No access to Internet Options, connectivity problem, and other problems

**I_dream_of_Mercury** · 2011-12-06, 21:08

Issues in brief, then details:
Cannot open Internet Options. Administrator in safe mode can’t access the Internet. Scans found and quarantined MediaPlex, Trojan.FakeAlert, PUM.Hijack.HomePageControl. Strange behavior at a shopping site. Have previously been unable to complete an update of IE8 (using XP Pro).

I’ve got a few things happening, and I’m not sure which is causing what. So please excuse me if this is either too much or not the appropriate information.

I discovered a couple of days ago, that I cannot access Internet Options in either the Control Panel or IE Tools>Options, either as a user with administrator privileges or as Administrator, in safe mode. I don’t know how long this problem has been present.

There is still an Internet Options icon in the Control Panel, but when I click on it, a box flickers on the screen for a split second, and doesn’t stay onscreen.

I normally have Internet Options locked inside IE, using Spybot’s IE Tweaks and more recently, SpywareBlaster settings, too. I tried unblocking access to Internet Options from IE’s Tools>Options and from SpywareBlaster settings, but when I select Options, again a box blinks on the screen, but doesn’t remain up.

Also, after discovering this problem, first time I logged into safe mode, as Administrator, I could access the Internet, but the second time I logged into safe mode as Administrator, I could not connect to the Internet.

I first realized I couldn’t bring up Internet Options, when I tried to access it right after I’d visited an online shopping site, which I believe is legit, but had a strange experience, with it. I went to enter a test account (not my real info), just so it would tell me the shipping charges, and found that I appeared to actually be *in* someone else’s registered account! I tried to set up my own test account, changing all the info, and it had not asked for any payment method info yet. Instead of asking me to choose the shipping mode, which it was supposed to do next, it said, “Order accepted”! I immediately contacted the website through their online contact form, and asked them to cancel the order (which I assume was charged to the other customer) and to contact me about using their site.

However, since problems immediately arose, I’ve been afraid to go to my yahoo email.
*By the way, is it safe to use online email, at this point?

I notice now, too, that when I hover the pointer over My Computer, in the Start menu, along with Local Disc (:C), the DVD drive, My Documents and Shared Documents, there’s an icon for the Control Panel. Am I that inobservant, that I never noticed that there, before, or is that not normally there?

A scan with Spybot S&D brought up MediaPlex tracking cookie as a threat, which had not appeared before in recent or previous scans. I then downloaded and ran Malwarebytes, which found:
Trojan.FakeAlert and
PUM.Hijack.HomePageControl.
But I wonder if the PUM is only detecting my setting for locking IE Tools>Options, with IE Tweaks? The same PUM seemed to reappear in the Malwarebytes scan, after I reapplied the setting. Avira scans didn’t detect any problems.

All three of these malwares were quarantined by Spybot S&D and Malwarebytes, and now scans by them are clean. Avira scans are still clean.

I tried a System Restore twice, only going back about 10 days the first time, and then 12 days back, and the non-access to Internet Options is still present.

The other possible factor is that within the past 3 months or so, I’ve tried a couple of times to update IE8, the last time fairly recently, but the updates wouldn’t complete. I already had IE8, but there seemed to be a slightly more recent version, and with XP, I can’t go to IE9. But when the update automatically restarted the computer and try to apply personal preferences to IE, it would hang and never complete. I had to cold boot it, as I recall. I gather that it may be my user profiles are not set up correctly, so that I’m updating IE in my normal user account, which has administrative privileges, but it wants to update in the Administrator account, which perhaps should be sharing the user preferences with the other account, but it isn’t. I don't know how to fix that.

Some programs requiring Administrator’s privileges do recognize this user account as having them.

In any case, the IE updates not completing and issues between the Administrator and user accounts may have something to do with Internet Options access, I don’t know. Again, Internet Options currently won’t open in either user account.

Lastly, I haven’t been able to run ESET’s online scanner. When I tried to run it, it told me I need administrator’s privileges, even though this account has them. I tried the suggestion on the ESET FAQ, to change the registry key and eliminate a possible killbit, but found that the long key number mentioned is not under LOCAL_MACHINE/SOFTWARE, etc, in my registry. In my registry, it’s under HKEY_USERS. In a search of my registry, no “compatibility flags” was found.

Thank you very much, for your expertise and attention to helping me with this!

My fresh DDS.txt report, attach.txt attached:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by user at 11:08:29 on 2011-12-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1357 [GMT -8:00]
.
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.safer-networking.org/en/index.html
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [SpybotDeletingB3393] command.com /c del "c:\windows\SchedLgU.Txt"
uRunOnce: [SpybotDeletingD6191] cmd.exe /c del "c:\windows\SchedLgU.Txt"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PD0630 STISvc] RunDLL32.exe P0630Pin.dll,RunDLL32EP 513
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [SpybotDeletingA3123] command.com /c del "c:\windows\SchedLgU.Txt"
mRunOnce: [SpybotDeletingC9596] cmd.exe /c del "c:\windows\SchedLgU.Txt"
StartupFolder: c:\docume~1\user\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250215367203
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1250221790218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{D32D97C7-A7FE-48E4-9546-8EC79641D39E} : DhcpNameServer = 192.168.0.1 205.171.3.25
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\tallem~1\online~1\oaevent.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-7 11608]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-4-8 228216]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-4-8 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-4-8 29560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-7 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-7 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-7 66616]
R2 OAcat;Online Armor Helper Service;c:\program files\tall emu\online armor\oacat.exe [2010-4-8 1284600]
R2 SvcOnlineArmor;Online Armor;c:\program files\tall emu\online armor\oasrv.exe [2010-4-8 3364856]
S0 cerc6;cerc6; [x]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\flashplayerupdateservice.exe --> c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [?]
S3 P0630VID;Creative WebCam Live!;c:\windows\system32\drivers\P0630Vid.sys [2010-10-28 91841]
.
=============== Created Last 30 ================
.
2011-12-06 12:18:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 12:02:19 -------- d-----w- c:\program files\ERUNT Registry Backup Tool
2011-12-06 00:58:25 -------- d-----w- c:\documents and settings\user\local settings\application data\Sun
2011-12-06 00:39:56 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-05 18:42:13 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-05 18:42:13 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-04 21:07:07 -------- d-----w- c:\documents and settings\user\application data\Malwarebytes
2011-12-04 21:06:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-12-04 21:06:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-01 13:38:03 -------- d-----w- c:\program files\SpywareBlaster(2)
.
==================== Find3M ====================
.
2011-12-06 00:39:32 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-01 19:32:54 69792 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 19:32:54 417952 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2011-10-21 15:30:37 516692 ----a-w- c:\windows\vampsUninst.exe
2011-10-21 15:30:06 1903021 ----a-w- c:\windows\vamps.scr
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 11:10:45.30 ===============

**Scolabar** · 2011-12-08, 10:41

Hi I_dream_of_Mercury,

Firstly, welcome to the Safer-Networking Malware Removal Forum.

My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help i would be grateful if you would let me know.

I am currently working under the guidance of teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much.

Please note the following important guidelines before proceeding:

The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) where the conditions for receiving help here are explained.

Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows XP

If you follow these guidelines, things should proceed smoothly.

I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

**I_dream_of_Mercury** · 2011-12-08, 16:33

Scolabar, hi, and thanks so much for taking on my case!

I definitely still require help.

To update, about 20 hours ago, I ran Avira and it found TR/Fake.Rean.3192, and quarantined it. Other problems are about the same status as when I last posted.

(Malwarebytes did again find and quarantine PUM.HiJack.HomePageControl, but I also tried, again, to drop the restriction on opening Internet Options inside IE, as I described before, so not sure if that's what's causing that.)

I wonder if you could tell me whether I can currently safely or securely use Yahoo email, visit known websites, and make an online payment with PayPal? I'm especially anxious to make a payment for two things, with PayPal, and to use my email, because the matters are time-sensitive. I don't know if there's any secure way to do those things on someone else's computer or on a public computer.

I'll check back frequently, for your new instructions

**Scolabar** · 2011-12-09, 13:11

Hi I_dream_of_Mercury,

This is just a quick update to let you know I am waiting for a Teacher to check over my next set of instructions.
As you will no doubt appreciate, the Teachers are very busy. Please bear with us.

In answer to your question:

Originally Posted by I_dream_of_Mercury

I wonder if you could tell me whether I can currently safely or securely use Yahoo email, visit known websites, and make an online payment with PayPal?

At this stage I think it should be OK to use Yahoo email (as long as you steer clear of including anything of a confidential nature in your correspondence for the time being) and browse known good websites. However, my advice to you would be not to use any online payment system until the computer has been confirmed to be clear of infection. I would also advise not using anyone else's or any public computer to make any payments either. I would be inclined to phone the supplier(s) direct and make any payments over the phone, if possible, for the time being.

Thank you again for your patience.

Scolabar

**Scolabar** · 2011-12-10, 01:14

Hi I_dream_of_Mercury,

Thank you again for your patience.

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Spybot - Search & Destroy Log

I would like to see the contents of the last Spybot - Search & Destroy log which shows infections cleaned up.
You should be able to retrieve the log using the following instructions:

Launch Spybot S&D.
Switch to Advanced Mode.
Navigate to Tools > View Report.
Click on View Previous Report to access older / automatically generated reports.
Click on Export to save the report to a text file to your Desktop.
Please Copy and Paste the entire contents of the Spybot S&D exported log file into your next reply

Step 2:
MalwareBytes' AntiMalware Log

I would also like to see the contents of the last MalwareBytes' AntiMalware log which shows infections cleaned up.
You should be able to retrieve the log from the following location:

C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply.

Step 3:
TDSSKiller - Scan

Please download TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
Double-click on TDSSKiller.exe to launch it.
If TDSSKiller does not run rename the program file. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. pq2f9hnw.com).
If you don't see file extensions, please see: How to change the file extension.
Click the Start Scan button. Do not use the computer during the scan!
When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
Now click on Report to open the log file created by TDSSKiller.
The log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt is created and saved to the root directory. (Usually C: drive).
Copy and Paste the entire contents of the TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt file into your next reply.

PLEASE DO NOT TRY TO FIX ANYTHING AT THIS STAGE.

Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
Spybot S&D exported log file.
mbam-log-date (time).txt.
TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.
Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

**I_dream_of_Mercury** · 2011-12-10, 05:03

Scolabar, hi,

Here's the requested material, and a little more info, at the bottom:

Included in this post, per your instructions:

1. Did you have any problems carrying out the instructions?

The instructions were clear and easy to carry out. I did wonder whether to include info about a couple of infections detected within the past few days, which are not on the reports you requested, so I went ahead and added the info at the bottom of this post, just in cast it's useful.

2. Spybot S&D exported log file.

Spybot Search and Destroy Log, the last log which shows infections cleaned up. To be clear, I’ve run the program since, but this is the last time and the only time, since noticing symptoms of infection, that it’s shown any infections or threats:

--- Report generated: 2011-12-04 10:49 ---

MediaPlex: Tracking cookie (Internet Explorer: user) (Cookie, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-04-07 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-11-15 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-11-29 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-10-04 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-09-27 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-11-15 Includes\Malware.sbi (*)
2011-11-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-10-11 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-10-18 Includes\Spyware.sbi (*)
2011-10-18 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-09-28 Includes\Trojans.sbi (*)
2011-11-28 Includes\TrojansC-02.sbi (*)
2011-11-29 Includes\TrojansC-03.sbi (*)
2011-11-29 Includes\TrojansC-04.sbi (*)
2011-11-29 Includes\TrojansC-05.sbi (*)
2011-11-09 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

3. mbam-log-date (time).txt.

Malwarebytes, last log that shows infections cleaned up:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8322

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/7/2011 12:26:46 PM
mbam-log-2011-12-07 (12-26-46).txt

Scan type: Quick scan
Objects scanned: 182973
Time elapsed: 9 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

4. TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt.

18:57:50.0031 3868 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
18:57:52.0031 3868 ============================================================
18:57:52.0031 3868 Current date / time: 2011/12/09 18:57:52.0031
18:57:52.0031 3868 SystemInfo:
18:57:52.0031 3868
18:57:52.0031 3868 OS Version: 5.1.2600 ServicePack: 3.0
18:57:52.0031 3868 Product type: Workstation
18:57:52.0031 3868 ComputerName: USER-PC
18:57:52.0031 3868 UserName: user
18:57:52.0031 3868 Windows directory: C:\WINDOWS
18:57:52.0031 3868 System windows directory: C:\WINDOWS
18:57:52.0031 3868 Processor architecture: Intel x86
18:57:52.0031 3868 Number of processors: 2
18:57:52.0031 3868 Page size: 0x1000
18:57:52.0031 3868 Boot type: Normal boot
18:57:52.0031 3868 ============================================================
18:57:56.0359 3868 Initialize success
18:58:19.0046 0172 ============================================================
18:58:19.0046 0172 Scan started
18:58:19.0046 0172 Mode: Manual;
18:58:19.0046 0172 ============================================================
18:58:19.0468 0172 Abiosdsk - ok
18:58:19.0468 0172 abp480n5 - ok
18:58:19.0546 0172 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:58:19.0546 0172 ACPI - ok
18:58:19.0593 0172 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:58:19.0593 0172 ACPIEC - ok
18:58:19.0609 0172 adpu160m - ok
18:58:19.0671 0172 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:58:19.0687 0172 aec - ok
18:58:19.0734 0172 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
18:58:19.0750 0172 AFD - ok
18:58:19.0765 0172 Aha154x - ok
18:58:19.0765 0172 aic78u2 - ok
18:58:19.0781 0172 aic78xx - ok
18:58:19.0796 0172 AliIde - ok
18:58:19.0812 0172 amsint - ok
18:58:19.0828 0172 asc - ok
18:58:19.0843 0172 asc3350p - ok
18:58:19.0859 0172 asc3550 - ok
18:58:19.0921 0172 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:58:19.0921 0172 AsyncMac - ok
18:58:19.0937 0172 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:58:19.0937 0172 atapi - ok
18:58:19.0953 0172 Atdisk - ok
18:58:20.0156 0172 ati2mtag (7452ab1a89f43785d20a10066bc3b73a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
18:58:20.0218 0172 ati2mtag - ok
18:58:20.0328 0172 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:58:20.0343 0172 Atmarpc - ok
18:58:20.0375 0172 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:58:20.0390 0172 audstub - ok
18:58:20.0562 0172 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
18:58:20.0562 0172 avgio - ok
18:58:20.0593 0172 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
18:58:20.0593 0172 avgntflt - ok
18:58:20.0625 0172 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
18:58:20.0640 0172 avipbb - ok
18:58:20.0687 0172 b57w2k (241474d01380e9ed41d4c07f4f5fd401) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
18:58:20.0687 0172 b57w2k - ok
18:58:20.0765 0172 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:58:20.0765 0172 Beep - ok
18:58:20.0812 0172 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:58:20.0828 0172 cbidf2k - ok
18:58:20.0875 0172 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:58:20.0875 0172 CCDECODE - ok
18:58:20.0890 0172 cd20xrnt - ok
18:58:20.0937 0172 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:58:20.0937 0172 Cdaudio - ok
18:58:20.0968 0172 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:58:20.0968 0172 Cdfs - ok
18:58:21.0031 0172 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:58:21.0046 0172 Cdrom - ok
18:58:21.0046 0172 cerc6 - ok
18:58:21.0062 0172 Changer - ok
18:58:21.0078 0172 CmdIde - ok
18:58:21.0109 0172 Cpqarray - ok
18:58:21.0125 0172 dac2w2k - ok
18:58:21.0125 0172 dac960nt - ok
18:58:21.0171 0172 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:58:21.0171 0172 Disk - ok
18:58:21.0218 0172 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:58:21.0234 0172 dmboot - ok
18:58:21.0296 0172 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:58:21.0312 0172 dmio - ok
18:58:21.0343 0172 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:58:21.0343 0172 dmload - ok
18:58:21.0406 0172 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:58:21.0406 0172 DMusic - ok
18:58:21.0421 0172 dpti2o - ok
18:58:21.0468 0172 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:58:21.0468 0172 drmkaud - ok
18:58:21.0531 0172 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:58:21.0546 0172 Fastfat - ok
18:58:21.0562 0172 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:58:21.0562 0172 Fdc - ok
18:58:21.0578 0172 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:58:21.0593 0172 Fips - ok
18:58:21.0593 0172 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:58:21.0609 0172 Flpydisk - ok
18:58:21.0640 0172 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
18:58:21.0640 0172 FltMgr - ok
18:58:21.0671 0172 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:58:21.0671 0172 Fs_Rec - ok
18:58:21.0687 0172 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:58:21.0703 0172 Ftdisk - ok
18:58:21.0734 0172 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:58:21.0734 0172 Gpc - ok
18:58:21.0812 0172 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:58:21.0812 0172 hidusb - ok
18:58:21.0828 0172 hpn - ok
18:58:21.0906 0172 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:58:21.0921 0172 HTTP - ok
18:58:21.0937 0172 i2omgmt - ok
18:58:21.0953 0172 i2omp - ok
18:58:21.0984 0172 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:58:22.0000 0172 i8042prt - ok
18:58:22.0046 0172 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:58:22.0046 0172 Imapi - ok
18:58:22.0062 0172 ini910u - ok
18:58:22.0078 0172 IntelIde - ok
18:58:22.0125 0172 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:58:22.0125 0172 intelppm - ok
18:58:22.0156 0172 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
18:58:22.0156 0172 Ip6Fw - ok
18:58:22.0187 0172 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:58:22.0187 0172 IpFilterDriver - ok
18:58:22.0203 0172 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:58:22.0218 0172 IpInIp - ok
18:58:22.0265 0172 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:58:22.0265 0172 IpNat - ok
18:58:22.0281 0172 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:58:22.0296 0172 IPSec - ok
18:58:22.0328 0172 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:58:22.0328 0172 IRENUM - ok
18:58:22.0359 0172 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:58:22.0359 0172 isapnp - ok
18:58:22.0406 0172 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:58:22.0406 0172 Kbdclass - ok
18:58:22.0468 0172 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:58:22.0468 0172 kbdhid - ok
18:58:22.0562 0172 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:58:22.0562 0172 kmixer - ok
18:58:22.0593 0172 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:58:22.0593 0172 KSecDD - ok
18:58:22.0609 0172 lbrtfdc - ok
18:58:22.0671 0172 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:58:22.0671 0172 mnmdd - ok
18:58:22.0734 0172 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:58:22.0750 0172 Modem - ok
18:58:22.0750 0172 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:58:22.0765 0172 Mouclass - ok
18:58:22.0796 0172 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:58:22.0796 0172 mouhid - ok
18:58:22.0812 0172 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:58:22.0812 0172 MountMgr - ok
18:58:22.0828 0172 mraid35x - ok
18:58:22.0859 0172 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:58:22.0875 0172 MRxDAV - ok
18:58:22.0953 0172 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:58:22.0953 0172 MRxSmb - ok
18:58:22.0968 0172 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:58:22.0968 0172 Msfs - ok
18:58:23.0015 0172 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:58:23.0031 0172 MSKSSRV - ok
18:58:23.0046 0172 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:58:23.0046 0172 MSPCLOCK - ok
18:58:23.0078 0172 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:58:23.0078 0172 MSPQM - ok
18:58:23.0125 0172 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:58:23.0140 0172 mssmbios - ok
18:58:23.0218 0172 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:58:23.0218 0172 MSTEE - ok
18:58:23.0234 0172 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:58:23.0234 0172 Mup - ok
18:58:23.0281 0172 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:58:23.0281 0172 NABTSFEC - ok
18:58:23.0328 0172 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:58:23.0328 0172 NDIS - ok
18:58:23.0375 0172 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:58:23.0375 0172 NdisIP - ok
18:58:23.0421 0172 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:58:23.0421 0172 NdisTapi - ok
18:58:23.0484 0172 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:58:23.0484 0172 Ndisuio - ok
18:58:23.0500 0172 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:58:23.0515 0172 NdisWan - ok
18:58:23.0562 0172 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:58:23.0578 0172 NDProxy - ok
18:58:23.0578 0172 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:58:23.0593 0172 NetBIOS - ok
18:58:23.0703 0172 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:58:23.0718 0172 NetBT - ok
18:58:23.0750 0172 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:58:23.0750 0172 Npfs - ok
18:58:23.0781 0172 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:58:23.0796 0172 Ntfs - ok
18:58:23.0812 0172 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:58:23.0828 0172 Null - ok
18:58:23.0875 0172 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:58:23.0875 0172 NwlnkFlt - ok
18:58:23.0906 0172 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:58:23.0906 0172 NwlnkFwd - ok
18:58:23.0937 0172 OADevice (da5e5a2026eeef52d94fcb760e171752) C:\WINDOWS\system32\drivers\OADriver.sys
18:58:23.0937 0172 OADevice - ok
18:58:23.0968 0172 OAmon (3524dd1f24bd0114eaa98048d76075c1) C:\WINDOWS\system32\drivers\OAmon.sys
18:58:23.0968 0172 OAmon - ok
18:58:24.0046 0172 OAnet (e57d9d511e837ef56f93ec29f1ff730d) C:\WINDOWS\system32\drivers\OAnet.sys
18:58:24.0062 0172 OAnet - ok
18:58:24.0109 0172 P0630VID (74446252eeae950240972108bbac2fbd) C:\WINDOWS\system32\DRIVERS\P0630Vid.sys
18:58:24.0125 0172 P0630VID - ok
18:58:24.0171 0172 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:58:24.0171 0172 Parport - ok
18:58:24.0187 0172 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:58:24.0187 0172 PartMgr - ok
18:58:24.0234 0172 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:58:24.0250 0172 ParVdm - ok
18:58:24.0281 0172 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:58:24.0281 0172 PCI - ok
18:58:24.0296 0172 PCIDump - ok
18:58:24.0312 0172 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:58:24.0312 0172 PCIIde - ok
18:58:24.0343 0172 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:58:24.0359 0172 Pcmcia - ok
18:58:24.0359 0172 PDCOMP - ok
18:58:24.0375 0172 PDFRAME - ok
18:58:24.0390 0172 PDRELI - ok
18:58:24.0390 0172 PDRFRAME - ok
18:58:24.0406 0172 perc2 - ok
18:58:24.0421 0172 perc2hib - ok
18:58:24.0484 0172 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:58:24.0500 0172 PptpMiniport - ok
18:58:24.0515 0172 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:58:24.0515 0172 Ptilink - ok
18:58:24.0531 0172 ql1080 - ok
18:58:24.0546 0172 Ql10wnt - ok
18:58:24.0546 0172 ql12160 - ok
18:58:24.0562 0172 ql1240 - ok
18:58:24.0578 0172 ql1280 - ok
18:58:24.0593 0172 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:58:24.0593 0172 RasAcd - ok
18:58:24.0609 0172 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:58:24.0625 0172 Rasl2tp - ok
18:58:24.0625 0172 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:58:24.0640 0172 RasPppoe - ok
18:58:24.0656 0172 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:58:24.0656 0172 Raspti - ok
18:58:24.0671 0172 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:58:24.0687 0172 Rdbss - ok
18:58:24.0703 0172 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:58:24.0703 0172 RDPCDD - ok
18:58:24.0750 0172 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:58:24.0765 0172 rdpdr - ok
18:58:24.0828 0172 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:58:24.0843 0172 RDPWD - ok
18:58:24.0906 0172 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:58:24.0921 0172 redbook - ok
18:58:24.0984 0172 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:58:25.0000 0172 Secdrv - ok
18:58:25.0078 0172 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
18:58:25.0109 0172 senfilt - ok
18:58:25.0125 0172 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:58:25.0125 0172 serenum - ok
18:58:25.0140 0172 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:58:25.0156 0172 Serial - ok
18:58:25.0171 0172 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:58:25.0187 0172 Sfloppy - ok
18:58:25.0203 0172 Simbad - ok
18:58:25.0296 0172 smwdm (c6d9959e493682f872a639b6ec1b4a08) C:\WINDOWS\system32\drivers\smwdm.sys
18:58:25.0312 0172 smwdm - ok
18:58:25.0312 0172 Sparrow - ok
18:58:25.0343 0172 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:58:25.0343 0172 splitter - ok
18:58:25.0406 0172 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:58:25.0406 0172 sr - ok
18:58:25.0484 0172 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:58:25.0484 0172 Srv - ok
18:58:25.0546 0172 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
18:58:25.0562 0172 ssmdrv - ok
18:58:25.0609 0172 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:58:25.0609 0172 streamip - ok
18:58:25.0625 0172 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:58:25.0640 0172 swenum - ok
18:58:25.0640 0172 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:58:25.0656 0172 swmidi - ok
18:58:25.0671 0172 symc810 - ok
18:58:25.0687 0172 symc8xx - ok
18:58:25.0703 0172 sym_hi - ok
18:58:25.0703 0172 sym_u3 - ok
18:58:25.0750 0172 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:58:25.0765 0172 sysaudio - ok
18:58:25.0859 0172 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:58:25.0890 0172 Tcpip - ok
18:58:25.0921 0172 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:58:25.0921 0172 TDPIPE - ok
18:58:25.0937 0172 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:58:25.0953 0172 TDTCP - ok
18:58:26.0000 0172 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:58:26.0000 0172 TermDD - ok
18:58:26.0031 0172 TosIde - ok
18:58:26.0093 0172 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:58:26.0109 0172 Udfs - ok
18:58:26.0125 0172 ultra - ok
18:58:26.0187 0172 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:58:26.0203 0172 Update - ok
18:58:26.0281 0172 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:58:26.0281 0172 usbccgp - ok
18:58:26.0328 0172 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:58:26.0328 0172 usbehci - ok
18:58:26.0375 0172 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:58:26.0375 0172 usbhub - ok
18:58:26.0421 0172 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:58:26.0421 0172 USBSTOR - ok
18:58:26.0484 0172 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:58:26.0500 0172 usbuhci - ok
18:58:26.0515 0172 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:58:26.0515 0172 VgaSave - ok
18:58:26.0531 0172 ViaIde - ok
18:58:26.0546 0172 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:58:26.0546 0172 VolSnap - ok
18:58:26.0562 0172 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:58:26.0578 0172 Wanarp - ok
18:58:26.0578 0172 WDICA - ok
18:58:26.0609 0172 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:58:26.0625 0172 wdmaud - ok
18:58:26.0765 0172 WpdUsb (c60dc16d4e406810fad54b98dc92d5ec) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:58:26.0765 0172 WpdUsb - ok
18:58:26.0843 0172 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:58:26.0843 0172 WSTCODEC - ok
18:58:26.0875 0172 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:58:26.0875 0172 WudfPf - ok
18:58:26.0906 0172 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:58:26.0906 0172 WudfRd - ok
18:58:26.0937 0172 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
18:58:27.0093 0172 \Device\Harddisk0\DR0 - ok
18:58:27.0093 0172 Boot (0x1200) (b7afa9d472cd08105950e19bca8d8db4) \Device\Harddisk0\DR0\Partition0
18:58:27.0093 0172 \Device\Harddisk0\DR0\Partition0 - ok
18:58:27.0093 0172 ============================================================
18:58:27.0093 0172 Scan finished
18:58:27.0093 0172 ============================================================
18:58:27.0109 0384 Detected object count: 0
18:58:27.0109 0384 Actual detected object count: 0

5. Do you have the original Windows installation media for your PC?

I don't have it, unfortunately. The computer does have the tag on it.

(I'm adding this bit of info about a couple of infections detected within the past few days, only after I first noticed signs of infection, just in case it's useful:

I've been running daily scans with Avira antivirus. On Dec. 7, 2011, Avira antivirus found TR/Fake.Rean.3192, one detection, which is quarantined. That's the only detection by Avira, since a long time before the first signs of infection. Avira scans since that one are clean.

Also,
this is the first Malwarebytes log I ran, after noticing symptoms of infection, just because it’s got an extra malware detection on it:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8310

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/4/2011 1:19:09 PM
mbam-log-2011-12-04 (13-19-09).txt

Scan type: Quick scan
Objects scanned: 180542
Time elapsed: 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\control panel\Homepage (PUM.Hijack.HomePageControl) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\user\local settings\Temp\upd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. )

Thanks for your continued help! I'm continuing to check back frequently, for your next instructions.

Thread: No access to Internet Options, connectivity problem, and other problems

Thread Tools

Display

Hybrid View

No access to Internet Options, connectivity problem, and other problems

Tags for this Thread

Posting Permissions