear then disappear. * When mbr.exe is finished it will create a log on your desktop. * Copy and paste contents of that log file to your next reply.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: WDC_WD1600JB-75GVC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK this is all that came up with the MBRPlease download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop. Link 1 Link 2 Link 3 •Double-click on MBRCheck.exe to run it. •It will open a black window...please do not fix anything (if it gives you an option). •When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard. •A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop. •Please copy and paste the contents of that log in your next reply.MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version:Windows XP Home Edition Windows Information:Service Pack 3 (build 2600) Logical Drives Mask:0x0000001c Kernel Drivers (TOTAL 147): 0x804D7000 \WINDOWS\system32\ntoskrnl.exe 0x806EE000 \WINDOWS\system32\hal.dll 0xF8D37000 \WINDOWS\system32\KDCOM.DLL 0xF8C47000 \WINDOWS\system32\BOOTVID.dll 0xF87E8000 ACPI.sys 0xF8D39000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF87D7000 pci.sys 0xF8837000 isapnp.sys 0xF8DFF000 pciide.sys 0xF8AB7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xF8D3B000 intelide.sys 0xF8847000 MountMgr.sys 0xF87B8000 ftdisk.sys 0xF8ABF000 PartMgr.sys 0xF8857000 VolSnap.sys 0xF87A0000 atapi.sys 0xF8867000 disk.sys 0xF8877000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF8780000 fltmgr.sys 0xF876E000 sr.sys 0xF8887000 Lbd.sys 0xF8758000 DRVMCDB.SYS 0xF8897000 PxHelp20.sys 0xF8741000 KSecDD.sys 0xF872E000 WudfPf.sys 0xF86A1000 Ntfs.sys 0xF8674000 NDIS.sys 0xF865A000 Mup.sys 0xF8947000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF8536000 \SystemRoot\system32\DRIVERS\ialmnt5.sys 0xF8522000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF8B57000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF84FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF8B5F000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF84ED000 \SystemRoot\system32\DRIVERS\GA311ND5.SYS 0xF84B9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xF8496000 \SystemRoot\system32\DRIVERS\ks.sys 0xF8397000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xF82F0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF8B67000 \SystemRoot\System32\Drivers\Modem.SYS 0xF8957000 \SystemRoot\system32\DRIVERS\serial.sys 0xF8D33000 \SystemRoot\system32\DRIVERS\serenum.sys 0xF82DC000 \SystemRoot\system32\DRIVERS\parport.sys 0xF8967000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF8D65000 \SystemRoot\System32\Drivers\DLACDBHM.SYS 0xF8977000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF8987000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF8997000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xF829C000 \SystemRoot\system32\drivers\smwdm.sys 0xF8278000 \SystemRoot\system32\drivers\portcls.sys 0xF89A7000 \SystemRoot\system32\drivers\drmk.sys 0xF81C5000 \SystemRoot\system32\drivers\senfilt.sys 0xF8EF0000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF89B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF8625000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF81AE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF89C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF89E7000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF8B6F000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF819D000 \SystemRoot\system32\DRIVERS\psched.sys 0xF89F7000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF8B77000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF8B7F000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF8A07000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF8B87000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF8B8F000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF8D69000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF8117000 \SystemRoot\system32\DRIVERS\update.sys 0xF8611000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF33F0000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF3480000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF8D41000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xF6D51000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xF4E39000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xB279D000 \SystemRoot\system32\DRIVERS\MpFilter.sys 0xF27A6000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xF8A97000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xF508B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF8DC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8A27000 \SystemRoot\system32\DRIVERS\DcCam.sys 0xB0586000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS 0xF2F60000 \SystemRoot\System32\Drivers\Null.SYS 0xF8DC5000 \SystemRoot\System32\Drivers\Beep.SYS 0xF8B9F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS 0xF8BAF000 \SystemRoot\System32\drivers\vga.sys 0xF8DC7000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8DC9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF8BA7000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF8BB7000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB27C4000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB0553000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB04FA000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB04D2000 \SystemRoot\system32\DRIVERS\netbt.sys 0xF4E35000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xB01E2000 \SystemRoot\System32\drivers\afd.sys 0xF8AA7000 \SystemRoot\system32\DRIVERS\netbios.sys 0xF88B7000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys 0xB01C0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 0xF8BBF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 0xB0195000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB0125000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xAEBFE000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9695E6-93B9-4CF1-B4CB-B5B97E79BDEF}\MpKsl7db636b9.sys 0xAE392000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xAF3F5000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xAFEE5000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xAF3E5000 \SystemRoot\System32\Drivers\Fips.SYS 0xAFEDD000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xAF3B5000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xAE37A000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xF33C5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xAF9D8000 \SystemRoot\System32\drivers\Dxapi.sys 0xAEBE6000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF2368000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF020000 \SystemRoot\System32\ialmdnt5.dll 0xBF012000 \SystemRoot\System32\ialmrnt5.dll 0xBF040000 \SystemRoot\System32\ialmdev5.DLL 0xBF070000 \SystemRoot\System32\ialmdd5.DLL 0xF8055000 \SystemRoot\System32\Drivers\DRVNDDM.SYS 0xF8045000 \SystemRoot\system32\drivers\dcfs2k.sys 0xF8F74000 \SystemRoot\System32\DLA\DLADResN.SYS 0xAE364000 \SystemRoot\System32\DLA\DLAIFS_M.SYS 0xF8D13000 \SystemRoot\System32\DLA\DLAOPIOM.SYS 0xB27FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS 0xAEBDE000 \SystemRoot\System32\DLA\DLABOIOM.SYS 0xAE34C000 \SystemRoot\System32\DLA\DLAUDFAM.SYS 0xAE336000 \SystemRoot\System32\DLA\DLAUDF_M.SYS 0xB0204000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xAD19A000 \SystemRoot\system32\drivers\wdmaud.sys 0xAEC2E000 \SystemRoot\system32\drivers\sysaudio.sys 0xACDAF000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xF8DAD000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xF8DB1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys 0xACE1C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xACC8F000 \SystemRoot\system32\DRIVERS\srv.sys 0xAC5BE000 \SystemRoot\System32\Drivers\HTTP.sys 0xACA57000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0xF8BF7000 \??\C:\DOCUME~1\DAVIDL~1\LOCALS~1\Temp\mbr.sys 0xAC45E000 \SystemRoot\system32\DRIVERS\szkg.sys 0xF7CF6000 \SystemRoot\system32\drivers\szkgfs.sys 0xAA868000 \SystemRoot\system32\drivers\kmixer.sys 0xF8D8B000 \SystemRoot\system32\DRIVERS\LANPkt.sys 0xAF9E4000 \SystemRoot\System32\Drivers\Diag69xp.sys 0xF8D99000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 0xB0E4E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53FC6F7F-B052-49DB-BCC0-4F869AECA196}\MpKslb065ec8d.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 49): 0 System Idle Process 4 System 576 C:\WINDOWS\system32\smss.exe 648 csrss.exe 672 C:\WINDOWS\system32\winlogon.exe 716 C:\WINDOWS\system32\services.exe 728 C:\WINDOWS\system32\lsass.exe 900 C:\WINDOWS\system32\svchost.exe 976 svchost.exe 1072 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 1108 C:\WINDOWS\system32\svchost.exe 1148 C:\WINDOWS\system32\svchost.exe 1432 svchost.exe 1612 svchost.exe 1964 C:\WINDOWS\system32\spoolsv.exe 1324 svchost.exe 1388 C:\Program Files\SUPERAntiSpyware\SASCore.exe 1416 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe 1500 C:\WINDOWS\system32\svchost.exe 1740 C:\Program Files\Java\jre7\bin\jqs.exe 2092 C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2124 C:\WINDOWS\system32\svchost.exe 2860 alg.exe 3736 C:\WINDOWS\system32\hkcmd.exe 3756 C:\Program Files\Dell\Media Experience\DMXLauncher.exe 3816 C:\WINDOWS\system32\DLA\DLACTRLW.EXE 3840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe 3856 C:\Program Files\Dell Support Center\bin\sprtcmd.exe 3896 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe 3984 C:\Program Files\Common Files\Java\Java Update\jusched.exe 4012 C:\Program Files\Microsoft Security Client\msseces.exe 4052 C:\Program Files\DellSupport\DSAgnt.exe 220 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE 2644 C:\Program Files\NETGEAR GA311 Adapter\GA311.exe 2632 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe 1020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe 3272 C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe 3532 C:\WINDOWS\system32\dwwin.exe 2136 C:\WINDOWS\system32\LEXPPS.EXE 216 C:\WINDOWS\system32\LEXBCES.EXE 3424 C:\WINDOWS\system32\wuauclt.exe 140 C:\WINDOWS\system32\taskmgr.exe 424 C:\Program Files\Mozilla Firefox\firefox.exe 3300 C:\Program Files\Mozilla Firefox\plugin-container.exe 2224 C:\Program Files\Mozilla Firefox\plugin-container.exe 2232 C:\WINDOWS\system32\svchost.exe 1336 C:\WINDOWS\explorer.exe 3052 C:\Program Files\CCleaner\CCleaner.exe 3912 C:\Documents and Settings\David L\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS) \\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`27f4c800 (NTFS) PhysicalDrive0 Model Number: WDCWD1600JB-75GVC0, Rev: 08.02D08 Size Device Name MBR Status -------------------------------------------- 149 GB \\.\PhysicalDrive0 MBR Code Faked! SHA1: B4B6B1E93E76CCFDFCAE6EA604FEB4717943141 3 Found non-standard or infected MBR. Enter 'Y' and hit ENTER for more options, or 'N' to exit: Done!Please give TDSSKiller another try. But you will have to rename it as in the following: •If TDSSKiller does not run, try renaming it. •To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.This might have actually fixed my problem. SINCE i've rebooted my computer after using the tdsskiller I haven't had iexplore come up in my task manager, and it appears my redirecting problem might be fixed also. Thanks. If I end up having anymore issues i'll get back with you. Quote If I end up having anymore issues i'll get back with you. We may as well do some cleanup now. To uninstall ComboFix Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane. In the field, type in ComboFix /uninstall (Note: Make sure there's a space between the word ComboFix and the forward-slash.) Then, press Enter, or click OK. This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore. ********************************************** To remove all of the tools we used and the files and folders they created do the following: Double click OTL.exe. Click the CleanUp button. Select Yes when the "Begin cleanup Process?" prompt appears. If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. *********************************************** Clean out your temporary internet files and temp files. Download TFC by OldTimer to your desktop. Double-click TFC.exe to run it. Note: If you are running on Vista, right-click on the file and choose Run As Administrator TFC** will close all programs when run, so make sure you have saved all your work before you begin. * Click the Start button to begin the cleaning process. * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. * Please let TFC run uninterrupted until it is finished. Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning. ************************************************** Looking over your log it seems you don't have any evidence of a third party firewall. Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors. Remember only install ONE firewall 1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one) 2) Online Armor 3) Agnitum Outpost 4) PC Tools Firewall Plus If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time. ***************************************************** Go to Microsoft Windows Update and get all critical updates. ---------- I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free. SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox. * Using SpywareBlaster to protect your computer from Spyware and Malware * If you don't know what ActiveX controls are, see here Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future. Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly. Safe Surfing!Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?Quote Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else? If you want to protect your personal and financial information, a third-party firewall would give you that added protection. I'm running MSE and Comodo firewall. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : I'm having severe issues with Vundo, Iexplorer constantly running?

Answer»

The results of this last log

C:\Documents and Settings\David L\Desktop\loaristrojanremover.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1236.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
C:\Documents and Settings\David L\My Documents\New Folder\setup-ltr1239.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
C:\Program Files\Loaris\Trojan Remover\ltr12.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1724\A0247188.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1766\A0252201.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253547.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1775\A0253565.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1806\A0265195.exea variant of Win32/InstallCore.D applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1811\A0270486.exeWin32/Adware.OpenInstall applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1815\A0273502.exeWin32/RegistryBooster applicationdeleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1827\A0277747.exea variant of Win32/Adware.OpenInstall applicationcleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1839\A0283627.sysprobably a variant of Win32/Agent.JMJMETP trojancleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283667.exea variant of Win32/1AntiVirus applicationdeleted - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1843\A0283668.exea variant of Win32/1AntiVirus applicationcleaned by deleting - quarantined
and it's still doing the same thing These issues? I'm having severe issues with Vundo, Iexplorer constantly running in background, searches in yahoo & google being hijackedcorrect...that was the original message. INTERNET explorer just continually shows up in the windows task manager even though I cancel it several times....and sends several files, cookies, ETC in my internet explorer which I continually have to clean out with the Piriform CCleaner program. Also, when I look up anything on yahoo or google re-directs me to a find answers.com search. That's been the issue this whole time.Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

On completion of the scan click save log, save it to your desktop and post in your next reply
This program will not run on my computer. Similar to the tdsskiller.exe not working the other day.Let's try this one.

Download the MBR Rootkit Detector to your desktop.

* Doubleclick mbr.exe and follow prompts.
* A black DOS window will quickly appear then disappear.
* When mbr.exe is finished it will create a log on your desktop.
* Copy and paste contents of that log file to your next reply.Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600JB-75GVC0 rev.08.02D08 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

this is all that came up with the MBRPlease download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

•Double-click on MBRCheck.exe to run it.

•It will open a black window...please do not fix anything (if it gives you an option).

•When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.

•A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
•Please copy and paste the contents of that log in your next reply.MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version:Windows XP Home Edition
Windows Information:Service Pack 3 (build 2600)
Logical Drives Mask:0x0000001c

Kernel Drivers (TOTAL 147):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8D37000 \WINDOWS\system32\KDCOM.DLL
0xF8C47000 \WINDOWS\system32\BOOTVID.dll
0xF87E8000 ACPI.sys
0xF8D39000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF87D7000 pci.sys
0xF8837000 isapnp.sys
0xF8DFF000 pciide.sys
0xF8AB7000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8D3B000 intelide.sys
0xF8847000 MountMgr.sys
0xF87B8000 ftdisk.sys
0xF8ABF000 PartMgr.sys
0xF8857000 VolSnap.sys
0xF87A0000 atapi.sys
0xF8867000 disk.sys
0xF8877000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF8780000 fltmgr.sys
0xF876E000 sr.sys
0xF8887000 Lbd.sys
0xF8758000 DRVMCDB.SYS
0xF8897000 PxHelp20.sys
0xF8741000 KSecDD.sys
0xF872E000 WudfPf.sys
0xF86A1000 Ntfs.sys
0xF8674000 NDIS.sys
0xF865A000 Mup.sys
0xF8947000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8536000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF8522000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF8B57000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF84FE000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8B5F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF84ED000 \SystemRoot\system32\DRIVERS\GA311ND5.SYS
0xF84B9000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF8496000 \SystemRoot\system32\DRIVERS\ks.sys
0xF8397000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF82F0000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF8B67000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8957000 \SystemRoot\system32\DRIVERS\serial.sys
0xF8D33000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF82DC000 \SystemRoot\system32\DRIVERS\parport.sys
0xF8967000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8D65000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF8977000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8987000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8997000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF829C000 \SystemRoot\system32\drivers\smwdm.sys
0xF8278000 \SystemRoot\system32\drivers\portcls.sys
0xF89A7000 \SystemRoot\system32\drivers\drmk.sys
0xF81C5000 \SystemRoot\system32\drivers\senfilt.sys
0xF8EF0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF89B7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8625000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF81AE000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF89C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF89E7000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8B6F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF819D000 \SystemRoot\system32\DRIVERS\psched.sys
0xF89F7000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8B77000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8B7F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8A07000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF8B87000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8B8F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8D69000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF8117000 \SystemRoot\system32\DRIVERS\update.sys
0xF8611000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF33F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF3480000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8D41000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF6D51000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF4E39000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB279D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF27A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8A97000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF508B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8DC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8A27000 \SystemRoot\system32\DRIVERS\DcCam.sys
0xB0586000 \SystemRoot\system32\DRIVERS\EXPORTIT.SYS
0xF2F60000 \SystemRoot\System32\Drivers\Null.SYS
0xF8DC5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8B9F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF8BAF000 \SystemRoot\System32\drivers\vga.sys
0xF8DC7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8DC9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8BA7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8BB7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB27C4000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB0553000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB04FA000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB04D2000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF4E35000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB01E2000 \SystemRoot\System32\drivers\afd.sys
0xF8AA7000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF88B7000 \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys
0xB01C0000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8BBF000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB0195000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB0125000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAEBFE000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB9695E6-93B9-4CF1-B4CB-B5B97E79BDEF}\MpKsl7db636b9.sys
0xAE392000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAF3F5000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAFEE5000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAF3E5000 \SystemRoot\System32\Drivers\Fips.SYS
0xAFEDD000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAF3B5000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAE37A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF33C5000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAF9D8000 \SystemRoot\System32\drivers\Dxapi.sys
0xAEBE6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF2368000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF040000 \SystemRoot\System32\ialmdev5.DLL
0xBF070000 \SystemRoot\System32\ialmdd5.DLL
0xF8055000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF8045000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF8F74000 \SystemRoot\System32\DLA\DLADResN.SYS
0xAE364000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF8D13000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xB27FE000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xAEBDE000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xAE34C000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xAE336000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB0204000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAD19A000 \SystemRoot\system32\drivers\wdmaud.sys
0xAEC2E000 \SystemRoot\system32\drivers\sysaudio.sys
0xACDAF000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF8DAD000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF8DB1000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xACE1C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xACC8F000 \SystemRoot\system32\DRIVERS\srv.sys
0xAC5BE000 \SystemRoot\System32\Drivers\HTTP.sys
0xACA57000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xF8BF7000 \??\C:\DOCUME~1\DAVIDL~1\LOCALS~1\Temp\mbr.sys
0xAC45E000 \SystemRoot\system32\DRIVERS\szkg.sys
0xF7CF6000 \SystemRoot\system32\drivers\szkgfs.sys
0xAA868000 \SystemRoot\system32\drivers\kmixer.sys
0xF8D8B000 \SystemRoot\system32\DRIVERS\LANPkt.sys
0xAF9E4000 \SystemRoot\System32\Drivers\Diag69xp.sys
0xF8D99000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xB0E4E000 \??\c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53FC6F7F-B052-49DB-BCC0-4F869AECA196}\MpKslb065ec8d.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 49):
0 System Idle Process
4 System
576 C:\WINDOWS\system32\smss.exe
648 csrss.exe
672 C:\WINDOWS\system32\winlogon.exe
716 C:\WINDOWS\system32\services.exe
728 C:\WINDOWS\system32\lsass.exe
900 C:\WINDOWS\system32\svchost.exe
976 svchost.exe
1072 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
1108 C:\WINDOWS\system32\svchost.exe
1148 C:\WINDOWS\system32\svchost.exe
1432 svchost.exe
1612 svchost.exe
1964 C:\WINDOWS\system32\spoolsv.exe
1324 svchost.exe
1388 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1416 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
1500 C:\WINDOWS\system32\svchost.exe
1740 C:\Program Files\Java\jre7\bin\jqs.exe
2092 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
2124 C:\WINDOWS\system32\svchost.exe
2860 alg.exe
3736 C:\WINDOWS\system32\hkcmd.exe
3756 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
3816 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3840 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3856 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
3896 C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
3984 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4012 C:\Program Files\Microsoft Security Client\msseces.exe
4052 C:\Program Files\DellSupport\DSAgnt.exe
220 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
2644 C:\Program Files\NETGEAR GA311 Adapter\GA311.exe
2632 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
1020 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
3272 C:\Program Files\HP\Digital Imaging\bin\hpqdirec.exe
3532 C:\WINDOWS\system32\dwwin.exe
2136 C:\WINDOWS\system32\LEXPPS.EXE
216 C:\WINDOWS\system32\LEXBCES.EXE
3424 C:\WINDOWS\system32\wuauclt.exe
140 C:\WINDOWS\system32\taskmgr.exe
424 C:\Program Files\Mozilla Firefox\firefox.exe
3300 C:\Program Files\Mozilla Firefox\plugin-container.exe
2224 C:\Program Files\Mozilla Firefox\plugin-container.exe
2232 C:\WINDOWS\system32\svchost.exe
1336 C:\WINDOWS\explorer.exe
3052 C:\Program Files\CCleaner\CCleaner.exe
3912 C:\Documents and Settings\David L\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001b`27f4c800 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-75GVC0, Rev: 08.02D08

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: B4B6B1E93E76CCFDFCAE6EA604FEB4717943141 3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!Please give TDSSKiller another try. But you will have to rename it as in the following:

•If TDSSKiller does not run, try renaming it.

•To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.This might have actually fixed my problem. SINCE i've rebooted my computer after using the tdsskiller I haven't had iexplore come up in my task manager, and it appears my redirecting problem might be fixed also. Thanks. If I end up having anymore issues i'll get back with you. Quote

If I end up having anymore issues i'll get back with you.

We may as well do some cleanup now.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

Click the CleanUp button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
***************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
****************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*******************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity THEFT, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?Quote

Thanks for everything. So, do I need to download a firewall since I've got the Microsoft Security Essentials now? Do you recommend me getting something else?

If you want to protect your personal and financial information, a third-party firewall would give you that added protection. I'm running MSE and Comodo firewall. You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Solve : I'm having severe issues with Vundo, Iexplorer constantly running?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment