Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

redirect issues and more...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: redirect issues and more...

Unread postby acerda23 » December 21st, 2010, 9:33 pm

Still getting the redirect issues. Different folders are also messing up giving me issues by "Not Responding". I'm also being prompted by WinPatrol that IE is trying to change my startup page from google.com to www.flyingincognito.com. Google Chrome now no longer works for me. I used it primarily for my web browsing but now it is unresponsive (it was like that before you've started helping me) and I'm forced to use either Firefox or Safari.

Just wanted to update you on computer performance.
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am
Advertisement
Register to Remove

Re: redirect issues and more...

Unread postby Cypher » December 22nd, 2010, 1:17 pm

Hi acerda23.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    c:\windows\TEMP\A277.tmp
    
    Registry::
    [-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\6e574e40]
    
    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    
    RegNull::
    [HKEY_USERS\S-1-5-21-2471965245-1943476174-3207880002-1001\Software\SecuROM\License information*]
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.

Next.

TDSSKiller

  • Please Download TDSSKiller.zip and save it on your desktop.
  • Extract (unzip) its contents to your Desktop.
  • Double-click the TDSSKiller Folder on your desktop.
  • Important!: Run this fix once and once only.
  • Right click TDSSKiller.exe and select " Run as administrator " to run it.
  • Then click Start scan.
  • A box will appear saying System scan completed.
  • If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
  • If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
  • A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
  • To find the log click Start > Computer > C:.
  • Please post the contents of that log in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 22nd, 2010, 8:05 pm

2010/12/22 17:57:45.0667 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/22 17:57:45.0667 ================================================================================
2010/12/22 17:57:45.0667 SystemInfo:
2010/12/22 17:57:45.0667
2010/12/22 17:57:45.0667 OS Version: 6.0.6002 ServicePack: 2.0
2010/12/22 17:57:45.0668 Product type: Workstation
2010/12/22 17:57:45.0668 ComputerName: X-PC
2010/12/22 17:57:45.0668 UserName: ap
2010/12/22 17:57:45.0668 Windows directory: C:\Windows
2010/12/22 17:57:45.0668 System windows directory: C:\Windows
2010/12/22 17:57:45.0668 Processor architecture: Intel x86
2010/12/22 17:57:45.0668 Number of processors: 2
2010/12/22 17:57:45.0668 Page size: 0x1000
2010/12/22 17:57:45.0668 Boot type: Normal boot
2010/12/22 17:57:45.0668 ================================================================================
2010/12/22 17:57:54.0431 Initialize success
2010/12/22 17:57:58.0327 ================================================================================
2010/12/22 17:57:58.0327 Scan started
2010/12/22 17:57:58.0327 Mode: Manual;
2010/12/22 17:57:58.0327 ================================================================================
2010/12/22 17:58:01.0104 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2010/12/22 17:58:01.0291 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/12/22 17:58:01.0507 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/12/22 17:58:01.0560 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/12/22 17:58:01.0703 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/12/22 17:58:01.0897 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2010/12/22 17:58:02.0236 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
2010/12/22 17:58:02.0684 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/12/22 17:58:02.0848 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/12/22 17:58:03.0005 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/12/22 17:58:03.0140 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/12/22 17:58:03.0194 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/12/22 17:58:03.0337 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/12/22 17:58:03.0396 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/12/22 17:58:03.0690 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/12/22 17:58:03.0781 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/12/22 17:58:03.0941 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/12/22 17:58:04.0008 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2010/12/22 17:58:04.0201 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2010/12/22 17:58:04.0252 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
2010/12/22 17:58:04.0502 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2010/12/22 17:58:04.0749 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2010/12/22 17:58:04.0879 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/12/22 17:58:04.0930 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/12/22 17:58:04.0994 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/12/22 17:58:05.0102 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/12/22 17:58:05.0161 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/12/22 17:58:05.0200 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/12/22 17:58:05.0329 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2010/12/22 17:58:05.0713 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/12/22 17:58:05.0801 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\Windows\system32\drivers\Cdr4_xp.sys
2010/12/22 17:58:05.0923 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\Windows\system32\drivers\Cdralw2k.sys
2010/12/22 17:58:06.0238 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2010/12/22 17:58:06.0375 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/12/22 17:58:06.0468 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2010/12/22 17:58:06.0639 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/12/22 17:58:06.0690 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/12/22 17:58:06.0838 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/12/22 17:58:06.0967 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/12/22 17:58:07.0013 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/12/22 17:58:07.0128 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2010/12/22 17:58:07.0333 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2010/12/22 17:58:07.0551 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2010/12/22 17:58:07.0740 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2010/12/22 17:58:07.0789 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2010/12/22 17:58:07.0970 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2010/12/22 17:58:08.0115 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
2010/12/22 17:58:08.0352 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/12/22 17:58:08.0534 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2010/12/22 17:58:08.0647 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/12/22 17:58:08.0895 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2010/12/22 17:58:08.0954 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2010/12/22 17:58:09.0090 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/12/22 17:58:09.0156 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2010/12/22 17:58:09.0216 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2010/12/22 17:58:09.0444 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/12/22 17:58:09.0514 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2010/12/22 17:58:09.0727 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2010/12/22 17:58:09.0794 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2010/12/22 17:58:09.0907 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/12/22 17:58:10.0009 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/12/22 17:58:10.0209 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/12/22 17:58:10.0279 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/12/22 17:58:10.0453 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2010/12/22 17:58:10.0489 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/12/22 17:58:10.0549 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2010/12/22 17:58:10.0687 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/12/22 17:58:10.0907 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2010/12/22 17:58:10.0959 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/12/22 17:58:11.0369 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/12/22 17:58:11.0614 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/12/22 17:58:11.0666 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/12/22 17:58:11.0901 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2010/12/22 17:58:12.0130 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2010/12/22 17:58:12.0205 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2010/12/22 17:58:12.0365 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/12/22 17:58:12.0452 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/12/22 17:58:12.0505 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2010/12/22 17:58:12.0668 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2010/12/22 17:58:12.0720 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/12/22 17:58:12.0795 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/12/22 17:58:12.0939 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/12/22 17:58:12.0979 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/12/22 17:58:13.0126 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/12/22 17:58:13.0212 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/12/22 17:58:13.0389 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
2010/12/22 17:58:13.0440 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
2010/12/22 17:58:13.0603 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
2010/12/22 17:58:13.0682 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2010/12/22 17:58:14.0083 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2010/12/22 17:58:14.0140 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2010/12/22 17:58:14.0272 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2010/12/22 17:58:14.0331 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
2010/12/22 17:58:14.0381 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/12/22 17:58:14.0554 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/12/22 17:58:14.0592 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/12/22 17:58:14.0714 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2010/12/22 17:58:14.0812 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2010/12/22 17:58:15.0023 LVRS (87ecce893d8aec5a9337b917742d339c) C:\Windows\system32\DRIVERS\lvrs.sys
2010/12/22 17:58:15.0354 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\Windows\system32\DRIVERS\lvuvc.sys
2010/12/22 17:58:15.0725 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/12/22 17:58:15.0788 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2010/12/22 17:58:15.0869 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2010/12/22 17:58:16.0062 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2010/12/22 17:58:16.0103 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2010/12/22 17:58:16.0232 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2010/12/22 17:58:16.0329 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/12/22 17:58:16.0607 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2010/12/22 17:58:16.0769 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/12/22 17:58:16.0840 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2010/12/22 17:58:17.0040 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/12/22 17:58:17.0125 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/12/22 17:58:17.0182 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/12/22 17:58:17.0263 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2010/12/22 17:58:17.0354 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/12/22 17:58:17.0511 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2010/12/22 17:58:17.0661 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2010/12/22 17:58:17.0780 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2010/12/22 17:58:17.0933 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/12/22 17:58:17.0993 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2010/12/22 17:58:18.0120 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2010/12/22 17:58:18.0188 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/12/22 17:58:18.0254 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2010/12/22 17:58:18.0387 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2010/12/22 17:58:18.0479 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2010/12/22 17:58:18.0789 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2010/12/22 17:58:18.0984 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/12/22 17:58:19.0045 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/12/22 17:58:19.0191 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/12/22 17:58:19.0254 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2010/12/22 17:58:19.0445 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2010/12/22 17:58:19.0509 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2010/12/22 17:58:19.0826 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/12/22 17:58:20.0178 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/12/22 17:58:20.0353 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2010/12/22 17:58:20.0405 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2010/12/22 17:58:20.0501 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2010/12/22 17:58:20.0633 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/12/22 17:58:20.0752 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2010/12/22 17:58:21.0270 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/12/22 17:58:21.0874 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/12/22 17:58:21.0912 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/12/22 17:58:22.0086 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/12/22 17:58:22.0237 NWADI (0973c0c696780161f4526586d5eac422) C:\Windows\system32\DRIVERS\NWADIenum.sys
2010/12/22 17:58:22.0470 NWUSBCDFIL (1fde5b2d61d97d803594df4b3bc28c4b) C:\Windows\system32\DRIVERS\NwUsbCdFil.sys
2010/12/22 17:58:22.0533 NWUSBModem (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbmdm.sys
2010/12/22 17:58:22.0702 NWUSBPort (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser.sys
2010/12/22 17:58:22.0769 NWUSBPort2 (65b471bb7e57c416a1e685ec07d4abfa) C:\Windows\system32\DRIVERS\nwusbser2.sys
2010/12/22 17:58:22.0934 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/12/22 17:58:23.0006 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/12/22 17:58:23.0086 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2010/12/22 17:58:23.0185 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/12/22 17:58:23.0250 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2010/12/22 17:58:23.0309 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/12/22 17:58:23.0474 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/12/22 17:58:23.0606 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/12/22 17:58:23.0731 pgfilter (2cf226173b467ab48f89d77e89936951) C:\Program Files\PeerGuardian2\pgfilter.sys
2010/12/22 17:58:23.0930 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2010/12/22 17:58:23.0975 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/12/22 17:58:24.0176 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2010/12/22 17:58:24.0221 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\Windows\system32\Drivers\PxHelp20.sys
2010/12/22 17:58:24.0376 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/12/22 17:58:24.0602 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/12/22 17:58:24.0672 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2010/12/22 17:58:24.0828 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2010/12/22 17:58:24.0887 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/12/22 17:58:24.0949 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/12/22 17:58:25.0092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2010/12/22 17:58:25.0167 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2010/12/22 17:58:25.0302 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/12/22 17:58:25.0367 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/12/22 17:58:25.0408 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2010/12/22 17:58:25.0684 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2010/12/22 17:58:25.0802 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
2010/12/22 17:58:25.0946 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2010/12/22 17:58:26.0045 RTL8169 (f875e277a79ef9d6f3ac89abb557a689) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/12/22 17:58:26.0214 samhidb (bb3ba44cf574f78cfca8802e68f47482) C:\Windows\system32\drivers\samhidb.sys
2010/12/22 17:58:26.0288 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/12/22 17:58:26.0474 SCMUSB (506756631a4775dc0e7ed61d24739df4) C:\Windows\system32\DRIVERS\stcusb.sys
2010/12/22 17:58:26.0554 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2010/12/22 17:58:26.0682 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/12/22 17:58:27.0092 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/12/22 17:58:27.0179 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/12/22 17:58:27.0299 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2010/12/22 17:58:27.0521 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/12/22 17:58:27.0573 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/12/22 17:58:27.0724 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/12/22 17:58:27.0784 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2010/12/22 17:58:27.0844 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/12/22 17:58:27.0969 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/12/22 17:58:28.0012 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/12/22 17:58:28.0087 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2010/12/22 17:58:28.0321 SMSIVZAM5 (1e715247efffdda938c085913045d599) C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
2010/12/22 17:58:28.0489 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2010/12/22 17:58:28.0579 sptd (71e276f6d189413266ea22171806597b) C:\Windows\system32\Drivers\sptd.sys
2010/12/22 17:58:28.0579 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
2010/12/22 17:58:28.0588 sptd - detected Locked file (1)
2010/12/22 17:58:28.0750 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2010/12/22 17:58:28.0801 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2010/12/22 17:58:28.0841 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2010/12/22 17:58:29.0017 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2010/12/22 17:58:29.0181 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2010/12/22 17:58:29.0251 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/12/22 17:58:29.0366 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/12/22 17:58:29.0403 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/12/22 17:58:29.0481 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
2010/12/22 17:58:29.0671 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2010/12/22 17:58:29.0757 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2010/12/22 17:58:29.0876 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2010/12/22 17:58:29.0963 TcUsb (53900527fa5e2ccc818c5894383772d1) C:\Windows\system32\Drivers\tcusb.sys
2010/12/22 17:58:30.0135 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
2010/12/22 17:58:30.0199 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2010/12/22 17:58:30.0321 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2010/12/22 17:58:30.0387 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2010/12/22 17:58:30.0463 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2010/12/22 17:58:30.0642 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
2010/12/22 17:58:30.0881 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\Windows\system32\DRIVERS\tosporte.sys
2010/12/22 17:58:30.0946 tosrfbd (8c3bfaf3fca90502e6fa35503b8e979e) C:\Windows\system32\DRIVERS\tosrfbd.sys
2010/12/22 17:58:31.0170 tosrfbnp (90c8525bc578aaffe87c2d0ed4379e9e) C:\Windows\system32\Drivers\tosrfbnp.sys
2010/12/22 17:58:31.0356 Tosrfcom (4742f0bad28268ab093ed6f4ea857997) C:\Windows\system32\Drivers\tosrfcom.sys
2010/12/22 17:58:31.0409 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
2010/12/22 17:58:31.0452 Tosrfhid (7c807ba9660e2995cc0217a14a24094c) C:\Windows\system32\DRIVERS\Tosrfhid.sys
2010/12/22 17:58:31.0581 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\Windows\system32\DRIVERS\tosrfnds.sys
2010/12/22 17:58:31.0633 TosRfSnd (a4ce9572bc4ac8d329455059b43c5bea) C:\Windows\system32\drivers\tosrfsnd.sys
2010/12/22 17:58:31.0807 Tosrfusb (01c90086cd37e7e8d9a827e24167fcb7) C:\Windows\system32\DRIVERS\tosrfusb.sys
2010/12/22 17:58:31.0877 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
2010/12/22 17:58:32.0292 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/12/22 17:58:32.0485 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2010/12/22 17:58:32.0560 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2010/12/22 17:58:32.0702 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2010/12/22 17:58:32.0793 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/12/22 17:58:32.0957 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2010/12/22 17:58:33.0082 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/12/22 17:58:33.0180 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/12/22 17:58:33.0256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/12/22 17:58:33.0381 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/12/22 17:58:33.0498 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2010/12/22 17:58:33.0627 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
2010/12/22 17:58:33.0778 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
2010/12/22 17:58:33.0896 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2010/12/22 17:58:33.0956 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/12/22 17:58:34.0036 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/12/22 17:58:34.0169 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2010/12/22 17:58:34.0242 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2010/12/22 17:58:34.0346 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/12/22 17:58:34.0434 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2010/12/22 17:58:34.0519 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2010/12/22 17:58:34.0642 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/12/22 17:58:34.0743 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/12/22 17:58:34.0894 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2010/12/22 17:58:34.0996 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
2010/12/22 17:58:35.0121 UVCFTR (3b929a72aaea96dc0150d3a6da268c89) C:\Windows\system32\Drivers\UVCFTR_S.SYS
2010/12/22 17:58:35.0212 VClone (2cc2660b3ec3434c88d2c808dd7937d4) C:\Windows\system32\DRIVERS\VClone.sys
2010/12/22 17:58:35.0364 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/12/22 17:58:35.0518 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2010/12/22 17:58:35.0611 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/12/22 17:58:35.0689 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/12/22 17:58:35.0732 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/12/22 17:58:35.0915 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2010/12/22 17:58:35.0988 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2010/12/22 17:58:36.0120 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2010/12/22 17:58:36.0182 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/12/22 17:58:36.0241 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/12/22 17:58:36.0411 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/22 17:58:36.0445 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2010/12/22 17:58:36.0606 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/12/22 17:58:36.0689 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2010/12/22 17:58:36.0940 WmFilter (b3cfcbcc91ff61ef82fc693b8b57e7f0) C:\Windows\system32\drivers\WmFilter.sys
2010/12/22 17:58:37.0000 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/12/22 17:58:37.0370 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/12/22 17:58:37.0502 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2010/12/22 17:58:37.0615 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
2010/12/22 17:58:37.0758 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/12/22 17:58:38.0222 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/22 17:58:38.0227 ================================================================================
2010/12/22 17:58:38.0227 Scan finished
2010/12/22 17:58:38.0227 ================================================================================
2010/12/22 17:58:38.0244 Detected object count: 2
2010/12/22 17:58:56.0701 Locked file(sptd) - User select action: Skip
2010/12/22 17:58:56.0807 \HardDisk1 - will be cured after reboot
2010/12/22 17:58:56.0808 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure
2010/12/22 17:59:02.0035 Deinitialize success
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby acerda23 » December 22nd, 2010, 8:08 pm

ComboFix 10-12-21.01 - ap 12/22/2010 17:32:25.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1145 [GMT -6:00]
Running from: c:\users\ap\Desktop\ComboFix.exe
Command switches used :: c:\users\ap\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\TEMP\A277.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ap\AppData\Roaming\Meyq
c:\users\ap\AppData\Roaming\Meyq\opyq.exe
c:\users\ap\AppData\Roaming\Moere\byip.exe

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-11-22 to 2010-12-22 )))))))))))))))))))))))))))))))
.

2010-12-22 23:47 . 2010-12-22 23:47 -------- d-----w- c:\users\ap\AppData\Local\temp
2010-12-22 23:47 . 2010-12-22 23:47 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-12-22 23:47 . 2010-12-22 23:47 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-12-22 23:47 . 2010-12-22 23:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-22 23:47 . 2010-12-22 23:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-22 23:11 . 2010-12-22 23:14 -------- d-----w- c:\users\ap\AppData\Roaming\Ehput
2010-12-22 23:11 . 2010-12-22 23:11 174592 ----a-w- c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uladv.exe
2010-12-22 23:11 . 2010-12-22 23:11 174592 ----a-w- c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\esvehe.exe
2010-12-22 23:11 . 2010-12-22 23:11 174592 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\acamu.exe
2010-12-22 23:11 . 2010-12-22 23:11 174592 ----a-w- c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\axoro.exe
2010-12-22 00:59 . 2010-12-22 01:00 -------- d-----w- c:\users\ap\AppData\Roaming\uTorrent
2010-12-21 21:46 . 2010-12-21 21:46 180736 ----a-w- c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\niyv.exe
2010-12-21 21:46 . 2010-12-21 21:46 180736 ----a-w- c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uwofvo.exe
2010-12-21 21:46 . 2010-12-21 21:46 180736 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xulodu.exe
2010-12-21 16:25 . 2010-12-21 16:25 -------- d-----w- c:\program files\iPod
2010-12-21 16:25 . 2010-12-21 16:26 -------- d-----w- c:\program files\iTunes
2010-12-20 22:19 . 2010-12-20 22:19 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-12-20 22:19 . 2010-12-20 22:19 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-12-20 20:18 . 2010-12-20 20:18 -------- d-----w- c:\users\ap\AppData\Roaming\Avira
2010-12-20 20:12 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-20 20:12 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 20:12 . 2010-12-20 20:12 -------- d-----w- c:\programdata\Avira
2010-12-20 20:12 . 2010-12-20 20:12 -------- d-----w- c:\program files\Avira
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-12-17 22:07 . 2002-02-28 00:50 197120 ----a-w- c:\windows\patchw32.dll
2010-12-16 04:04 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 04:04 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 04:04 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 04:04 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 04:04 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 04:04 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 04:04 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:04 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:04 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:02 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 04:01 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-16 04:01 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 04:01 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 04:01 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-16 03:57 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 00:42 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{602C609C-1104-41E2-B861-34C8E29F4793}\mpengine.dll
2010-12-13 16:22 . 2010-12-13 16:22 -------- d-----w- c:\users\ap\AppData\Roaming\Atari
2010-12-13 14:11 . 2010-12-13 23:45 -------- d-----w- c:\program files\Landwirtschafts Simulator 2011
2010-12-09 20:30 . 2010-12-13 13:57 -------- d-----w- c:\users\ap\AppData\Local\FullTiltPoker.NET
2010-12-09 20:29 . 2010-12-13 13:57 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-12-06 00:53 . 2010-12-06 00:53 -------- d-----w- c:\users\ap\AppData\Roaming\OpenOffice.org
2010-12-06 00:34 . 2010-12-06 00:34 -------- d-----w- c:\program files\JRE
2010-12-06 00:33 . 2010-12-06 00:34 -------- d-----w- c:\program files\OpenOffice.org 3
2010-12-03 02:13 . 2010-12-03 02:13 -------- d-----w- c:\users\ap\AppData\Roaming\AnvSoft
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 00:29 . 2010-11-27 00:29 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-27 00:20 . 2010-11-27 00:20 -------- d-----w- c:\program files\Codemasters
2010-11-24 02:32 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-10-02 22:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55 . 2010-11-15 17:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55 . 2010-11-15 17:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55 . 2010-11-15 17:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55 . 2010-11-15 17:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55 . 2010-11-15 17:00 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2010-11-15 17:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-11-15 17:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-11-15 17:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-11-15 17:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-11-15 17:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-11-15 17:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2007-09-16 03:41 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 18:55 . 2007-09-16 03:41 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:42 . 2010-10-16 18:42 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 18:42 . 2010-10-16 18:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 18:42 . 2010-10-16 18:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 18:42 . 2010-10-16 18:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 18:42 . 2010-10-16 18:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 18:42 . 2010-10-16 18:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-14 07:36 . 2010-10-14 07:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 07:36 . 2010-10-14 07:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-11 09:07 . 2010-10-11 09:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-28 21:44 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
2010-09-24 18:25 . 2010-09-24 18:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
2010-09-24 18:25 . 2010-09-24 18:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
2010-09-24 18:24 . 2010-09-24 18:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
2010-09-24 18:19 . 2010-09-24 18:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-09-24 17:14 . 2010-09-24 17:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
2003-03-19 02:20 . 2010-06-07 12:47 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 09:42 . 2010-06-07 12:47 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2009-04-30 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
axoro.exe [2010-12-22 174592]

c:\users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-4 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 17:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2008-07-07 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 174336]
R3 samhidb;samhidb;c:\windows\system32\drivers\samhidb.sys [2007-05-12 22391]
R3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;c:\windows\system32\DRIVERS\stcusb.sys [2008-01-19 22016]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 268528]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-30 717296]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-22 c:\windows\Tasks\User_Feed_Synchronization-{350F5D5B-B8B6-4082-ACFC-49A0CDBA7EF4}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flyingincognitosleep.com/cgi-bin/h.pl
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\w65xxmtu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://flyingincognitosleep.com/cgi-bin/h.pl
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6d786 ... g=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://flyingincognitosleep.com/cgi-bin/h.pl
FF - user.js: browser.startup.page - 1
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-{21C729FD-8AB5-B391-3463-39B325BFBD00} - c:\users\ap\AppData\Roaming\Moere\byip.exe
HKCU-Run-{2FDBE596-3212-B33C-DEFA-633B71495038} - c:\users\ap\AppData\Roaming\Meyq\opyq.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-22 17:47
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: TOSHIBA_MK1237GSX rev.DL130M -> Harddisk0\DR0 -> \Device\Ide\IdePort2 P2T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86AF1555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86af77b0]; MOV EAX, [0x86af782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82A60962] -> \Device\Harddisk0\DR0[0x86456470]
3 CLASSPNP[0x8890C8B3] -> ntkrnlpa!IofCallDriver[0x82A60962] -> [0x86C80C88]
\Driver\atapi[0x86B01F38] -> IRP_MJ_CREATE -> 0x86AF1555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP2T0L0-4 -> \??\IDE#DiskTOSHIBA_MK1237GSX_______________________DL130M__#5&1348f061&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85a1c1f8
user != kernel MBR !!!
sectors 234441646 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Completion time: 2010-12-22 17:52:23
ComboFix-quarantined-files.txt 2010-12-22 23:52
ComboFix2.txt 2010-12-21 20:39

Pre-Run: 19,985,952,768 bytes free
Post-Run: 19,955,187,712 bytes free

- - End Of File - - A959C91631CEFD0545A68C240FDCEFBD
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 23rd, 2010, 6:31 am

Hi acerda23
Are your searches still redirected?

MBRCheck

    Please download MBRCheck.exe and save it to your desktop.
  • Right click on MBRCheck.exe and select " Run as administrator " to run it.
  • A window similar to this should open on your desktop:

Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again.
  • A log will open on your Desktop ...... MBRCheck_mm.dd.yy_hh.mm.ss.txt (where mm.dd.yy_hh.mm.ss are the date and time the scan was run)
  • Please post the contents of the log in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 23rd, 2010, 1:37 pm

I wanted to give my system a day or so to see if it would redirect me while browsing. It seems to be working 100 times better now. Thank you so much for helping me...


MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite X205
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 176):
0x82A45000 \SystemRoot\system32\ntkrnlpa.exe
0x82A12000 \SystemRoot\system32\hal.dll
0x8040A000 \SystemRoot\system32\kdcom.dll
0x80411000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80481000 \SystemRoot\system32\PSHED.dll
0x80492000 \SystemRoot\system32\BOOTVID.dll
0x8049A000 \SystemRoot\system32\CLFS.SYS
0x804DB000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\System32\Drivers\spyp.sys
0x80793000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8079C000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8340C000 \SystemRoot\system32\drivers\acpi.sys
0x83452000 \SystemRoot\system32\drivers\msisadrv.sys
0x8345A000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x83464000 \SystemRoot\system32\drivers\pci.sys
0x8348B000 \SystemRoot\System32\drivers\partmgr.sys
0x8349A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8349D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x834A7000 \SystemRoot\system32\drivers\volmgr.sys
0x834B6000 \SystemRoot\System32\drivers\volmgrx.sys
0x83500000 \SystemRoot\system32\drivers\intelide.sys
0x83507000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x83515000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x83542000 \SystemRoot\System32\drivers\mountmgr.sys
0x83552000 \SystemRoot\system32\drivers\atapi.sys
0x8355A000 \SystemRoot\system32\drivers\ataport.SYS
0x83578000 \SystemRoot\system32\drivers\msahci.sys
0x83582000 \SystemRoot\system32\drivers\fltmgr.sys
0x835B4000 \SystemRoot\system32\drivers\fileinfo.sys
0x835C4000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x83600000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83671000 \SystemRoot\system32\drivers\ndis.sys
0x8377C000 \SystemRoot\system32\drivers\msrpc.sys
0x837A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x88800000 \SystemRoot\System32\drivers\tcpip.sys
0x888EA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88A01000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88B11000 \SystemRoot\system32\drivers\volsnap.sys
0x88B4A000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x88B4F000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x88B9A000 \SystemRoot\System32\Drivers\spldr.sys
0x88BA2000 \SystemRoot\System32\Drivers\mup.sys
0x88BB1000 \SystemRoot\System32\drivers\ecache.sys
0x88BD8000 \SystemRoot\system32\drivers\disk.sys
0x88905000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x88BE9000 \SystemRoot\system32\drivers\crcdisk.sys
0x8893B000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x88946000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8894F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8CA06000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8D3A3000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8895E000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8D3A5000 \SystemRoot\System32\drivers\watchdog.sys
0x8D3B1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8D3BC000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x837E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8D406000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8D493000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8D606000 \SystemRoot\system32\DRIVERS\NETw4v32.sys
0x8D835000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8D845000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D853000 \SystemRoot\system32\drivers\tifm21.sys
0x8D89F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8D8B9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8D8BD000 \SystemRoot\system32\DRIVERS\tosrfec.sys
0x8D8C0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D8D3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8D8DE000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8D910000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D912000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8D91D000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8D922000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D93B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8D941000 \SystemRoot\System32\Drivers\a3nr0z6u.SYS
0x8D977000 \SystemRoot\System32\Drivers\tosrfcom.sys
0x8D987000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8D9B6000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D4B7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8D4C2000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D4D9000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8D4E4000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8D507000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8D516000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8D52A000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8D53F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D9F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D54F000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D579000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D5B4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D5BE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D5CB000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x837F1000 \SystemRoot\system32\DRIVERS\tosporte.sys
0x835CD000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8F402000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x807C2000 \SystemRoot\system32\drivers\portcls.sys
0x805BB000 \SystemRoot\system32\drivers\drmk.sys
0x8F80E000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8F92A000 \SystemRoot\system32\drivers\modem.sys
0x8F939000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x8F93A000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x8F93B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8F944000 \SystemRoot\System32\Drivers\Null.SYS
0x8F94B000 \SystemRoot\System32\Drivers\Beep.SYS
0x8F95B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F962000 \SystemRoot\System32\drivers\vga.sys
0x8F96E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8F98F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8F997000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8F99F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8F9AA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8F9B8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8F9C1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8FC06000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8FC38000 \SystemRoot\system32\DRIVERS\smb.sys
0x8FC4C000 \SystemRoot\system32\drivers\afd.sys
0x8FC94000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8FCAA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8FCB8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8FCCB000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8FCD1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8FD0D000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8FD17000 \SystemRoot\System32\Drivers\dfsc.sys
0x8FD2E000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FD54000 \SystemRoot\System32\Drivers\tcusb.sys
0x8FD5E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8FD75000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8FD7E000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8FD8E000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8FD96000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8FD9F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8FDA7000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8FDAF000 \SystemRoot\system32\DRIVERS\tosrfusb.sys
0x8FDBA000 \SystemRoot\system32\DRIVERS\tosrfbd.sys
0x8FDD6000 \SystemRoot\system32\DRIVERS\Tosrfhid.sys
0x8FDE8000 \SystemRoot\System32\Drivers\tosrfbnp.sys
0x8FDF1000 \SystemRoot\system32\DRIVERS\tosrfnds.sys
0x8FDF6000 \SystemRoot\System32\Drivers\UVCFTR_S.SYS
0x8F9D7000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8F800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F5DE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F5E9000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x9AC50000 \SystemRoot\System32\win32k.sys
0x8F5F3000 \SystemRoot\System32\drivers\Dxapi.sys
0x88926000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9AE70000 \SystemRoot\System32\TSDDD.dll
0x9AE90000 \SystemRoot\System32\cdd.dll
0x9AEA0000 \SystemRoot\System32\ATMFD.DLL
0x835DE000 \SystemRoot\system32\drivers\luafv.sys
0x805E0000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA1E00000 \SystemRoot\system32\drivers\spsys.sys
0xA1EB0000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA1EC0000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA1EEA000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA1EF4000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA1F07000 \SystemRoot\system32\drivers\HTTP.sys
0xA1F74000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA1F91000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA1FAA000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA1FBF000 \SystemRoot\system32\drivers\mrxdav.sys
0xA1FE0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA4A07000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA4A40000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA4A58000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA4A80000 \SystemRoot\System32\DRIVERS\srv.sys
0xA4AE6000 \SystemRoot\system32\drivers\peauth.sys
0xA4BC4000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4BCE000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4BDA000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xA4BDF000 \SystemRoot\system32\drivers\tdtcp.sys
0xA4BEA000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0xAD000000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xAD033000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x776C0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\daemon.dll

Processes (total 96):
0 System Idle Process
4 System
544 C:\Windows\System32\smss.exe
744 csrss.exe
804 C:\Windows\System32\wininit.exe
812 csrss.exe
848 C:\Windows\System32\services.exe
868 C:\Windows\System32\lsass.exe
876 C:\Windows\System32\lsm.exe
1020 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\nvvsvc.exe
1096 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1140 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1272 C:\Windows\System32\svchost.exe
1336 C:\Windows\System32\audiodg.exe
1360 C:\Windows\System32\svchost.exe
1376 C:\Windows\System32\SLsvc.exe
1424 C:\Windows\System32\svchost.exe
1520 C:\Windows\System32\winlogon.exe
1588 C:\Windows\System32\svchost.exe
1832 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1844 C:\Windows\System32\nvvsvc.exe
1908 C:\Windows\System32\wlanext.exe
2024 C:\Windows\System32\spoolsv.exe
280 C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
296 C:\Program Files\Protector Suite QL\upeksvr.exe
900 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
1404 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1952 C:\Windows\System32\svchost.exe
2560 C:\Windows\System32\agrsmsvc.exe
2612 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2640 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2704 C:\Program Files\Bonjour\mDNSResponder.exe
2720 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2788 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
2948 C:\Windows\System32\svchost.exe
3008 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
3020 C:\Windows\System32\svchost.exe
3160 C:\Toshiba\IVP\ISM\pinger.exe
3176 C:\Windows\System32\svchost.exe
3188 C:\Windows\System32\svchost.exe
3200 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3244 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3300 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
3324 C:\Windows\System32\taskeng.exe
3344 C:\Windows\System32\svchost.exe
3376 C:\Toshiba\IVP\swupdate\swupdtmr.exe
3416 C:\Program Files\Toshiba\TOSHIBA HD DVD PLAYER\TNaviSrv.exe
3480 C:\Windows\System32\TODDSrv.exe
3512 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
3632 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
3656 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
3712 C:\Program Files\Viewpoint\Common\ViewpointService.exe
3728 C:\Windows\System32\svchost.exe
3764 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
3832 C:\Windows\System32\SearchIndexer.exe
3984 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3032 C:\Windows\System32\taskeng.exe
3528 C:\Windows\System32\dwm.exe
3788 C:\Windows\explorer.exe
3460 C:\Windows\RtHDVCpl.exe
2684 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2716 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
2924 C:\Windows\WindowsMobile\wmdSync.exe
2036 C:\Program Files\ActivIdentity\ActivClient\acevents.exe
4112 C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
4160 C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
4244 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4264 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
4276 C:\Windows\ehome\ehtray.exe
4292 C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
4304 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4804 C:\Windows\System32\svchost.exe
4920 C:\Program Files\Protector Suite QL\psqltray.exe
4956 C:\Windows\ehome\ehmsas.exe
5372 C:\Windows\System32\svchost.exe
6132 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
5140 C:\Program Files\Common Files\LogiShrd\KHAL2\KHALMNPR.exe
5616 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5204 C:\Program Files\Windows Media Player\wmpnetwk.exe
4684 C:\Users\ap\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
1924 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
3060 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
2436 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
4400 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
3576 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
3052 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
4260 C:\Users\ap\AppData\Local\Google\Chrome\Application\chrome.exe
4996 WmiPrvSE.exe
5816 C:\Windows\System32\SearchProtocolHost.exe
2736 C:\Windows\System32\SearchFilterHost.exe
5048 C:\Users\ap\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00200000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK1237GSX, Rev: DL130M
PhysicalDrive1 Model Number: TOSHIBAMK1237GSX, Rev: DL130M

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61
111 GB \\.\PhysicalDrive1 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 23rd, 2010, 1:46 pm

Hi acerda23.
Thank you so much for helping me...

You're welcome.
I wanted to give my system a day or so to see if it would redirect me while browsing. It seems to be working 100 times better now.

You had an infected (MBR) Master Boot Record but it looks like the scans have fixed it.
We still have work to do so stay with me.


Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the fix.

Next.

ComboFix - CFScript
This script is for this user and computer ONLY! Using this tool incorrectly could cause problems with your operating system... preventing it from ever starting again!
You will not have Internet access when you execute ComboFix. All open windows will need to be closed!
  1. Please open Notepad and copy/paste all the text below... into the window:
    Code: Select all
    File::
    c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uladv.exe
    c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\esvehe.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\acamu.exe
    c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\axoro.exe
    c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\niyv.exe
    c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uwofvo.exe
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xulodu.exe
    
    Folder::
    c:\users\ap\AppData\Roaming\Ehput
    c:\users\ap\AppData\Roaming\uTorrent
    
    
  2. Save it to your desktop as CFScript.txt
  3. Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
    *Only* when the 2 items above (Step 3) have been taken care of...
  4. Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:
    Image
    This will cause ComboFix to run again.
    Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash.
    Do Not touch your computer when ComboFix is running!
  5. When finished ComboFix will create a log file... you can save this file to a convenient place.
Please copy/paste the ComboFix log file in your next reply.


Logs/Information to Post in your Next Reply

  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 23rd, 2010, 2:51 pm

ComboFix 10-12-21.01 - ap 12/23/2010 12:24:10.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1111 [GMT -6:00]
Running from: c:\users\ap\Desktop\ComboFix.exe
Command switches used :: c:\users\ap\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\acamu.exe"
"c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xulodu.exe"
"c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\axoro.exe"
"c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\esvehe.exe"
"c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uwofvo.exe"
"c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\niyv.exe"
"c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uladv.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\ap\AppData\Roaming\Ehput
c:\users\ap\AppData\Roaming\uTorrent
c:\users\ap\AppData\Roaming\uTorrent\apps.btapp
c:\users\ap\AppData\Roaming\uTorrent\apps\DADC6E156485529178AD96DD503321DE39C1BED5.btapp
c:\users\ap\AppData\Roaming\uTorrent\dlimagecache\10E6FBE4D921B475FA5FEC6E9A535A540D6FEED1
c:\users\ap\AppData\Roaming\uTorrent\dlimagecache\2D78C93EC367E6C1D9894103FA04B3BE5B20A84E
c:\users\ap\AppData\Roaming\uTorrent\dlimagecache\32F529521A3DEC709F97F761F192AABF29BDC408
c:\users\ap\AppData\Roaming\uTorrent\dlimagecache\BBEEC0395D21A2A7F91889D7C7509F3D5D46FC05
c:\users\ap\AppData\Roaming\uTorrent\settings.dat
c:\users\ap\AppData\Roaming\uTorrent\settings.dat.old
c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\xulodu.exe
c:\users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\uwofvo.exe
c:\users\Mcx2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\niyv.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 18:33 . 2010-12-23 18:34 -------- d-----w- c:\users\ap\AppData\Local\temp
2010-12-23 18:33 . 2010-12-23 18:33 -------- d-----w- c:\users\Mcx2\AppData\Local\temp
2010-12-23 18:33 . 2010-12-23 18:33 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2010-12-23 18:33 . 2010-12-23 18:33 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-23 18:33 . 2010-12-23 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 00:58 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16FB3AD3-8143-40BB-8DD7-9C9F3D27049E}\mpengine.dll
2010-12-21 16:25 . 2010-12-21 16:25 -------- d-----w- c:\program files\iPod
2010-12-21 16:25 . 2010-12-21 16:26 -------- d-----w- c:\program files\iTunes
2010-12-20 22:19 . 2010-12-20 22:19 -------- d-----w- c:\users\Default\AppData\Roaming\Apple Computer
2010-12-20 22:19 . 2010-12-20 22:19 -------- d-----w- c:\users\Default\AppData\Local\Apple Computer
2010-12-20 20:18 . 2010-12-20 20:18 -------- d-----w- c:\users\ap\AppData\Roaming\Avira
2010-12-20 20:12 . 2010-12-13 14:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-20 20:12 . 2010-12-13 14:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 20:12 . 2010-12-20 20:12 -------- d-----w- c:\programdata\Avira
2010-12-20 20:12 . 2010-12-20 20:12 -------- d-----w- c:\program files\Avira
2010-12-17 22:07 . 2010-12-17 22:07 -------- d-----w- c:\program files\Common Files\PocketSoft
2010-12-17 22:07 . 2002-02-28 00:50 197120 ----a-w- c:\windows\patchw32.dll
2010-12-16 04:04 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-16 04:04 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-16 04:04 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-16 04:04 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-16 04:04 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-16 04:04 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 04:04 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-16 04:04 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-16 04:04 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-16 04:02 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-16 04:01 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2010-12-16 04:01 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-16 04:01 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-16 04:01 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-16 03:57 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-13 16:22 . 2010-12-13 16:22 -------- d-----w- c:\users\ap\AppData\Roaming\Atari
2010-12-13 14:11 . 2010-12-13 23:45 -------- d-----w- c:\program files\Landwirtschafts Simulator 2011
2010-12-09 20:30 . 2010-12-13 13:57 -------- d-----w- c:\users\ap\AppData\Local\FullTiltPoker.NET
2010-12-09 20:29 . 2010-12-13 13:57 -------- d-----w- c:\program files\Full Tilt Poker.Net
2010-12-06 00:53 . 2010-12-06 00:53 -------- d-----w- c:\users\ap\AppData\Roaming\OpenOffice.org
2010-12-06 00:34 . 2010-12-06 00:34 -------- d-----w- c:\program files\JRE
2010-12-06 00:33 . 2010-12-06 00:34 -------- d-----w- c:\program files\OpenOffice.org 3
2010-12-03 02:13 . 2010-12-03 02:13 -------- d-----w- c:\users\ap\AppData\Roaming\AnvSoft
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 00:29 . 2010-11-27 00:29 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-11-27 00:20 . 2010-11-27 00:20 -------- d-----w- c:\program files\Codemasters
2010-11-24 02:32 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2009-10-02 22:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 18:55 . 2010-11-15 17:00 5473896 ----a-w- c:\windows\system32\nvwgf2um.dll
2010-10-16 18:55 . 2010-11-15 17:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55 . 2010-11-15 17:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55 . 2010-11-15 17:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55 . 2010-11-15 17:00 10084360 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-10-16 18:55 . 2010-11-15 17:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55 . 2010-11-15 17:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55 . 2010-11-15 17:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55 . 2010-11-15 17:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55 . 2010-11-15 17:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55 . 2010-11-15 17:00 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2010-10-16 18:55 . 2007-09-16 03:41 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 18:55 . 2007-09-16 03:41 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:42 . 2010-10-16 18:42 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-10-16 18:42 . 2010-10-16 18:42 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 18:42 . 2010-10-16 18:42 1881704 ----a-w- c:\windows\system32\nvsvcr.dll
2010-10-16 18:42 . 2010-10-16 18:42 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 18:42 . 2010-10-16 18:42 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 18:42 . 2010-10-16 18:42 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-14 07:36 . 2010-10-14 07:36 15451288 ----a-w- c:\windows\system32\xlive.dll
2010-10-14 07:36 . 2010-10-14 07:36 13642904 ----a-w- c:\windows\system32\xlivefnt.dll
2010-10-11 09:07 . 2010-10-11 09:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-09-28 21:44 . 2010-09-28 21:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2010-09-28 21:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2003-03-19 02:20 . 2010-06-07 12:47 1060864 ----a-w- c:\program files\mozilla firefox\plugins\mfc71.dll
2003-02-21 09:42 . 2010-06-07 12:47 348160 ----a-w- c:\program files\mozilla firefox\plugins\msvcr71.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 17:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-05-18 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"Google Update"="c:\users\ap\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-23 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-07-27 204800]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-04 4702208]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ApproveItForOfficeSetup"="c:\program files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe" [2009-04-30 155648]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

c:\users\ap\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-4 813584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 17:07 96008 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2008-07-07 20480]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2008-05-09 174336]
R3 samhidb;samhidb;c:\windows\system32\drivers\samhidb.sys [2007-05-12 22391]
R3 SCMUSB;SCM Microsystems SCR300 USB Smart Card Reader;c:\windows\system32\DRIVERS\stcusb.sys [2008-01-19 22016]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [2009-03-21 32408]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-30 717296]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001Core.job
- c:\users\ap\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 00:10]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2471965245-1943476174-3207880002-1001UA.job
- c:\users\ap\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-23 00:10]

2010-12-22 c:\windows\Tasks\User_Feed_Synchronization-{350F5D5B-B8B6-4082-ACFC-49A0CDBA7EF4}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flyingincognitosleep.com/cgi-bin/h.pl
uInternet Settings,ProxyOverride = <local>;*.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\ap\AppData\Roaming\Mozilla\Firefox\Profiles\w65xxmtu.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://flyingincognitosleep.com/cgi-bin/h.pl
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cc6d786 ... g=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: tab-search: tab@search.com - %profile%\extensions\tab@search.com
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxp://flyingincognitosleep.com/cgi-bin/h.pl
FF - user.js: browser.startup.page - 1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 12:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-23 12:36:07
ComboFix-quarantined-files.txt 2010-12-23 18:36
ComboFix2.txt 2010-12-22 23:52
ComboFix3.txt 2010-12-21 20:39

Pre-Run: 20,881,412,096 bytes free
Post-Run: 20,839,112,704 bytes free

- - End Of File - - EAE8FB3FBB973420341AFE51618E61EB
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 23rd, 2010, 3:08 pm

Hi acerda23.
Good work that looks much better.
We need to run another scan to check for leftovers.

Java SE Runtime Environment (JRE).

Please download from HERE
  • Find Java SE Runtime Environment (JRE) 6 Update 23.
  • Click the Download JRE button to the right.
  • Choose the correct Platform and Multi-language. Next, check the box that says I agree to the Java SE Runtime Environment 6 License Agreement.
  • Click the Continue button.
  • Click on the filename under Windows Offline Installation and save it to your desktop.
  • Close all active windows.
  • Install the program.

Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X.

Next.

Please download ATF Cleaner to your desktop.

  • Right-click ATF-Cleaner.exe And select " Run as administrator " to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Disable Avira anti-virus

  • Please navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Image )
  • Note: Don't forget to re-enable it after the below scan..

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



Logs/Information to Post in your Next Reply

  • ESET log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 23rd, 2010, 6:29 pm

Couldn't find the log in the folder... I did copy this though.

C:\Qoobox\Quarantine\[4]-Submit_2010-12-23_12.23.14.zip a variant of Win32/Kryptik.JDC trojan
C:\Qoobox\Quarantine\C\Users\ap\AppData\Roaming\Moere\byip.exe.vir a variant of Win32/Kryptik.JDC trojan
C:\Users\ap\AppData\Local\oxocemuvaponame.dll Win32/Adware.SpywareProtect2009 application
C:\Users\Guest\AppData\Roaming\Navec\acxa.exe a variant of Win32/Kryptik.JDC trojan
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 24th, 2010, 6:28 am

Hi acerda23.
Do the following then give me an update on how your PC is performing.
If you are having no further problems i will give you final instructions.

Re-run OTM
  • Right-click OTM.exe and select " Run as administrator " to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Files
    C:\Users\ap\AppData\Local\oxocemuvaponame.dll 
    C:\Users\Guest\AppData\Roaming\Navec
    
    :Commands
    [EmptyFlash]
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the largeImage button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Logs/Information to Post in your Next Reply

  • OTM log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby acerda23 » December 24th, 2010, 3:43 pm

Computer seems to be working smoothly now.


All processes killed
========== FILES ==========
LoadLibrary failed for C:\Users\ap\AppData\Local\oxocemuvaponame.dll
C:\Users\ap\AppData\Local\oxocemuvaponame.dll moved successfully.
C:\Users\Guest\AppData\Roaming\Navec folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: ap
->Temp folder emptied: 35750 bytes
->Temporary Internet Files folder emptied: 178463 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44855753 bytes
->Google Chrome cache emptied: 12562769 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 9806 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 153253 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 589132047 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 664 bytes
RecycleBin emptied: 3612 bytes

Total Files Cleaned = 617.00 mb


OTM by OldTimer - Version 3.1.15.0 log created on 12242010_133124

Files moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
acerda23
Regular Member
 
Posts: 31
Joined: August 31st, 2010, 12:04 am

Re: redirect issues and more...

Unread postby Cypher » December 25th, 2010, 6:33 am

Hi acerda23.
your latest set of logs appear to be clean!
This is my general post for when your logs show no more signs of malware.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Time for some housekeeping
  • Click on Start > All programs > Accessories > Run.
  • Now type in ComboFix /Uninstall into the box and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
    Image
The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Next

Clean up with OTM

  • Right-click OTM.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTM main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpywareBlaster
Download and install Javacools SpywareBlaster from Here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update > Check for updates.
To update Office
Open up any Office program.
Go to Help > Check for Updates

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Merry Christmas and Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: redirect issues and more...

Unread postby Cypher » December 26th, 2010, 7:23 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 335 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware