Jump to content

it seemed all was well.....and then redirect?


rtbm78
 Share

Recommended Posts

Here you are.

a little bit of good news. The search redirect seems to have subsided.

I am afraid I have to step out for a little while, but I will be back later for sure.

thanks again for your incredibly quick wisdom.

2010/11/04 17:46:10.0546 TDSS rootkit removing tool 2.4.6.0 Nov 3 2010 10:11:43

2010/11/04 17:46:10.0546 ================================================================================

2010/11/04 17:46:10.0546 SystemInfo:

2010/11/04 17:46:10.0546

2010/11/04 17:46:10.0546 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/04 17:46:10.0546 Product type: Workstation

2010/11/04 17:46:10.0546 ComputerName: FAMILY

2010/11/04 17:46:10.0546 UserName: Administrator

2010/11/04 17:46:10.0546 Windows directory: C:\WINDOWS

2010/11/04 17:46:10.0546 System windows directory: C:\WINDOWS

2010/11/04 17:46:10.0546 Processor architecture: Intel x86

2010/11/04 17:46:10.0546 Number of processors: 2

2010/11/04 17:46:10.0546 Page size: 0x1000

2010/11/04 17:46:10.0546 Boot type: Normal boot

2010/11/04 17:46:10.0546 ================================================================================

2010/11/04 17:46:10.0718 Initialize success

2010/11/04 17:46:13.0140 ================================================================================

2010/11/04 17:46:13.0140 Scan started

2010/11/04 17:46:13.0140 Mode: Manual;

2010/11/04 17:46:13.0140 ================================================================================

2010/11/04 17:46:14.0187 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/11/04 17:46:14.0218 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/11/04 17:46:14.0281 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/11/04 17:46:14.0328 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys

2010/11/04 17:46:14.0390 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/11/04 17:46:14.0625 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys

2010/11/04 17:46:14.0687 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/11/04 17:46:14.0828 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/11/04 17:46:14.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/11/04 17:46:14.0921 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/11/04 17:46:14.0968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/11/04 17:46:15.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/11/04 17:46:15.0156 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/11/04 17:46:15.0187 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/11/04 17:46:15.0296 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/11/04 17:46:15.0359 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/11/04 17:46:15.0406 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/11/04 17:46:15.0468 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/11/04 17:46:15.0515 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/11/04 17:46:15.0921 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/11/04 17:46:15.0984 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/11/04 17:46:16.0109 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys

2010/11/04 17:46:16.0140 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/11/04 17:46:16.0218 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/11/04 17:46:16.0281 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/11/04 17:46:16.0328 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/11/04 17:46:16.0390 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2010/11/04 17:46:16.0437 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2010/11/04 17:46:16.0531 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/11/04 17:46:16.0593 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/11/04 17:46:16.0687 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/11/04 17:46:16.0703 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/11/04 17:46:16.0734 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/11/04 17:46:16.0765 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/11/04 17:46:16.0796 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/11/04 17:46:16.0890 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2010/11/04 17:46:16.0937 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/11/04 17:46:17.0000 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/11/04 17:46:17.0046 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/11/04 17:46:17.0140 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/11/04 17:46:17.0250 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

2010/11/04 17:46:17.0343 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/11/04 17:46:17.0453 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/11/04 17:46:17.0546 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2010/11/04 17:46:17.0687 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/11/04 17:46:17.0765 InCDfs (1da147acb525a4822228be06154c7cbb) C:\WINDOWS\system32\drivers\InCDFs.sys

2010/11/04 17:46:17.0828 InCDPass (2ec469a401ae6fe7a67d80effd3091b1) C:\WINDOWS\system32\drivers\InCDPass.sys

2010/11/04 17:46:17.0875 InCDRec (544498d06b8ca187a5960b4f3b4bd63e) C:\WINDOWS\system32\drivers\InCDRec.sys

2010/11/04 17:46:17.0906 incdrm (2863a00b0f64d937f0cd9561c53b5a37) C:\WINDOWS\system32\drivers\InCDRm.sys

2010/11/04 17:46:18.0093 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/11/04 17:46:18.0203 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2010/11/04 17:46:18.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/11/04 17:46:18.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/11/04 17:46:18.0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/11/04 17:46:18.0515 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/11/04 17:46:18.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/11/04 17:46:18.0593 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/11/04 17:46:18.0625 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/11/04 17:46:18.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/11/04 17:46:18.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/11/04 17:46:18.0921 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys

2010/11/04 17:46:19.0015 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/11/04 17:46:19.0093 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2010/11/04 17:46:19.0203 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/11/04 17:46:19.0281 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/11/04 17:46:19.0312 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/11/04 17:46:19.0359 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/11/04 17:46:19.0390 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/11/04 17:46:19.0437 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/11/04 17:46:19.0515 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/11/04 17:46:19.0562 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/11/04 17:46:19.0609 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/11/04 17:46:19.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/11/04 17:46:19.0781 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/11/04 17:46:19.0812 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/11/04 17:46:19.0859 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/11/04 17:46:19.0875 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/11/04 17:46:19.0906 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/11/04 17:46:19.0968 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/11/04 17:46:20.0000 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/11/04 17:46:20.0046 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/11/04 17:46:20.0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/11/04 17:46:20.0156 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/11/04 17:46:20.0187 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/11/04 17:46:20.0234 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/11/04 17:46:20.0265 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/11/04 17:46:20.0343 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/11/04 17:46:20.0375 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/11/04 17:46:20.0421 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/11/04 17:46:20.0500 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/11/04 17:46:20.0734 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/11/04 17:46:20.0984 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/11/04 17:46:21.0031 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/11/04 17:46:21.0078 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/11/04 17:46:21.0140 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/11/04 17:46:21.0171 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/11/04 17:46:21.0218 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/11/04 17:46:21.0265 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/11/04 17:46:21.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/11/04 17:46:21.0359 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/11/04 17:46:21.0421 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys

2010/11/04 17:46:21.0593 pelmouse (59b3101f20056104c011e0c68aebb840) C:\WINDOWS\system32\DRIVERS\pelmouse.sys

2010/11/04 17:46:21.0656 pelusblf (f1ce775af376faf3ffefb4ff8cbdfbf3) C:\WINDOWS\system32\DRIVERS\pelusblf.sys

2010/11/04 17:46:21.0875 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/11/04 17:46:21.0937 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/11/04 17:46:22.0015 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/11/04 17:46:22.0062 PxHelp20 (1ffd5f718638fbea6c1eaad3349d479e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/11/04 17:46:22.0234 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/11/04 17:46:22.0265 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/11/04 17:46:22.0328 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/11/04 17:46:22.0375 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/11/04 17:46:22.0453 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/11/04 17:46:22.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/11/04 17:46:22.0609 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/11/04 17:46:22.0703 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/11/04 17:46:22.0796 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/11/04 17:46:22.0906 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys

2010/11/04 17:46:22.0984 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/11/04 17:46:23.0031 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/11/04 17:46:23.0078 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys

2010/11/04 17:46:23.0140 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys

2010/11/04 17:46:23.0171 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys

2010/11/04 17:46:23.0218 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys

2010/11/04 17:46:23.0250 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/11/04 17:46:23.0328 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys

2010/11/04 17:46:23.0359 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys

2010/11/04 17:46:23.0437 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/11/04 17:46:23.0656 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/11/04 17:46:23.0796 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/11/04 17:46:23.0906 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys

2010/11/04 17:46:24.0046 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/11/04 17:46:24.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/11/04 17:46:24.0109 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/11/04 17:46:24.0390 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/11/04 17:46:24.0484 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/11/04 17:46:24.0515 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/11/04 17:46:24.0562 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/11/04 17:46:24.0609 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/11/04 17:46:24.0718 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys

2010/11/04 17:46:24.0781 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys

2010/11/04 17:46:24.0843 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys

2010/11/04 17:46:24.0921 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys

2010/11/04 17:46:24.0984 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys

2010/11/04 17:46:25.0062 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys

2010/11/04 17:46:25.0125 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys

2010/11/04 17:46:25.0203 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys

2010/11/04 17:46:25.0281 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys

2010/11/04 17:46:25.0359 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys

2010/11/04 17:46:25.0453 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/11/04 17:46:25.0562 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/11/04 17:46:25.0671 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/11/04 17:46:25.0781 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/11/04 17:46:25.0859 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/11/04 17:46:25.0953 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/11/04 17:46:26.0062 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2010/11/04 17:46:26.0156 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/11/04 17:46:26.0218 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/11/04 17:46:26.0265 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys

2010/11/04 17:46:26.0343 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/11/04 17:46:26.0390 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/11/04 17:46:26.0515 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys

2010/11/04 17:46:26.0640 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/11/04 17:46:26.0687 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2010/11/04 17:46:26.0796 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/11/04 17:46:26.0890 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2010/11/04 17:46:27.0062 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2010/11/04 17:46:27.0125 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/11/04 17:46:27.0171 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/11/04 17:46:27.0218 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/11/04 17:46:27.0453 ================================================================================

2010/11/04 17:46:27.0453 Scan finished

2010/11/04 17:46:27.0453 ================================================================================

2010/11/04 17:46:52.0031 Deinitialize success

Link to post
Share on other sites

  • Replies 90
  • Created
  • Last Reply

Top Posters In This Topic

When you get back:

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\program files\Freeze.com\My.Freeze.com NetAssistant\NetAssistant.dll

Folder::
c:\program files\Freeze.com\My.Freeze.com NetAssistant

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\]
"{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}"=-
[-HKEY_CLASSES_ROOT\clsid\{e38fa08e-f56a-4169-abf5-5c71e3c153a1}]
[-HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO.1]
[-HKEY_CLASSES_ROOT\TypeLib\{1E8FC16F-4C51-49C4-BC9B-4FC24BDDCEE7}]
[-HKEY_CLASSES_ROOT\NetAssistant.NetAssistantBHO]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AWMON"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

hello again

well there has definantly been something fixed because the redirecting is gone and malwarebytes ran and was able update. I ran a full scan and it found nothing. I seems like things are definantly working better.

I did what you said in your last post and the good news is that combofix ran in normal mode and was able to get the updates and download the recovery consle.

unfortunatly combofix seemed to freeze up on stage 10. the cursor was blinking but it stayed on that for about 50 minutes and i had to manually shut down the pc to get back online.

should i just go ahead and try running it again?

thanks

Link to post
Share on other sites

Ok well things seem to be working better now.

combofix ran all the way through. Avg would not let me reinstall it because it said i already have the avira and it couldnt install intill i uninstall that.

if it's not causing any serious problems it look like i may just have to live with it.

anyway here is the log from combofix. Super mega thanks once again!

ComboFix 10-11-03.04 - Administrator 11/05/2010 7:19.4.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.459 [GMT -5:00]

Running from: c:\documents and settings\Administrator\Desktop\iexplorer.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))

.

2010-11-05 12:05 . 2010-11-05 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2010-11-05 03:36 . 2010-11-05 04:45 -------- d-----w- c:\windows\system32\NtmsData

2010-11-04 20:35 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-04 20:35 . 2010-11-04 20:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-04 20:35 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-04 16:27 . 2010-11-04 16:27 -------- d-----w- c:\windows\system32\wbem\Repository

2010-11-04 02:02 . 2010-11-04 02:02 -------- d-----w- c:\program files\ESET

2010-11-03 22:43 . 2010-11-03 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\REPORTS

2010-11-03 22:43 . 2010-11-03 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\LOGFILES

2010-11-03 22:43 . 2010-11-03 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\INFECTED

2010-10-17 03:52 . 2010-10-17 03:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira

2010-10-17 03:42 . 2010-11-05 07:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2010-10-17 03:42 . 2010-11-05 07:24 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys

2010-10-17 03:42 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys

2010-10-17 03:42 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys

2010-10-17 03:41 . 2010-11-05 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira

2010-10-17 03:41 . 2010-10-17 03:41 -------- d-----w- c:\program files\Avira

2010-10-14 23:13 . 2010-10-14 23:13 -------- d-----w- c:\program files\Litsoft

2010-10-14 21:14 . 2010-09-18 06:53 954368 -c----w- c:\windows\system32\dllcache\mfc40.dll

2010-10-14 21:14 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-14 21:14 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-14 21:14 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-11-04 22:32 . 2004-08-03 23:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2010-09-18 17:23 . 2006-07-24 17:27 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2006-07-24 17:27 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2006-07-24 17:27 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2006-07-24 17:27 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-09 22:39 . 2010-09-09 22:39 2826240 ----a-w- c:\windows\system32\GPhotos.scr

2010-09-09 13:38 . 2006-07-24 17:27 832512 ----a-w- c:\windows\system32\wininet.dll

2010-09-09 13:38 . 2006-07-24 17:27 1830912 ----a-w- c:\windows\system32\inetcpl.cpl

2010-09-09 13:38 . 2009-05-25 22:37 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-09-09 13:38 . 2006-07-24 17:27 17408 ----a-w- c:\windows\system32\corpol.dll

2010-09-08 15:57 . 2006-07-24 17:27 389120 ----a-w- c:\windows\system32\html.iec

2010-09-01 11:51 . 2006-07-24 17:27 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2006-07-24 17:27 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2006-07-24 17:27 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2006-07-24 17:27 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 22:23 . 2010-08-26 22:23 644400 ----a-w- c:\windows\system32\mscomct2.ocx

2010-08-26 13:39 . 2006-07-24 17:27 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-04-20 22:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2006-07-24 17:27 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2006-07-24 17:27 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2006-07-24 17:27 590848 ----a-w- c:\windows\system32\rpcrt4.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-11-04_22.10.38 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-05 11:56 . 2010-11-05 11:56 16384 c:\windows\temp\Perflib_Perfdata_aa0.dat

+ 2010-11-05 11:55 . 2010-11-05 11:55 16384 c:\windows\temp\Perflib_Perfdata_894.dat

- 2006-07-24 17:27 . 2009-02-20 18:09 44544 c:\windows\system32\pngfilt.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 44544 c:\windows\system32\pngfilt.dll

- 2007-08-13 23:54 . 2009-02-20 18:09 52224 c:\windows\system32\msfeedsbs.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 52224 c:\windows\system32\msfeedsbs.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 27648 c:\windows\system32\jsproxy.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 27648 c:\windows\system32\jsproxy.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 44544 c:\windows\system32\iernonce.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 44544 c:\windows\system32\iernonce.dll

+ 2006-07-24 17:27 . 2010-09-08 15:57 70656 c:\windows\system32\ie4uinit.exe

- 2006-07-24 17:27 . 2009-02-20 10:20 70656 c:\windows\system32\ie4uinit.exe

- 2007-08-13 23:36 . 2009-02-20 18:09 63488 c:\windows\system32\icardie.dll

+ 2007-08-13 23:36 . 2010-09-09 13:38 63488 c:\windows\system32\icardie.dll

- 2007-08-13 23:36 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2007-08-13 23:36 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\pngfilt.dll

+ 2009-04-20 22:39 . 2010-09-09 13:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2009-04-20 22:39 . 2009-02-20 18:09 52224 c:\windows\system32\dllcache\msfeedsbs.dll

- 2007-08-13 23:54 . 2009-02-20 18:09 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 27648 c:\windows\system32\dllcache\jsproxy.dll

+ 2009-04-20 22:39 . 2010-09-08 15:57 13824 c:\windows\system32\dllcache\ieudinit.exe

- 2009-04-20 22:39 . 2009-02-20 10:20 13824 c:\windows\system32\dllcache\ieudinit.exe

+ 2007-08-13 23:39 . 2010-09-09 13:38 44544 c:\windows\system32\dllcache\iernonce.dll

- 2007-08-13 23:39 . 2009-02-20 18:09 44544 c:\windows\system32\dllcache\iernonce.dll

- 2009-05-25 22:37 . 2009-02-20 18:09 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2009-05-25 22:37 . 2010-09-09 13:38 78336 c:\windows\system32\dllcache\ieencode.dll

+ 2007-08-13 23:39 . 2010-09-08 15:57 70656 c:\windows\system32\dllcache\ie4uinit.exe

- 2007-08-13 23:39 . 2009-02-20 10:20 70656 c:\windows\system32\dllcache\ie4uinit.exe

+ 2009-04-20 22:39 . 2010-09-09 13:38 63488 c:\windows\system32\dllcache\icardie.dll

- 2009-04-20 22:39 . 2009-02-20 18:09 63488 c:\windows\system32\dllcache\icardie.dll

- 2007-08-13 23:42 . 2007-08-13 23:42 17408 c:\windows\system32\dllcache\corpol.dll

+ 2007-08-13 23:42 . 2010-09-09 13:38 17408 c:\windows\system32\dllcache\corpol.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB2360131-IE7\pngfilt.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 52224 c:\windows\ie7updates\KB2360131-IE7\msfeedsbs.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 27648 c:\windows\ie7updates\KB2360131-IE7\jsproxy.dll

+ 2010-11-05 11:52 . 2009-02-20 10:20 13824 c:\windows\ie7updates\KB2360131-IE7\ieudinit.exe

+ 2010-11-05 11:52 . 2009-02-20 18:09 44544 c:\windows\ie7updates\KB2360131-IE7\iernonce.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 78336 c:\windows\ie7updates\KB2360131-IE7\ieencode.dll

+ 2010-11-05 11:52 . 2009-02-20 10:20 70656 c:\windows\ie7updates\KB2360131-IE7\ie4uinit.exe

+ 2010-11-05 11:52 . 2009-02-20 18:09 63488 c:\windows\ie7updates\KB2360131-IE7\icardie.dll

+ 2010-11-05 11:52 . 2008-04-14 10:41 35328 c:\windows\ie7updates\KB2360131-IE7\corpol.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 233472 c:\windows\system32\webcheck.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 233472 c:\windows\system32\webcheck.dll

- 2006-07-24 17:27 . 2008-05-09 10:53 430080 c:\windows\system32\vbscript.dll

+ 2006-07-24 17:27 . 2010-03-09 11:09 430080 c:\windows\system32\vbscript.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 105984 c:\windows\system32\url.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 105984 c:\windows\system32\url.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 102912 c:\windows\system32\occache.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 102912 c:\windows\system32\occache.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 671232 c:\windows\system32\mstime.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 671232 c:\windows\system32\mstime.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 193024 c:\windows\system32\msrating.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 193024 c:\windows\system32\msrating.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 478208 c:\windows\system32\mshtmled.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 468480 c:\windows\system32\msfeeds.dll

+ 2006-07-24 17:27 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll

- 2006-07-24 17:27 . 2008-05-09 10:53 512000 c:\windows\system32\jscript.dll

- 2007-08-13 23:34 . 2009-02-20 18:09 268288 c:\windows\system32\iertutil.dll

+ 2007-08-13 23:34 . 2010-09-09 13:38 268288 c:\windows\system32\iertutil.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 192512 c:\windows\system32\iepeers.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 384512 c:\windows\system32\iedkcs32.dll

+ 2007-07-11 17:27 . 2010-09-09 13:38 380928 c:\windows\system32\ieapfltr.dll

- 2006-07-24 17:27 . 2009-02-20 05:14 161792 c:\windows\system32\ieakui.dll

+ 2006-07-24 17:27 . 2010-08-25 11:29 161792 c:\windows\system32\ieakui.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 230400 c:\windows\system32\ieaksie.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 230400 c:\windows\system32\ieaksie.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 153088 c:\windows\system32\ieakeng.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 153088 c:\windows\system32\ieakeng.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 133120 c:\windows\system32\extmgr.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 133120 c:\windows\system32\extmgr.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 214528 c:\windows\system32\dxtrans.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 214528 c:\windows\system32\dxtrans.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 347136 c:\windows\system32\dxtmsft.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 347136 c:\windows\system32\dxtmsft.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 832512 c:\windows\system32\dllcache\wininet.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-13 23:54 . 2009-02-20 18:09 233472 c:\windows\system32\dllcache\webcheck.dll

- 2007-08-13 23:54 . 2008-05-09 10:53 430080 c:\windows\system32\dllcache\vbscript.dll

+ 2007-08-13 23:54 . 2010-03-09 11:09 430080 c:\windows\system32\dllcache\vbscript.dll

- 2007-08-13 23:44 . 2009-02-20 18:09 105984 c:\windows\system32\dllcache\url.dll

+ 2007-08-13 23:44 . 2010-09-09 13:38 105984 c:\windows\system32\dllcache\url.dll

- 2007-08-13 23:44 . 2009-02-20 18:09 102912 c:\windows\system32\dllcache\occache.dll

+ 2007-08-13 23:44 . 2010-09-09 13:38 102912 c:\windows\system32\dllcache\occache.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 671232 c:\windows\system32\dllcache\mstime.dll

- 2007-08-13 23:54 . 2009-02-20 18:09 671232 c:\windows\system32\dllcache\mstime.dll

- 2007-08-13 23:44 . 2009-02-20 18:09 193024 c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 23:44 . 2010-09-09 13:38 193024 c:\windows\system32\dllcache\msrating.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 478208 c:\windows\system32\dllcache\mshtmled.dll

+ 2009-04-20 22:39 . 2010-09-09 13:38 468480 c:\windows\system32\dllcache\msfeeds.dll

+ 2007-08-13 23:38 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll

- 2007-08-13 23:38 . 2008-05-09 10:53 512000 c:\windows\system32\dllcache\jscript.dll

+ 2007-08-13 23:43 . 2010-08-25 11:30 634648 c:\windows\system32\dllcache\iexplore.exe

+ 2009-04-20 22:39 . 2010-09-09 13:38 268288 c:\windows\system32\dllcache\iertutil.dll

- 2009-04-20 22:39 . 2009-02-20 18:09 268288 c:\windows\system32\dllcache\iertutil.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 192512 c:\windows\system32\dllcache\iepeers.dll

+ 2007-08-13 23:39 . 2010-09-09 13:38 384512 c:\windows\system32\dllcache\iedkcs32.dll

+ 2009-04-20 22:39 . 2010-09-09 13:38 380928 c:\windows\system32\dllcache\ieapfltr.dll

+ 2007-08-13 22:56 . 2010-08-25 11:29 161792 c:\windows\system32\dllcache\ieakui.dll

- 2007-08-13 22:56 . 2009-02-20 05:14 161792 c:\windows\system32\dllcache\ieakui.dll

- 2007-08-13 23:39 . 2009-02-20 18:09 230400 c:\windows\system32\dllcache\ieaksie.dll

+ 2007-08-13 23:39 . 2010-09-09 13:38 230400 c:\windows\system32\dllcache\ieaksie.dll

- 2007-08-13 23:39 . 2009-02-20 18:09 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 23:39 . 2010-09-09 13:38 153088 c:\windows\system32\dllcache\ieakeng.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 133120 c:\windows\system32\dllcache\extmgr.dll

- 2007-08-13 23:54 . 2009-02-20 18:09 133120 c:\windows\system32\dllcache\extmgr.dll

+ 2007-08-13 23:35 . 2010-09-09 13:38 214528 c:\windows\system32\dllcache\dxtrans.dll

- 2007-08-13 23:35 . 2009-02-20 18:09 214528 c:\windows\system32\dllcache\dxtrans.dll

+ 2007-08-13 23:35 . 2010-09-09 13:38 347136 c:\windows\system32\dllcache\dxtmsft.dll

- 2007-08-13 23:35 . 2009-02-20 18:09 347136 c:\windows\system32\dllcache\dxtmsft.dll

+ 2007-08-13 23:39 . 2010-09-09 13:38 124928 c:\windows\system32\dllcache\advpack.dll

- 2007-08-13 23:39 . 2009-02-20 18:09 124928 c:\windows\system32\dllcache\advpack.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 124928 c:\windows\system32\advpack.dll

- 2006-07-24 17:27 . 2009-02-20 18:09 124928 c:\windows\system32\advpack.dll

+ 2010-11-05 11:52 . 2009-03-03 00:18 826368 c:\windows\ie7updates\KB2360131-IE7\wininet.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 233472 c:\windows\ie7updates\KB2360131-IE7\webcheck.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 105984 c:\windows\ie7updates\KB2360131-IE7\url.dll

+ 2010-11-05 11:52 . 2010-02-22 14:23 382840 c:\windows\ie7updates\KB2360131-IE7\spuninst\updspapi.dll

+ 2010-11-05 11:52 . 2010-02-22 14:23 231288 c:\windows\ie7updates\KB2360131-IE7\spuninst\spuninst.exe

+ 2010-11-05 11:52 . 2009-02-20 18:09 102912 c:\windows\ie7updates\KB2360131-IE7\occache.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 671232 c:\windows\ie7updates\KB2360131-IE7\mstime.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 193024 c:\windows\ie7updates\KB2360131-IE7\msrating.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 477696 c:\windows\ie7updates\KB2360131-IE7\mshtmled.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 459264 c:\windows\ie7updates\KB2360131-IE7\msfeeds.dll

+ 2010-11-05 11:52 . 2009-02-28 04:54 636072 c:\windows\ie7updates\KB2360131-IE7\iexplore.exe

+ 2010-11-05 11:52 . 2009-02-20 18:09 268288 c:\windows\ie7updates\KB2360131-IE7\iertutil.dll

+ 2010-11-05 11:52 . 2007-08-13 23:54 191488 c:\windows\ie7updates\KB2360131-IE7\iepeers.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 385024 c:\windows\ie7updates\KB2360131-IE7\iedkcs32.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 383488 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dll

+ 2010-11-05 11:52 . 2009-02-20 05:14 161792 c:\windows\ie7updates\KB2360131-IE7\ieakui.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 230400 c:\windows\ie7updates\KB2360131-IE7\ieaksie.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 153088 c:\windows\ie7updates\KB2360131-IE7\ieakeng.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 133120 c:\windows\ie7updates\KB2360131-IE7\extmgr.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 214528 c:\windows\ie7updates\KB2360131-IE7\dxtrans.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 347136 c:\windows\ie7updates\KB2360131-IE7\dxtmsft.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 124928 c:\windows\ie7updates\KB2360131-IE7\advpack.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 1168384 c:\windows\system32\urlmon.dll

+ 2006-07-24 17:27 . 2010-09-09 13:38 3601920 c:\windows\system32\mshtml.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 6075904 c:\windows\system32\ieframe.dll

+ 2007-02-12 21:10 . 2010-07-05 20:32 2452872 c:\windows\system32\ieapfltr.dat

+ 2007-08-13 23:54 . 2010-09-09 13:38 1168384 c:\windows\system32\dllcache\urlmon.dll

+ 2007-08-13 23:54 . 2010-09-09 13:38 3601920 c:\windows\system32\dllcache\mshtml.dll

+ 2009-04-20 22:39 . 2010-09-09 13:38 6075904 c:\windows\system32\dllcache\ieframe.dll

+ 2009-04-20 22:39 . 2010-07-05 20:32 2452872 c:\windows\system32\dllcache\ieapfltr.dat

+ 2010-11-05 11:52 . 2009-02-20 18:09 1160192 c:\windows\ie7updates\KB2360131-IE7\urlmon.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 3595264 c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

+ 2010-11-05 11:52 . 2009-02-20 18:09 6066176 c:\windows\ie7updates\KB2360131-IE7\ieframe.dll

+ 2010-11-05 11:52 . 2008-07-09 14:25 2455488 c:\windows\ie7updates\KB2360131-IE7\ieapfltr.dat

.

-- Snapshot reset to current date --

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]

@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"

[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]

2008-07-10 13:23 97064 ----a-w- c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-04 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-28 217088]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]

"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 45056]

"NapsterShell"="c:\program files\Napster\napster.exe" [2006-06-29 319488]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]

"DISCover"="c:\program files\DISC\DISCover.exe" [bU]

"VAIOSurvey"="c:\program files\sony\vaio survey\surveysa.exe" [2005-06-13 258048]

"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]

"PartSeal"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"TunePat"="c:\program files\TunePat\TunePat.exe" [bU]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-05 281768]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

avgrsstx.dll [bU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Vuze\\Azureus.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\wowd.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [11/4/2010 10:23 PM 339624]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/16/2010 10:42 PM 135336]

R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [11/4/2010 10:23 PM 403624]

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]

R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [7/10/2008 8:23 AM 53032]

R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/24/2006 12:28 PM 30080]

R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/24/2006 12:28 PM 226304]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]

S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcdrdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]

S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SSMDRV

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-12-07 04:18 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = www.yahoo.com/

uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: trymedia.com

.

- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files:

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1292321489-3038965794-573620678-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,46,b9,da,70,58,c6,4d,81,e4,13,\

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)

c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'lsass.exe'(972)

c:\program files\Avira\AntiVir Desktop\avsda.dll

- - - - - - - > 'explorer.exe'(5276)

c:\windows\system32\WININET.dll

c:\program files\Nero\Nero8\InCD\NBHShx.dll

c:\program files\Nero\Nero8\InCD\NBHStr.dll

c:\program files\Common Files\Nero\Shared\NL3\AdvrCntr3.dll

c:\windows\system32\msi.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-11-05 07:30:30

ComboFix-quarantined-files.txt 2010-11-05 12:30

ComboFix2.txt 2010-11-04 22:18

ComboFix3.txt 2010-11-04 12:57

ComboFix4.txt 2010-11-04 03:06

ComboFix5.txt 2010-11-05 01:16

Pre-Run: 55,991,275,520 bytes free

Post-Run: 55,985,684,480 bytes free

- - End Of File - - A13ED15DB8B0F975EB247612158D476C

Link to post
Share on other sites

Open IE and remove this from your trusted zones.

Trusted Zone: trymedia.com

Good job

The following will implement some cleanup procedures as well as reset System Restore points:

Rename iexplorer.exe to combofix.exe

Next:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

Here's my usual all clean post

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.

    • Next press the Apply button and then the OK to exit the Internet Properties page.
    • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
      (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
      Without a firewall your computer is succeptible to being hacked and taken over.
      I am very serious about this and see it happen almost every day with my clients.
      Simply using a Firewall in its default configuration can lower your risk greatly.
    • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
      This will ensure your computer has always the latest security updates available installed on your computer.
      If there are new updates to install, install them immediately, reboot your computer, and revisit the site
      until there are no more critical updates.
    • Update all these programs regularly - Make sure you update all the programs I have listed regularly.
      Without regular updates you WILL NOT be protected when new malicious programs are released.

    Only run one Anti-Virus and Firewall program.

    I would suggest you read How to Prevent Malware:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.