seansmall

Members
  • Content count

    96
  • Joined

  • Last visited

Community Reputation

0 Neutral

About seansmall

  • Rank
    Advanced Member
  1. Here's the stop message in it's entirety: A problem has been detected and windows has been shut down to prevent damage to your computer. If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps: Check for viruses on your computer. Remove any newly installed hard drives or hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer. Technical information: ***STOP: 0X0000007B (0XF78D2524, 0XC0000034, 0x00000000, 0X00000000)
  2. Thanks for the response. After inserting the XP cd and booting from CD, I got to the blue screen where it said it was installing files. I never got to the licensing agreement or anything like that as it stopped during that installation. I don't have the STOP code off the top of my head, so I'll take a look and post it when I'm home after work. I don't have backups to any of the files on my hard drive. However, the only files that are important are my emails, which I can access thru Gmail on any computer. I have music uploaded to Google Play, so i can get all that back as well. The rest of the files/favorites/etc... aren't needed. This is the first time I've had BSOD issues. Thanks again.
  3. Last week I restarted my computer, only to realize when it started up that I now had some new toolbar. Don't remember the name of the toolbar, but it was clear that I was infected. My antivirus was expired, so I installed Norton and ran a scan. While running, the scan froze and I had to restart the computer again. This is where it took an even worse turn. I got an error saying the NTDLR is missing. Did some reseach and figured out I need to restore the settings. However, when I put in the Windows XP cd, it goes thru setup and brings me to the Blue Screen of Death. It tells me I should run a virus scan, but I can't get the computer to boot, even in safe mode, to run the scan. Not sure this is the right place for guidance, but no idea where else to ask. Any suggestions/advice? Thanks!
  4. Yep, able to start it up again. I'll start on those next steps. Thanks!
  5. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-11-2013 Ran by SYSTEM at 2013-11-18 00:18:09 Run:1 Running from D:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Sean Pierce\...\Winlogon: [shell] explorer.exe,C:\Documents and Settings\Sean Pierce\Application Data\Other.res [ 2010-12-09] () <==== ATTENTION ***************** HKU\Sean Pierce\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. ==== End of Fixlog ====
  6. Log is below. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-11-2013 Ran by SYSTEM on REATOGO on 16-11-2013 01:34:14 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [sigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-07-24] (SigmaTel, Inc.) HKLM\...\Run: [iAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [151552 2006-07-06] (Intel Corporation) HKLM\...\Run: [DMXLauncher] - C:\Program Files\Dell\Media Experience\DMXLauncher.exe [94208 2005-10-05] () HKLM\...\Run: [iSUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation) HKLM\...\Run: [iSUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [79136 2008-10-24] (Macrovision Corporation) HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions) HKLM\...\Run: [RoxioDragToDisc] - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio) HKLM\...\Run: [Google Desktop Search] - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [169984 2007-08-22] () HKLM\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [213936 2006-03-20] (Macrovision Corporation) HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2007-11-15] ( ) HKLM\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [QuickTime Task] - C:\Program Files\VistaCodecPack\QT\QTTask.exe [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [36352 2008-08-03] () HKLM\...\Run: [Google Quick Search Box] - C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [68592 2009-06-24] (Google Inc.) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [198160 2009-07-16] (RealNetworks, Inc.) HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1230704 2011-03-21] () HKLM\...\Run: [iSTray] - C:\Program Files\Spyware Doctor\pctsTray.exe [1287120 2010-05-27] (PC Tools) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\Administrator\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.) HKU\Default User\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.) HKU\Sean Pierce\...\Run: [DellSupport] - C:\Program Files\DellSupport\DSAgnt.exe [ 2007-03-15] (Gteko Ltd.) HKU\Sean Pierce\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\Sean Pierce\...\Run: [RegistryMechanic] - C:\Program Files\Registry Mechanic\RegMech.exe [ 2010-04-08] (PC Tools) HKU\Sean Pierce\...\Run: [spotify Web Helper] - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe [ 2013-06-14] (Spotify Ltd) HKU\Sean Pierce\...\Run: [Google Update] - C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2013-03-29] (Google Inc.) HKU\Sean Pierce\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2007-09-02] (Google Inc.) HKU\Sean Pierce\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [ 2012-05-25] (Yahoo! Inc.) HKU\Sean Pierce\...\Winlogon: [shell] explorer.exe,C:\Documents and Settings\Sean Pierce\Application Data\Other.res [ 2010-12-09] () <==== ATTENTION Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Sean Pierce\Start Menu\Programs\Startup\NexDef Plug-in.lnk ShortcutTarget: NexDef Plug-in.lnk -> C:\Documents and Settings\Sean Pierce\Local Settings\Application Data\Autobahn\nexdef.exe () ========================== Services (Whitelisted) ================= S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2007-03-19] () S2 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [671408 2012-11-07] (Juniper Networks) S2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-04-08] (PC Tools) S2 Protector by IB Updater; C:\Program Files\Protector by IB\ExtensionUpdaterService.exe [183808 2012-04-03] () S2 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [366840 2010-03-11] (PC Tools) S2 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [1142224 2010-03-15] (PC Tools) S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.) S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation) S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2007-05-23] (Avanquest Software) S3 dsNcAdpt; C:\Windows\System32\DRIVERS\dsNcAdpt.sys [26624 2012-11-07] (Juniper Networks) S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2012-12-12] (GFI Software) S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation ) S0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [218592 2010-03-29] (PC Tools) S4 pctgntdi; C:\WINDOWS\system32\drivers\pctgntdi.sys [233136 2010-02-05] (PC Tools) S4 pctplsg; C:\WINDOWS\system32\drivers\pctplsg.sys [63360 2010-04-08] (PC Tools) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-07-24] (SigmaTel, Inc.) S3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation) S3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [12928 2013-02-11] (Microsoft Corporation) S3 BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS [x] S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [x] S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 TlntSvr; S3 wanatw; system32\DRIVERS\wanatw4.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-16 01:30 - 2013-11-16 01:30 - 00000000 ____D C:\FRST 2013-11-12 00:50 - 2013-11-12 00:50 - 01723528 _____ C:\Documents and Settings\Administrator\Desktop\Adaware_Installer.exe 2013-11-12 00:48 - 2013-11-12 00:48 - 00014305 _____ C:\Windows\KB942288-v3.log 2013-11-12 00:48 - 2013-11-12 00:48 - 00000000 __HDC C:\Windows\$NtUninstallKB942288-v3$ 2013-11-12 00:37 - 2013-11-12 00:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes ==================== One Month Modified Files and Folders ======= 2013-11-16 01:30 - 2013-11-16 01:30 - 00000000 ____D C:\FRST 2013-11-14 00:01 - 2008-07-02 18:27 - 00000000 ____D C:\Program Files\Spyware Doctor 2013-11-14 00:01 - 2004-08-10 12:08 - 00032502 _____ C:\Windows\SchedLgU.Txt 2013-11-14 00:01 - 2004-08-10 12:02 - 01755689 _____ C:\Windows\WindowsUpdate.log 2013-11-13 23:24 - 2010-01-05 21:39 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-11-12 01:00 - 2008-10-14 13:51 - 00000000 ____D C:\Program Files\Registry Mechanic 2013-11-12 00:50 - 2013-11-12 00:50 - 01723528 _____ C:\Documents and Settings\Administrator\Desktop\Adaware_Installer.exe 2013-11-12 00:48 - 2013-11-12 00:48 - 00014305 _____ C:\Windows\KB942288-v3.log 2013-11-12 00:48 - 2013-11-12 00:48 - 00000000 __HDC C:\Windows\$NtUninstallKB942288-v3$ 2013-11-12 00:48 - 2010-03-14 22:52 - 00406693 _____ C:\Windows\setupapi.log 2013-11-12 00:48 - 2004-08-10 11:57 - 02848605 _____ C:\Windows\FaxSetup.log 2013-11-12 00:48 - 2004-08-10 11:57 - 01369798 _____ C:\Windows\ocgen.log 2013-11-12 00:48 - 2004-08-10 11:57 - 01090442 _____ C:\Windows\tsoc.log 2013-11-12 00:48 - 2004-08-10 11:57 - 00819078 _____ C:\Windows\comsetup.log 2013-11-12 00:48 - 2004-08-10 11:57 - 00496742 _____ C:\Windows\ntdtcsetup.log 2013-11-12 00:48 - 2004-08-10 11:57 - 00445083 _____ C:\Windows\iis6.log 2013-11-12 00:48 - 2004-08-10 11:57 - 00142357 _____ C:\Windows\msgsocm.log 2013-11-12 00:48 - 2004-08-10 11:57 - 00136806 _____ C:\Windows\ocmsn.log 2013-11-12 00:48 - 2004-08-10 11:57 - 00001393 _____ C:\Windows\imsins.log 2013-11-12 00:48 - 2004-08-10 11:52 - 00000000 ____D C:\Windows\System32\mui 2013-11-12 00:47 - 2010-01-05 21:39 - 00055000 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2013-11-12 00:37 - 2013-11-12 00:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2013-11-12 00:29 - 2004-08-10 11:57 - 00441626 _____ C:\Windows\System32\PerfStringBackup.INI 2013-11-12 00:25 - 2007-09-02 16:11 - 00000278 ___SH C:\Documents and Settings\Sean Pierce\ntuser.ini 2013-10-29 11:02 - 2013-10-01 18:57 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-28 22:11 - 2012-04-29 14:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
  7. Ok, does that mean I should just change the name of the program from FRST64 to FRST? Would that make it work? (I'm not the most computer literate, as I'm sure you can tell!)
  8. I was able to get the computer to boot through the cd and get to the Reatogo desktop. However, every time I try to run the FRST64.exe from the flash drive I get the error "B:\Documents and Settings\Default User\Desktop\FRST64.exe is not a valid Win32 application." I tried to move it to my desktop and it still didn't work. The FRST64 link on the flash drive works fine on the normal computer, allowing me to run a scan and everything. But on the infected computer, I keep getting the same message above.
  9. I don't see a Repair your computer option. I've got the 3 safe modes (regular, networking, command prompt). Then "enable boot logging", "enable VGA mode", "last known good configuration", "directory services restore mode", "debugging mode". If I click on any of these I get to choose between "Microsoft windows recovery console" and "Microsoft windows xp home edition". Where do I start?
  10. My screen went white out of nowhere. Got a message on it now saying I've violated the law and need to pay a $300 fine to unblock. I know it's a virus but I can't even run a scan. And when I reboot in safe mode, the computer restarts every time I get back to my desktop. Not sure how to run a scan if I can't even access anything but this screen.
  11. seansmall

    Search redirects

    ComboFix 11-06-19.0r1 - Sean Pierce 06/27/2011 22:03:43.5.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -4:00] Running from: c:\documents and settings\Sean Pierce\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} . - REDUCED FUNCTIONALITY MODE - . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 ))))))))))))))))))))))))))))))) . . 2011-06-21 00:47 . 2011-06-21 00:47 -------- d-----w- c:\documents and settings\Sean Pierce\Application Data\Registry Mechanic 2011-06-20 23:49 . 2011-06-21 00:49 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-15 03:39 . 2011-06-15 03:46 -------- d-----w- c:\documents and settings\Sean Pierce\Local Settings\Application Data\Audible 2011-06-15 03:36 . 2001-08-18 02:43 24576 ------w- c:\windows\system32\msxml3a.dll 2011-06-13 04:05 . 2011-06-13 00:07 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-06-13 00:07 . 2011-06-13 00:07 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-13 00:02 . 2011-05-25 06:00 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys 2011-06-13 00:02 . 2011-06-13 00:02 -------- d-----w- c:\program files\Lavasoft 2011-06-11 04:45 . 2011-06-11 04:46 10080256 ----a-w- C:\Ad-Aware90Install(1).msi 2011-06-10 21:00 . 2011-06-10 21:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\FileOpen 2011-06-10 21:00 . 2011-06-10 21:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2011-06-09 23:37 . 2011-06-09 23:37 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-05-31 01:45 . 2011-05-31 01:45 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-31 01:45 . 2011-05-31 01:45 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-31 01:45 . 2011-05-31 01:45 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-31 01:45 . 2011-05-31 01:45 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-31 01:45 . 2011-05-31 01:45 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-31 01:45 . 2011-05-31 01:45 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll 2011-05-31 01:45 . 2011-05-31 01:45 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-31 01:45 . 2011-05-31 01:45 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-21 02:49 . 2004-08-10 16:51 26112 ----a-w- c:\windows\system32\userinit.exe 2011-05-02 15:31 . 2004-08-10 17:02 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2004-08-10 16:51 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2004-08-10 16:51 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-10 16:51 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-10 16:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-08-10 16:51 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-10 16:51 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-05-31 01:45 . 2011-05-31 01:45 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-02 68856] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2010-04-08 3233752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-23 8429568] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-03-20 213936] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2008-10-24 79136] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-22 169984] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "QuickTime Task"="c:\program files\VistaCodecPack\QT\qttask.exe" [2010-11-29 421888] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352] "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-25 68592] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-07-17 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "<NO NAME>"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/12/2011 8:02 PM 64512] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/13/2009 3:16 AM 218592] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [3/31/2011 11:07 PM 51984] R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [3/31/2011 11:07 PM 59664] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [6/13/2009 3:16 AM 233136] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [5/18/2010 8:11 PM 632792] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/26/2007 10:02 AM 24652] R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [6/12/2008 6:38 PM 53307] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 6:24 PM 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [5/25/2011 2:00 AM 2151128] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/15/2010 6:24 PM 135664] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [6/13/2009 3:16 AM 63360] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/2/2008 7:27 PM 366840] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [3/31/2011 11:07 PM 33552] S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?] . Contents of the 'Scheduled Tasks' folder . 2011-06-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-05-25 06:00] . 2011-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:24] . 2011-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-15 22:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.yahoo.com uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3070822 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-yahtzee/zylomplayer.cab FF - ProfilePath - c:\documents and settings\Sean Pierce\Application Data\Mozilla\Firefox\Profiles\f3smwi2k.default\ FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-06-27 22:06 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(620) c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll . - - - - - - - > 'explorer.exe'(4436) c:\windows\system32\WININET.dll c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2011-06-27 22:08:58 ComboFix-quarantined-files.txt 2011-06-28 02:08 ComboFix2.txt 2011-06-21 03:40 ComboFix3.txt 2011-06-16 03:45 ComboFix4.txt 2010-02-19 04:29 ComboFix5.txt 2011-06-28 02:01 . Pre-Run: 59,924,713,472 bytes free Post-Run: 60,316,848,128 bytes free . - - End Of File - - AB6550F950A56F669CCFAC76FB129090
  12. seansmall

    Search redirects

    The redirects are gone. I'll run ComboFix now.
  13. seansmall

    Search redirects

    2011/06/21 20:36:20.0125 3648 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15 2011/06/21 20:36:20.0531 3648 ================================================================================ 2011/06/21 20:36:20.0531 3648 SystemInfo: 2011/06/21 20:36:20.0531 3648 2011/06/21 20:36:20.0531 3648 OS Version: 5.1.2600 ServicePack: 3.0 2011/06/21 20:36:20.0531 3648 Product type: Workstation 2011/06/21 20:36:20.0531 3648 ComputerName: D83CRHD1 2011/06/21 20:36:20.0531 3648 UserName: Sean Pierce 2011/06/21 20:36:20.0531 3648 Windows directory: C:\WINDOWS 2011/06/21 20:36:20.0531 3648 System windows directory: C:\WINDOWS 2011/06/21 20:36:20.0531 3648 Processor architecture: Intel x86 2011/06/21 20:36:20.0531 3648 Number of processors: 2 2011/06/21 20:36:20.0531 3648 Page size: 0x1000 2011/06/21 20:36:20.0531 3648 Boot type: Normal boot 2011/06/21 20:36:20.0531 3648 ================================================================================ 2011/06/21 20:36:20.0859 3648 Initialize success 2011/06/21 20:36:24.0421 3260 ================================================================================ 2011/06/21 20:36:24.0421 3260 Scan started 2011/06/21 20:36:24.0421 3260 Mode: Manual; 2011/06/21 20:36:24.0421 3260 ================================================================================ 2011/06/21 20:36:29.0406 3260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/06/21 20:36:29.0484 3260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/06/21 20:36:29.0531 3260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/06/21 20:36:29.0609 3260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/06/21 20:36:29.0734 3260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/06/21 20:36:29.0781 3260 AegisP (2c5c22990156a1063e19ad162191dc1d) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/06/21 20:36:29.0859 3260 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/06/21 20:36:29.0953 3260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/06/21 20:36:30.0000 3260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/06/21 20:36:30.0046 3260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/06/21 20:36:30.0062 3260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/06/21 20:36:30.0109 3260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/06/21 20:36:30.0140 3260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/06/21 20:36:30.0203 3260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/06/21 20:36:30.0265 3260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/06/21 20:36:30.0328 3260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/06/21 20:36:30.0390 3260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/06/21 20:36:30.0453 3260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/06/21 20:36:30.0453 3260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/06/21 20:36:30.0531 3260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/06/21 20:36:30.0546 3260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/06/21 20:36:30.0609 3260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/06/21 20:36:30.0718 3260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/06/21 20:36:30.0765 3260 BCM42RLY (438179abe9b7a922a21b8d6369ff52ff) C:\WINDOWS\System32\BCM42RLY.SYS 2011/06/21 20:36:30.0812 3260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/06/21 20:36:30.0890 3260 BVRPMPR5 (51b327292408b5f3a42e295bce055859) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 2011/06/21 20:36:30.0953 3260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/06/21 20:36:30.0968 3260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/06/21 20:36:31.0000 3260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/06/21 20:36:31.0062 3260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/06/21 20:36:31.0093 3260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/06/21 20:36:31.0156 3260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/06/21 20:36:31.0218 3260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/06/21 20:36:31.0250 3260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/06/21 20:36:31.0312 3260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/06/21 20:36:31.0375 3260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/06/21 20:36:31.0468 3260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/06/21 20:36:31.0531 3260 DLABMFSM (0659e6e0a95564f958d9df7313f7701e) C:\WINDOWS\system32\DLA\DLABMFSM.SYS 2011/06/21 20:36:31.0546 3260 DLABOIOM (8691c78908f0bd66170669db268369f2) C:\WINDOWS\system32\DLA\DLABOIOM.SYS 2011/06/21 20:36:31.0578 3260 DLACDBHM (76167b5eb2dffc729edc36386876b40b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS 2011/06/21 20:36:31.0593 3260 DLADResM (5615744a1056933b90e6ac54feb86f35) C:\WINDOWS\system32\DLA\DLADResM.SYS 2011/06/21 20:36:31.0609 3260 DLAIFS_M (1aeca2afa5005ce4a550cf8eb55a8c88) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS 2011/06/21 20:36:31.0625 3260 DLAOPIOM (840e7f6abb885c72b9ffddb022ef5b6d) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS 2011/06/21 20:36:31.0640 3260 DLAPoolM (0294d18731ac05da80132ce88f8a876b) C:\WINDOWS\system32\DLA\DLAPoolM.SYS 2011/06/21 20:36:31.0687 3260 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS 2011/06/21 20:36:31.0765 3260 DLAUDFAM (cca4e121d599d7d1706a30f603731e59) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS 2011/06/21 20:36:31.0796 3260 DLAUDF_M (7dab85c33135df24419951da4e7d38e5) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS 2011/06/21 20:36:31.0859 3260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/06/21 20:36:31.0921 3260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/06/21 20:36:31.0937 3260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/06/21 20:36:31.0984 3260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/06/21 20:36:32.0015 3260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/06/21 20:36:32.0062 3260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/06/21 20:36:32.0109 3260 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS 2011/06/21 20:36:32.0203 3260 DRVNDDM (6e6ab29d3c06e64ce81feacda85394b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS 2011/06/21 20:36:32.0296 3260 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys 2011/06/21 20:36:32.0328 3260 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys 2011/06/21 20:36:32.0375 3260 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/06/21 20:36:32.0421 3260 e1express (00192f0c612591d585594e9467e6ca8b) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/06/21 20:36:32.0500 3260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/06/21 20:36:32.0546 3260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/06/21 20:36:32.0609 3260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/06/21 20:36:32.0687 3260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/06/21 20:36:32.0828 3260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/06/21 20:36:32.0859 3260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/06/21 20:36:32.0921 3260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/06/21 20:36:32.0968 3260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/06/21 20:36:33.0000 3260 GTNDIS5 (fc80052194d5708254a346568f0e77c0) C:\WINDOWS\system32\GTNDIS5.SYS 2011/06/21 20:36:33.0125 3260 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/06/21 20:36:33.0187 3260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/06/21 20:36:33.0234 3260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/06/21 20:36:33.0296 3260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/06/21 20:36:33.0375 3260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/06/21 20:36:33.0421 3260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/06/21 20:36:33.0500 3260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/06/21 20:36:33.0562 3260 iaStor (019cf5f31c67030841233c545a0e217a) C:\WINDOWS\system32\drivers\iaStor.sys 2011/06/21 20:36:33.0593 3260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/06/21 20:36:33.0625 3260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/06/21 20:36:33.0687 3260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/06/21 20:36:33.0750 3260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/06/21 20:36:33.0812 3260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/06/21 20:36:33.0875 3260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/06/21 20:36:33.0921 3260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/06/21 20:36:33.0968 3260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/06/21 20:36:34.0031 3260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/06/21 20:36:34.0093 3260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/06/21 20:36:34.0140 3260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/06/21 20:36:34.0187 3260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/06/21 20:36:34.0250 3260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/06/21 20:36:34.0312 3260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/06/21 20:36:34.0390 3260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/06/21 20:36:34.0468 3260 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/06/21 20:36:34.0531 3260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/06/21 20:36:34.0578 3260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/06/21 20:36:34.0640 3260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/06/21 20:36:34.0703 3260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/06/21 20:36:34.0765 3260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/06/21 20:36:34.0796 3260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/06/21 20:36:34.0859 3260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/06/21 20:36:34.0968 3260 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/06/21 20:36:35.0000 3260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/06/21 20:36:35.0046 3260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/06/21 20:36:35.0109 3260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/06/21 20:36:35.0171 3260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/06/21 20:36:35.0218 3260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/06/21 20:36:35.0265 3260 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/06/21 20:36:35.0343 3260 NAL (1e59aaed42a5e3a5ed86ec403f9c0776) C:\WINDOWS\system32\Drivers\iqvw32.sys 2011/06/21 20:36:35.0406 3260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/06/21 20:36:35.0453 3260 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/06/21 20:36:35.0468 3260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/06/21 20:36:35.0515 3260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/06/21 20:36:35.0593 3260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/06/21 20:36:35.0640 3260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/06/21 20:36:35.0750 3260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/06/21 20:36:35.0828 3260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/06/21 20:36:35.0890 3260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/06/21 20:36:35.0968 3260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/06/21 20:36:36.0203 3260 nv (b702be0aa72ea2e1d644baef9123a4ce) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/06/21 20:36:36.0406 3260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/06/21 20:36:36.0437 3260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/06/21 20:36:36.0500 3260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/06/21 20:36:36.0546 3260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/06/21 20:36:36.0609 3260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/06/21 20:36:36.0718 3260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/06/21 20:36:36.0906 3260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/06/21 20:36:36.0968 3260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/06/21 20:36:37.0031 3260 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys 2011/06/21 20:36:37.0140 3260 pctgntdi (d15669bd3e1cf18f00b46a7949ea541f) C:\WINDOWS\system32\drivers\pctgntdi.sys 2011/06/21 20:36:37.0250 3260 pctplsg (30c931fcb8df713bcd2fb7ce763a0b47) C:\WINDOWS\system32\drivers\pctplsg.sys 2011/06/21 20:36:37.0375 3260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/06/21 20:36:37.0453 3260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/06/21 20:36:37.0531 3260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/06/21 20:36:37.0546 3260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/06/21 20:36:37.0562 3260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/06/21 20:36:37.0609 3260 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/06/21 20:36:37.0656 3260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/06/21 20:36:37.0687 3260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/06/21 20:36:37.0718 3260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/06/21 20:36:37.0718 3260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/06/21 20:36:37.0750 3260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/06/21 20:36:37.0781 3260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/06/21 20:36:37.0828 3260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/06/21 20:36:37.0843 3260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/06/21 20:36:37.0859 3260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/06/21 20:36:37.0937 3260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/06/21 20:36:37.0968 3260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/06/21 20:36:38.0031 3260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/06/21 20:36:38.0046 3260 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/06/21 20:36:38.0140 3260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/06/21 20:36:38.0234 3260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/06/21 20:36:38.0296 3260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/06/21 20:36:38.0390 3260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/06/21 20:36:38.0468 3260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/06/21 20:36:38.0531 3260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/06/21 20:36:38.0562 3260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/06/21 20:36:38.0625 3260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/06/21 20:36:38.0734 3260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/06/21 20:36:38.0796 3260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/06/21 20:36:38.0890 3260 STHDA (797fcc1d859b203958e915bb82528da9) C:\WINDOWS\system32\drivers\sthda.sys 2011/06/21 20:36:38.0953 3260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/06/21 20:36:38.0984 3260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/06/21 20:36:39.0015 3260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/06/21 20:36:39.0046 3260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/06/21 20:36:39.0093 3260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/06/21 20:36:39.0171 3260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/06/21 20:36:39.0234 3260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/06/21 20:36:39.0312 3260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/06/21 20:36:39.0390 3260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/06/21 20:36:39.0421 3260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/06/21 20:36:39.0484 3260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/06/21 20:36:39.0515 3260 TfFsMon (d2a1cd31200a6c9d3dfad022503e4836) C:\WINDOWS\system32\drivers\TfFsMon.sys 2011/06/21 20:36:39.0578 3260 TfNetMon (3e3a544d10b0ac1c4c133048f84390ac) C:\WINDOWS\system32\drivers\TfNetMon.sys 2011/06/21 20:36:39.0640 3260 TfSysMon (706be7328a35c39dbe449e10c1ac6a38) C:\WINDOWS\system32\drivers\TfSysMon.sys 2011/06/21 20:36:39.0718 3260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/06/21 20:36:39.0781 3260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/06/21 20:36:39.0812 3260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/06/21 20:36:39.0859 3260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/06/21 20:36:39.0906 3260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/06/21 20:36:39.0937 3260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/06/21 20:36:39.0984 3260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/06/21 20:36:40.0046 3260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/06/21 20:36:40.0046 3260 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 2011/06/21 20:36:40.0062 3260 USB_RNDIS_XP (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys 2011/06/21 20:36:40.0125 3260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/06/21 20:36:40.0187 3260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/06/21 20:36:40.0234 3260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/06/21 20:36:40.0312 3260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/06/21 20:36:40.0359 3260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/06/21 20:36:40.0437 3260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/06/21 20:36:40.0546 3260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/06/21 20:36:40.0578 3260 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0 2011/06/21 20:36:40.0578 3260 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/06/21 20:36:40.0593 3260 MBR (0x1B8) (06449e7c4af0550b77e260798769aa40) \Device\Harddisk1\DR4 2011/06/21 20:36:40.0593 3260 ================================================================================ 2011/06/21 20:36:40.0593 3260 Scan finished 2011/06/21 20:36:40.0593 3260 ================================================================================ 2011/06/21 20:36:40.0609 1308 Detected object count: 1 2011/06/21 20:36:40.0609 1308 Actual detected object count: 1 2011/06/21 20:37:07.0609 1308 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/06/21 20:37:07.0609 1308 \Device\Harddisk0\DR0 - ok 2011/06/21 20:37:07.0609 1308 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/06/21 20:37:13.0921 0728 Deinitialize success
  14. seansmall

    Search redirects

    Nevermind, the redirects are still there. Just not as bad as they were previously. I'm going to do those steps now.