TechSpot

Google redirecting

By mcIrishgurl
Jun 25, 2010
  1. Day 3 and still hoping for help from anyone with Google redirecting to random sites and getting pop ups that open new browser tab. Original Boot scan showed *RAW :C:\hiberfil.sysWin32:Hupigon-ONX[Trj]. Did 8 steps, however not able to do any Windows XP updating; receiving error 0x80072EFF. DDS log wouldn't upload so included below. Hoping someone can help...thanx!
     

    Attached Files:

  2. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    dds

    dds log won't upload and when pasting into body here, goes to internet explorer can't display this page!
     
  3. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    dds log

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Joe at 13:53:19.09 on Fri 06/25/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.604 [GMT -5:00]

    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\WINDOWS\system32\tcpsvcs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Joe\My Documents\dds.scr
     
  4. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://att.my.yahoo.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    mSearchAssistant =
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
     
  5. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [srmclean] c:\cpqs\scom\srmclean.exe
    mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    Trusted Zone: microsoft.com\*.update
     
  6. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    rest of dds log not posting....will keep trying...
     
  7. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    dds log

    was finally able to post the whole dds log; only would let me upload as zip...hope that's ok..
     

    Attached Files:

  8. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    hope i wasn't lost in the shuffle...still looking for help.... :\
     
  9. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    I know you guys are probably inundated but I haven't heard back from anyone and going on almost day 2. Im thinking I might have omitted or neglected something. Please just let me know and I'll be more than happy to include. You really provide an invaluable service! thanx! :)
     
  10. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    sorry bout bumping...but i think i keep getting overlooked :( There have been people that posted long after myself and got help within minutes to an hour or so. I've been patiently waiting for help for over 2 days. I understand that you all are volunteers but I would hope there wouldn't be partiality in choosing who you would help. Sorry for the venting, but it just gets a lil frustrating to see others jumped ahead of me. Still would like help please.....
     
  11. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    please, please, still need help...thanx.
     
  12. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    Day 3 and still need help please....anyone?
     
  13. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Hello
    I deeply apologize for overlooking your topic. I have no idea how it happened.
    Let me read through it and I'll reply promptly.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    You're running two AV programs, AVG and McAfee. One of them has to go.
    If AVG, use AVG Remover: http://www.avg.com/us-en/download-tools
    If McAfee, use McAfee Consumer Product Removal Tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml
    If you decide to stay with AVG, make sure to turn Windows firewall on.

    When done...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  15. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    finished combo fix...had to post in 2 parts

    thank you, thank you Broni for finally finding me out here. this redirecting is driving me nuts. had to post combo fix log in 2 parts....also, what AV program do you recommend using? hope to hear back soon...thanks again..

    ComboFix 10-06-27.06 - Joe 06/28/2010 23:25:55.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1271.884 [GMT -5:00]
    Running from: c:\documents and settings\Joe\My Documents\ComboFix.exe
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_IPRIP


    ((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-29 )))))))))))))))))))))))))))))))
    .

    2010-06-28 16:04 . 2010-06-28 16:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
    2010-06-28 16:04 . 2010-06-28 16:04 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
    2010-06-24 03:36 . 2010-06-24 03:36 -------- d-----w- c:\documents and settings\Joe\Application Data\Malwarebytes
    2010-06-24 03:36 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-06-24 03:36 . 2010-06-24 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-06-24 03:36 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-06-24 03:36 . 2010-06-24 03:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-06-24 02:33 . 2010-06-24 02:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-23 22:52 . 2010-06-23 22:52 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-06-23 22:51 . 2010-06-23 22:51 -------- d-----w- c:\program files\NOS
    2010-06-23 22:50 . 2010-06-23 22:50 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
    2010-06-23 22:50 . 2010-06-23 22:50 -------- d-----w- c:\program files\Trend Micro
    2010-06-23 21:48 . 2010-06-23 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-06-23 18:54 . 2010-06-23 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2010-06-22 20:37 . 2010-06-22 20:37 -------- d-----w- c:\program files\Alwil Software
    2010-06-22 20:37 . 2010-06-22 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-06-22 20:07 . 2010-06-22 20:07 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-06-22 02:58 . 2010-06-29 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-06-22 02:53 . 2010-06-22 02:59 -------- d-----w- c:\program files\AVG
    2010-06-21 17:19 . 2010-06-21 17:19 -------- d-----w- c:\documents and settings\Dawn\Application Data\McAfee
    2010-06-21 06:53 . 2010-06-21 06:53 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-06-21 04:43 . 2010-06-21 04:43 -------- d-----w- c:\documents and settings\Dawn\Local Settings\Application Data\eydaoxylw
    2010-06-19 20:26 . 2010-06-19 20:27 -------- d-----w- c:\documents and settings\Dawn\Local Settings\Application Data\dqoikinys
    2010-06-16 12:41 . 2010-06-16 12:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
    2010-06-10 04:06 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-29 01:32 . 2007-12-31 18:11 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
    2010-06-28 20:04 . 2009-09-15 17:59 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-24 03:12 . 2008-01-01 19:49 -------- d-----w- c:\program files\Common Files\Adobe
    2010-06-24 02:45 . 2008-08-04 03:49 -------- d-----w- c:\program files\Common Files\Java
    2010-06-24 02:34 . 2010-06-24 02:34 503808 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1eba69a0-n\msvcp71.dll
    2010-06-24 02:34 . 2010-06-24 02:34 499712 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1eba69a0-n\jmc.dll
    2010-06-24 02:34 . 2010-06-24 02:34 348160 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1eba69a0-n\msvcr71.dll
    2010-06-24 02:34 . 2010-06-24 02:34 12800 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f981ce4-n\decora-d3d.dll
    2010-06-24 02:34 . 2010-06-24 02:34 61440 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-3f981ce4-n\decora-sse.dll
    2010-06-24 02:32 . 2007-12-31 18:12 -------- d-----w- c:\program files\Java
    2010-06-23 22:51 . 2008-03-24 06:12 -------- d-----w- c:\documents and settings\Joe\Application Data\Yahoo!
    2010-06-23 22:46 . 2003-05-19 23:59 79043 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
    2010-06-23 21:48 . 2008-01-02 05:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-06-23 21:48 . 2008-01-02 05:16 -------- d-----w- c:\program files\Yahoo!
    2010-06-23 16:00 . 2010-04-24 22:55 117760 -c--a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-06-23 11:50 . 2008-01-02 03:10 -------- d-----w- c:\program files\Google
    2010-06-23 05:16 . 2009-05-21 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2010-06-22 20:11 . 2010-06-22 20:11 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb54.tmp.exe
    2010-06-22 20:02 . 2010-06-22 20:02 388096 ----a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-22 12:11 . 2009-09-05 20:14 117760 ----a-w- c:\documents and settings\Dawn\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-06-21 17:20 . 2010-06-21 17:21 300384 ----a-w- c:\documents and settings\Dawn\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
    2010-06-21 17:20 . 2010-06-21 17:20 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
    2010-06-21 17:19 . 2009-04-12 05:36 -------- d-----w- c:\program files\McAfee
    2010-06-21 17:19 . 2009-04-12 05:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-06-21 06:53 . 2009-12-18 20:26 -------- d-----w- c:\documents and settings\Jonathan\Application Data\LimeWire
    2010-06-12 05:26 . 2008-04-05 19:31 -------- d-----w- c:\program files\PokerStars.NET
    2010-06-12 05:23 . 2008-01-01 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-06-12 05:23 . 2008-01-01 17:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-06-12 05:15 . 2009-11-15 22:51 -------- d-----w- c:\documents and settings\Joe\Application Data\Absolute Poker
    2010-06-12 04:56 . 2009-07-14 03:24 -------- d-----w- c:\program files\RealArcade
    2010-06-12 04:56 . 2008-01-02 17:22 -------- d-----w- c:\program files\CCleaner
    2010-06-11 19:09 . 2008-01-01 19:08 -------- d-----w- c:\program files\Lexmark X1100 Series
    2010-06-10 08:57 . 2008-08-02 04:20 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-05-06 10:41 . 2006-06-23 17:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 05:22 . 2002-08-29 08:14 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-04-24 22:55 . 2010-04-24 22:55 52224 -c--a-w- c:\documents and settings\Joe\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-04-20 05:30 . 2001-08-17 20:55 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-08 01:15 . 2010-04-08 01:12 256 ----a-w- c:\windows\system32\pool.bin
    2010-04-08 01:10 . 2010-04-08 01:10 26694 -c--a-r- c:\documents and settings\Joe\Application Data\Microsoft\Installer\{21F0CBB8-A158-435A-BBB6-9E2BE6D6D449}\BlackBerry.exe
    2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe
    2010-05-02 23:20 . 2008-01-06 19:04 67688 -c--a-w- c:\program files\mozilla firefox\components\jar50.dll
    2010-05-02 23:20 . 2008-01-06 19:04 54368 -c--a-w- c:\program files\mozilla firefox\components\jsd3250.dll
    2010-05-02 23:20 . 2008-01-06 19:04 34944 -c--a-w- c:\program files\mozilla firefox\components\myspell.dll
    2010-05-02 23:20 . 2008-01-06 19:04 46712 -c--a-w- c:\program files\mozilla firefox\components\spellchk.dll
    2010-05-02 23:20 . 2008-01-06 19:04 172136 -c--a-w- c:\program files\mozilla firefox\components\xpinstal.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
    "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
    "McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]

    c:\documents and settings\Jonathan\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\documents and settings\Jonathan\My Documents\LimeWire\LimeWire.exe [2009-12-16 503808]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:5a358b2d4

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
    backup=c:\windows\pss\Google Updater.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Dawn^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Dawn\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 17:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATT-SST_McciTrayApp]
    2009-10-22 06:23 1577984 -c--a-w- c:\program files\ATT-SST\McciTrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
    2007-02-26 06:01 437160 -c--a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-06-21 22:44 126976 ----a-w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-06-21 22:48 155648 ----a-w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-23 01:16 141608 -c--a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2008-01-01 19:29 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
    2003-08-19 10:43 57344 ----a-w- c:\program files\Lexmark X1100 Series\lxbkbmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexPPS.exe]
    2003-08-18 10:32 174592 ----a-w- c:\windows\system32\LEXPPS.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
    2006-01-20 23:46 28160 -c--a-w- c:\windows\KHALMNPR.Exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
    2005-01-18 23:07 196608 -c--a-w- c:\program files\Logitech\Video\ManifestEngine.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
    2005-01-18 23:47 458752 -c--a-w- c:\program files\Logitech\Video\ISStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
    2005-01-18 23:37 217088 -c--a-w- c:\program files\Logitech\Video\LogiTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-05-13 21:33 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager]
    2003-12-03 15:42 180224 -c--a-w- c:\progra~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-01-02 03:10 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [4/12/2009 12:44 AM 93320]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 5:26 PM 135664]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    getPlusHelper REG_MULTI_SZ getPlusHelper

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder

    2010-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 18:34]

    2010-06-29 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-02 23:07]

    2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:25]

    2010-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 22:25]

    2010-06-15 c:\windows\Tasks\McDefragTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-12 17:22]

    2010-06-01 c:\windows\Tasks\McQcTask.job
    - c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-12 17:22]
    .
    .
     
  16. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://att.my.yahoo.com/
    mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: microsoft.com\*.update
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\9jmqdncc.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys
    MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-gmipttwt - c:\documents and settings\Dawn\Local Settings\Application Data\dqoikinys\qqladohtssd.exe
    MSConfigStartUp-osCheck - c:\progra~1\SYMANTEC\osCheck.exe
    MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe
    MSConfigStartUp-Symantec PIF AlertEng - c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    MSConfigStartUp-tbgweoub - c:\documents and settings\Dawn\Local Settings\Application Data\kssewveek\fchcuhjtssd.exe
    MSConfigStartUp-xmcsvmhy - c:\documents and settings\Dawn\Local Settings\Application Data\eydaoxylw\fwoomnqtssd.exe
    MSConfigStartUp-YOP - c:\progra~1\YAHOO!\YOP\yop.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-28 23:46
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(712)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(2512)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\LEXBCES.EXE
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\progra~1\McAfee\MSC\mcmscsvc.exe
    c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
    c:\program files\McAfee\MPF\MPFSrv.exe
    c:\windows\system32\tcpsvcs.exe
    c:\progra~1\mcafee.com\agent\mcagent.exe
    c:\windows\System32\snmp.exe
    c:\windows\System32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2010-06-28 23:54:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-06-29 04:54

    Pre-Run: 10,133,639,168 bytes free
    Post-Run: 10,484,412,416 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

    - - End Of File - - E26BC2EE004A6475820A39A98C262100
     
  17. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    I'm not a big fan of AVG, or McAfee.
    I prefer one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    How is redirection issue?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\program files\Alwil Software
    c:\documents and settings\All Users\Application Data\Alwil Software
    c:\documents and settings\All Users\Application Data\avg9
    c:\program files\AVG
    c:\documents and settings\Dawn\Local Settings\Application Data\eydaoxylw
    c:\documents and settings\Dawn\Local Settings\Application Data\dqoikinys
    c:\documents and settings\All Users\Application Data\Symantec
    c:\program files\Common Files\Symantec Shared
    
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    

    3. Save the above as CFScript.txt

    4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  18. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    second combo fix run

    hi broni. ran the second combo fix, but sadly i'm still getting redirected :( here's the log, had to attach as it was too big. also, did this address that hupigon-onx trojan that a previously run boot scan had picked up, as it couldn't be deleted at time of scan...thank you again...
     

    Attached Files:

  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Broni will be handling your thread. But I just want to comment that occasionally, a thread will fall between the cracks. No particular reason that I know of- it just happens.

    But if you look at other forums, you will see that for the most part, the threads are picked up in this forum usually within minutes of the first post. Still, one will get missed occasionally. Most of us have a nice speech we use about 'patience' and '72 hours' and a few other things- but most of us don't have time to use it! This is a nonstop forum with two of us handling the cleaning.

    We don't discriminate on who we answer first or which thread we pick up. We try to do them in date order, but still, once in a while, a thread gets missed. We did not intetionally skip over your thread. Don't take it personally.

    Edit: What you didn't realize was that when you edited your post to comment that it was "Day 3", that didn't bump' the thread. Feedback does not go out for an edit so we're were still seeing the high reply number and each of us thought the other was assisting.
     
  20. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    thank you bobbye. i figured that's what happened because i do see that you guys are pretty prompt with people. i'm just happy that i was found...thanks.
     
  21. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below

    Download TDSSKiller and save it to your Desktop.
    Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
     
  22. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    tdss killer log (2 parts)

    had to post in 2 parts...fyi...still redirecting

    21:00:19:062 0472 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
    21:00:19:062 0472 ================================================================================
    21:00:19:062 0472 SystemInfo:

    21:00:19:062 0472 OS Version: 5.1.2600 ServicePack: 3.0
    21:00:19:062 0472 Product type: Workstation
    21:00:19:062 0472 ComputerName: DAWNB
    21:00:19:062 0472 UserName: Joe
    21:00:19:062 0472 Windows directory: C:\WINDOWS
    21:00:19:062 0472 Processor architecture: Intel x86
    21:00:19:062 0472 Number of processors: 1
    21:00:19:062 0472 Page size: 0x1000
    21:00:19:062 0472 Boot type: Normal boot
    21:00:19:062 0472 ================================================================================
    21:00:19:359 0472 Initialize success
    21:00:19:359 0472
    21:00:19:359 0472 Scanning Services ...
    21:00:19:875 0472 Raw services enum returned 396 services
    21:00:19:921 0472
    21:00:19:921 0472 Scanning Drivers ...
    21:00:20:906 0472 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
    21:00:21:000 0472 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:00:21:156 0472 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:00:21:312 0472 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
    21:00:21:421 0472 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\System32\DRIVERS\adpu320.sys
    21:00:21:562 0472 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
    21:00:21:734 0472 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    21:00:22:093 0472 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    21:00:22:312 0472 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
    21:00:22:468 0472 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
    21:00:22:718 0472 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    21:00:22:828 0472 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    21:00:23:015 0472 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    21:00:23:078 0472 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    21:00:23:187 0472 basic2 (1b9c81ab9a456eabd9f8335f04b5f495) C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys
    21:00:23:343 0472 bcm4sbxp (068523d2cd260069b19ad68adea0d739) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
    21:00:23:406 0472 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    21:00:23:484 0472 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    21:00:23:578 0472 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    21:00:23:656 0472 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    21:00:23:734 0472 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    21:00:23:828 0472 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    21:00:24:062 0472 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    21:00:24:390 0472 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    21:00:24:734 0472 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    21:00:24:890 0472 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    21:00:24:984 0472 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    21:00:25:062 0472 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
    21:00:25:140 0472 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    21:00:25:234 0472 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
    21:00:25:343 0472 Fallback (c823debe2548656549f84a875d65237b) C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys
    21:00:25:515 0472 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    21:00:25:671 0472 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
    21:00:25:703 0472 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    21:00:25:781 0472 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    21:00:25:921 0472 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    21:00:26:015 0472 Fsks (6483414841d4cab6c3b4db2ac6edd70b) C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys
    21:00:26:171 0472 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    21:00:26:265 0472 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    21:00:26:343 0472 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    21:00:26:515 0472 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    21:00:26:671 0472 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    21:00:26:828 0472 HSFHWBS2 (6312dc46356df3974e88aa51b69360dc) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
    21:00:27:078 0472 HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
    21:00:27:546 0472 HSF_DPV (daab917eec9849840a13353198d48cc5) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
    21:00:28:062 0472 hsf_msft (74e379857d4c0dfb56de2d19b8f4c434) C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys
    21:00:28:328 0472 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    21:00:29:328 0472 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    21:00:29:796 0472 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
    21:00:30:218 0472 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
    21:00:30:625 0472 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
    21:00:30:937 0472 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
    21:00:31:093 0472 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
    21:00:31:218 0472 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
    21:00:31:406 0472 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
    21:00:31:562 0472 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
    21:00:31:796 0472 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
    21:00:31:968 0472 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
    21:00:32:171 0472 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    21:00:32:328 0472 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    21:00:32:562 0472 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
    21:00:32:734 0472 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    21:00:32:875 0472 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    21:00:33:031 0472 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    21:00:33:187 0472 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    21:00:33:328 0472 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    21:00:33:484 0472 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    21:00:33:625 0472 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    21:00:33:781 0472 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    21:00:33:968 0472 K56 (9c5e3fdbfcc30cf71a49ca178b9ad442) C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys
    21:00:34:140 0472 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    21:00:34:281 0472 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys
    21:00:34:390 0472 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    21:00:34:546 0472 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    21:00:34:718 0472 L8042mou (37fcb1aba2d8cd90c35ba1d7d9c73d7c) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
    21:00:34:953 0472 LHidUsbK (6d3730e50f5dc7ae22843a0fa6176d41) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
    21:00:35:125 0472 LMouKE (749fdf0fd33071cbf0658cc2b94d4df5) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
    21:00:35:281 0472 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\WINDOWS\system32\drivers\lvusbsta.sys
    21:00:35:421 0472 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    21:00:35:515 0472 mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
    21:00:35:578 0472 mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
    21:00:35:671 0472 mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
    21:00:35:828 0472 mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
    21:00:36:000 0472 mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
    21:00:36:078 0472 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    21:00:36:203 0472 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    21:00:36:265 0472 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
    21:00:36:406 0472 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    21:00:36:484 0472 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    21:00:36:640 0472 MPFP (136157e79849b9e5316ba4008d6075a8) C:\WINDOWS\system32\Drivers\Mpfp.sys
    21:00:36:812 0472 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    21:00:36:843 0472 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    21:00:37:015 0472 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    21:00:37:203 0472 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    21:00:37:375 0472 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    21:00:37:546 0472 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    21:00:37:656 0472 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    21:00:37:734 0472 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    21:00:37:843 0472 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    21:00:38:000 0472 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    21:00:38:062 0472 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    21:00:38:140 0472 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    21:00:38:296 0472 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    21:00:38:375 0472 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    21:00:38:515 0472 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    21:00:38:609 0472 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    21:00:38:656 0472 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    21:00:38:734 0472 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    21:00:38:890 0472 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    21:00:38:984 0472 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    21:00:39:140 0472 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    21:00:39:328 0472 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    21:00:39:484 0472 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    21:00:39:578 0472 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    21:00:39:671 0472 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    21:00:39:812 0472 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
    21:00:39:906 0472 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    21:00:39:984 0472 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    21:00:40:062 0472 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    21:00:40:140 0472 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    21:00:40:359 0472 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    21:00:40:515 0472 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    21:00:40:875 0472 pfc (6c1618a07b49e3873582b6449e744088) C:\WINDOWS\system32\drivers\pfc.sys
    21:00:40:953 0472 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
    21:00:41:031 0472 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    21:00:41:171 0472 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    21:00:41:250 0472 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    21:00:41:359 0472 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    21:00:41:703 0472 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    21:00:41:781 0472 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    21:00:41:859 0472 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    21:00:41:937 0472 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    21:00:42:031 0472 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    21:00:42:187 0472 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    21:00:42:312 0472 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    21:00:42:468 0472 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    21:00:42:609 0472 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\WINDOWS\system32\Drivers\RimUsb.sys
    21:00:42:703 0472 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    21:00:42:843 0472 Rksample (bb7549bd94d1aac3599c7606c50c48a0) C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys
    21:00:42:953 0472 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    21:00:43:046 0472 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    21:00:43:093 0472 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
    21:00:43:109 0472 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    21:00:43:265 0472 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    21:00:43:390 0472 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    21:00:43:593 0472 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    21:00:43:750 0472 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    21:00:43:859 0472 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    21:00:43:984 0472 smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
    21:00:44:171 0472 SoftFax (d9e8e0ce154a2f6430d9efabdf730867) C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys
    21:00:44:406 0472 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    21:00:44:500 0472 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    21:00:44:687 0472 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
    21:00:44:875 0472 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    21:00:45:031 0472 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    21:00:45:093 0472 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    21:00:45:265 0472 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
    21:00:45:328 0472 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
    21:00:45:375 0472 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\System32\DRIVERS\symmpi.sys
    21:00:45:437 0472 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
    21:00:45:531 0472 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
    21:00:45:609 0472 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    21:00:45:718 0472 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    21:00:45:921 0472 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    21:00:46:062 0472 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    21:00:46:234 0472 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    21:00:46:296 0472 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    21:00:46:375 0472 Tones (8021a499db46b2961c285168671cb9af) C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys
    21:00:46:531 0472 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
     
  23. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    21:00:46:687 0472 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    21:00:46:875 0472 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    21:00:47:062 0472 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
    21:00:47:234 0472 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    21:00:47:375 0472 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    21:00:47:515 0472 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    21:00:47:593 0472 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    21:00:47:671 0472 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    21:00:47:734 0472 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    21:00:47:812 0472 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    21:00:47:921 0472 V124 (269c0ade94b90029b12497747be408cb) C:\WINDOWS\system32\DRIVERS\HSF_V124.sys
    21:00:48:109 0472 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    21:00:48:265 0472 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
    21:00:48:375 0472 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    21:00:48:531 0472 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    21:00:48:640 0472 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    21:00:48:843 0472 winachsf (be3a842c2f2e87e7c840d36bcf13e8e0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
    21:00:49:031 0472 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    21:00:49:187 0472 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    21:00:49:343 0472 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    21:00:49:500 0472 {6080A529-897E-4629-A488-ABA0C29B635E} (3ee36328e860fbf102b54608a055c6be) C:\WINDOWS\system32\drivers\ialmsbw.sys
    21:00:49:656 0472 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (17f39a1916733ed228eb46ad67c35426) C:\WINDOWS\system32\drivers\ialmkchw.sys
    21:00:49:671 0472
    21:00:49:671 0472 Completed
    21:00:49:671 0472
    21:00:49:671 0472 Results:
    21:00:49:671 0472 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    21:00:49:671 0472 File objects infected / cured / cured on reboot: 0 / 0 / 0
    21:00:49:671 0472
    21:00:49:671 0472 KLMD(ARK) unloaded successfully
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please, delete your GMER file, download fresh one and post new log.
     
  25. mcIrishgurl

    mcIrishgurl TS Enthusiast Topic Starter Posts: 165

    new gmer log

    hi broni, couldn't post this last nite as the first scan of this shut down abruptly and had to restart. system also shut down abruptly this morning (after gmer fully ran). Hoping this isn't a new problem surfacing. also did any of the scans eliminate that boot scan finding of *RAW:C:\hiberfil.sysWin32:Hupigon-ONX[Trj] ? that was a boot scan done before you started helping me. much thanx! oh....just wanted to add, that i seem to be having the same redirect link as someone elses post that i read that you are currently helping (scheng07), search.google-analytics.com and another one is results.gugle.com. those seem to be the main two links that open up another browser tab then they take you to another unrelated site.
     

    Attached Files:

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...