« previous next »
Pages: [1] 2 3 4   Go Down

Author Topic: [Resolved] Redirect URL, please help to fix it.  (Read 2045 times)

0 Members and 1 Guest are viewing this topic.

Offline indogirl79

  • Bronze Member
  • Posts: 32
[Resolved] Redirect URL, please help to fix it.
« on: July 20, 2012, 11:10:35 PM »
Hi,

Could you help me to fix my problem?

When I search something on google via mozilla and I click on the result, it goes to another URL address.

I scanned with Malwarebytes, found 2 trojan (BHO and downloader) and I removed them, but still I got redirected to another URL.

I'm using windows xp and Mozilla ver. 12.0

What should I do?

Thank you for your help
« Last Edit: July 20, 2012, 11:16:08 PM by Hoov »
Logged


Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 22687
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #1 on: July 20, 2012, 11:18:25 PM »
My name is Hoov and I will be helping you with your problem. As you have been helped here before, I am going to skip all the preamble. If you have questions, please ask.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste both logs into your next response. You may need more than one response.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE


Please post the log from Malwarebytes' Anti-Malware after you repaired what it found.


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on click on the change parameters option.




  • Once you are in there, check all four boxes and then click on the OK button.



  • Now click the Start Scan button.



  • This is what you will see during the scan,


  • and this is what you will see when the scan is done if any threats are found. Don't change any of the recommended actions. Click the continue button.



  • Once the fix is done you might see this,




  • or it may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
Logged

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #2 on: July 21, 2012, 09:56:25 AM »
Thank you for your reply, but this morning when I start my laptop, it keeps restarting. I wasn't able to go to my windows.

I tried to scan with malwarebytes in safe mode & found nothing.

Can I run your above steps in safe mode?
Logged

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 22687
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #3 on: July 21, 2012, 01:41:37 PM »
yes.
Logged

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #4 on: July 22, 2012, 12:44:11 AM »
Thank you, I can reboot my comp. now after doing the TDSS scan.

Here are the logs you requested.

Do you see any unnecessary programs in my comp. that slowing things down or the virus / trojan that redirect the url?

Thanks
Logged

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #5 on: July 22, 2012, 01:32:08 AM »
Right now, somehow there's IE window keeps popping up. (I use Mozilla to browse)

Do you know why?
Logged

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 22687
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #6 on: July 22, 2012, 01:36:28 AM »
Can you please copy the logs and paste them into a reply? That will let me do some research on them. I took a quick look at the log from TDSSKiller and it looks like you had a very bad infection. I will probably have other scans for you to run in the morning.

What does the IE window go to?
Logged

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #7 on: July 22, 2012, 09:04:08 AM »
 It goes to random website.

It looks like somthing running at the back all the time and after few seconds IE window opens up & goes to random website.

I will paste the logs if I can access my comp later, this is from phone.
Logged

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #8 on: July 22, 2012, 09:32:49 AM »
DDS Logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 6/22/2006 6:47:40 PM
System Uptime: 7/21/2012 11:13:17 PM (0 hours ago)
Processor:         Intel(R) Pentium(R) M processor 1.86GHz | N/A | 1862/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 87 GiB total, 44.28 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is FIXED (FAT32) - 298 GiB total, 70.825 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP684: 4/20/2012 3:51:06 PM - System Checkpoint
RP685: 4/22/2012 2:51:10 PM - System Checkpoint
RP686: 4/23/2012 7:26:30 PM - System Checkpoint
RP687: 4/24/2012 7:30:22 PM - System Checkpoint
RP688: 4/25/2012 7:39:07 PM - System Checkpoint
RP689: 4/26/2012 8:18:36 PM - System Checkpoint
RP690: 4/27/2012 8:59:17 PM - System Checkpoint
RP691: 4/28/2012 10:26:15 PM - System Checkpoint
RP692: 4/29/2012 11:18:22 PM - System Checkpoint
RP693: 5/1/2012 12:10:30 PM - System Checkpoint
RP694: 5/2/2012 12:49:13 PM - System Checkpoint
RP695: 5/3/2012 1:26:51 PM - System Checkpoint
RP696: 5/4/2012 2:01:44 PM - System Checkpoint
RP697: 5/4/2012 10:05:17 PM - Installed QuickTime
RP698: 5/5/2012 11:03:08 PM - System Checkpoint
RP699: 5/7/2012 12:58:32 PM - System Checkpoint
RP700: 5/8/2012 3:12:09 PM - System Checkpoint
RP701: 5/9/2012 6:28:33 PM - System Checkpoint
RP702: 5/10/2012 6:42:52 PM - System Checkpoint
RP703: 5/15/2012 12:06:30 PM - System Checkpoint
RP704: 5/16/2012 12:11:41 PM - System Checkpoint
RP705: 5/17/2012 12:38:36 PM - System Checkpoint
RP706: 5/18/2012 1:33:21 PM - System Checkpoint
RP707: 5/20/2012 8:25:45 AM - System Checkpoint
RP708: 5/21/2012 11:40:17 AM - System Checkpoint
RP709: 5/26/2012 10:29:16 AM - System Checkpoint
RP710: 5/29/2012 10:07:45 AM - System Checkpoint
RP711: 5/30/2012 10:42:23 AM - System Checkpoint
RP712: 5/31/2012 1:06:30 PM - System Checkpoint
RP713: 6/1/2012 1:13:02 PM - System Checkpoint
RP714: 6/3/2012 10:14:33 PM - Removed Cisco AnyConnect VPN Client
RP715: 6/3/2012 10:15:08 PM - Installed Cisco AnyConnect VPN Client
RP716: 6/5/2012 2:56:54 PM - System Checkpoint
RP717: 6/6/2012 8:46:43 PM - System Checkpoint
RP718: 6/7/2012 9:56:22 PM - System Checkpoint
RP719: 6/8/2012 10:06:50 PM - System Checkpoint
RP720: 6/10/2012 10:27:13 AM - System Checkpoint
RP721: 6/11/2012 11:48:32 AM - System Checkpoint
RP722: 6/12/2012 12:22:04 PM - System Checkpoint
RP723: 6/13/2012 12:35:38 PM - System Checkpoint
RP724: 6/14/2012 12:50:16 PM - System Checkpoint
RP725: 6/15/2012 1:52:11 PM - System Checkpoint
RP726: 6/17/2012 8:55:14 PM - System Checkpoint
RP727: 6/19/2012 11:14:07 AM - System Checkpoint
RP728: 6/21/2012 9:36:26 AM - System Checkpoint
RP729: 6/22/2012 9:43:35 AM - System Checkpoint
RP730: 6/23/2012 10:07:21 AM - System Checkpoint
RP731: 6/24/2012 12:56:20 PM - System Checkpoint
RP732: 6/24/2012 5:59:34 PM - Installed TP-LINK Wireless Configuration Utility and Driver
RP733: 6/24/2012 6:00:32 PM - Installed TP-LINK Wireless Configuration Utility
RP734: 6/27/2012 12:07:14 AM - Software Distribution Service 3.0
RP735: 6/28/2012 8:17:41 AM - Software Distribution Service 3.0
RP736: 6/29/2012 10:10:04 AM - System Checkpoint
RP737: 7/4/2012 9:31:33 AM - System Checkpoint
RP738: 7/5/2012 9:39:06 AM - System Checkpoint
RP739: 7/6/2012 10:32:34 AM - System Checkpoint
RP740: 7/7/2012 11:33:15 AM - System Checkpoint
RP741: 7/8/2012 11:42:58 AM - System Checkpoint
RP742: 7/9/2012 1:24:33 PM - System Checkpoint
RP743: 7/10/2012 3:00:08 PM - System Checkpoint
RP744: 7/11/2012 4:12:34 PM - System Checkpoint
RP745: 7/12/2012 4:17:38 PM - System Checkpoint
RP746: 7/13/2012 4:24:32 PM - System Checkpoint
RP747: 7/15/2012 9:08:05 AM - System Checkpoint
RP748: 7/16/2012 3:54:09 PM - System Checkpoint
RP749: 7/17/2012 4:06:29 PM - System Checkpoint
RP750: 7/18/2012 8:47:04 PM - System Checkpoint
RP751: 7/20/2012 12:22:03 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Ad-Aware SE Personal
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Photoshop Lightroom 3
Adobe Reader 9.1
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Apple Application Support
Apple Software Update
Bejeweled 2
Business Contact Manager for Outlook 2003
Cisco AnyConnect VPN Client
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.20
Compatibility Pack for the 2007 Office system
DVgate Plus
ESET Online Scanner v3
Google Photos Screensaver
Google Talk (remove only)
Google Update Helper
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Install Network Printer Wizard
Image Converter 2 Plus
Image Resizer Powertoy for Windows XP
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD for VAIO
ISScript
Java Auto Updater
Java(TM) 6 Update 22
JEOPARDY! (remove only)
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.62.0.1300
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Office Small Business Edition 2003
Microsoft SQL Server Desktop Engine (VAIO_VEDB)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
mIRC
mMHouse
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mProSafe
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWlsSafe
mXML
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
Office 2003 Trial Assistant
OpenMG Secure Module 4.4.00
PC Connectivity Solution
PhotoImpact X3
Picaboo X
Picasa 3
QuickTime
Realtek High Definition Audio Driver
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Setting Utility Series
SonicStage 3.4
Sony Certificate PCH
Sony MP4 Shared Library
Sony Picture Utility
Sony USB Driver
Sony Utilities DLL
Sony Video Shared Library
Spybot - Search & Destroy
Spyware Doctor 7.0
SWiSHmax
TP-LINK TL-WN723N Driver
TP-LINK Wireless Configuration Utility
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VAIO Breeze Wallpaper
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
VideoCam Suite
VideoCam Suite 1.0
WebFldrs XP
Wheel of Fortune (remove only)
Win2PDF 3.40.1
Windows Driver Package -  (mr7910) Image 08/08/2006 1.4.0.0
Windows Driver Package - Nokia (WUDFRd) WPD  (11/05/2007 6.85.35.3)
Windows Driver Package - Nokia Modem  (08/03/2007 3.2)
Windows Driver Package - Nokia Modem  (08/03/2007 6.84.0.2)
Windows Driver Package - Nokia Modem  (10/12/2007 3.6)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows XP Service Pack 3
WinRAR archiver
WinUtilities for Giveawayoftheday 7.0
WinZip
Wireless Switch Setting Utility
Yahoo! Internet Mail
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
7/21/2012 9:00:57 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  DMICall Fips intelppm
7/20/2012 6:16:33 PM, error: Service Control Manager [7034]  - The PC Tools Security Service service terminated unexpectedly.  It has done this 1 time(s).
7/19/2012 11:41:30 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
7/19/2012 11:09:18 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/19/2012 11:05:26 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DMICall Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
7/19/2012 11:05:26 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/19/2012 11:05:05 AM, error: Service Control Manager [7001]  - The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/19/2012 11:05:05 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2012 11:05:05 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2012 11:05:05 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2012 11:05:05 AM, error: Service Control Manager [7001]  - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/19/2012 10:55:54 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DMICall Fips IntelIde intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss Tcpip WS2IFSL
7/18/2012 10:50:07 PM, error: Service Control Manager [7034]  - The VAIO Entertainment Database Service service terminated unexpectedly.  It has done this 1 time(s).
7/18/2012 10:50:03 PM, error: Service Control Manager [7034]  - The VAIO Entertainment File Import Service service terminated unexpectedly.  It has done this 1 time(s).
7/18/2012 10:49:45 PM, error: Service Control Manager [7034]  - The VAIO Event Service service terminated unexpectedly.  It has done this 1 time(s).
7/18/2012 10:49:04 PM, error: Service Control Manager [7034]  - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly.  It has done this 1 time(s).
7/18/2012 10:47:56 PM, error: Service Control Manager [7031]  - The Cisco AnyConnect VPN Agent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/15/2012 8:38:47 PM, error: NETLOGON [5719]  - No Domain Controller is available for domain NPD due to the following:  There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
7/15/2012 8:25:15 AM, error: Service Control Manager [7022]  - The VAIO Entertainment File Import Service service hung on starting.
7/15/2012 8:24:52 AM, error: Service Control Manager [7002]  - The BrPar service depends on the Parallel arbitrator group and no member of this group started.
7/15/2012 8:24:52 AM, error: Service Control Manager [7000]  - The BrSplService service failed to start due to the following error:  The system cannot find the file specified.
.


.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_22
Run by Rena at 23:19:41 on 2012-07-21
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1534.908 [GMT -7:00]
.
AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page =
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [InterVideo] rundll32.exe "c:\documents and settings\rena\local settings\application data\intervideo\codrwwcf.dll",DllUnregisterServer
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B002C40E-DF8C-4CF0-A88C-964A67349BE9} : DhcpNameServer = 192.168.2.1
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\rena\application data\mozilla\firefox\profiles\a5c80s3n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\rena\application data\mozilla\firefox\profiles\a5c80s3n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\rena\application data\mozilla\firefox\profiles\a5c80s3n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-7 207280]
R3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [2012-6-24 1076968]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-2-21 71961]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2011-9-22 645048]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-7-4 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-27 135664]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-4-23 40840]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-4-23 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-4-23 81288]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-17 113120]
S3 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -svaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-4-23 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-4-23 1141200]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.exe -i vaio_vedb --> c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== Created Last 30 ================
.
2012-07-22 06:15:55   770384   ----a-w-   c:\program files\mozilla firefox\msvcr100.dll
2012-07-22 06:15:55   421200   ----a-w-   c:\program files\mozilla firefox\msvcp100.dll
2012-07-21 00:09:34   --------   d-----w-   c:\windows\LastGood.Tmp
2012-07-18 17:32:51   --------   d-----w-   c:\documents and settings\rena\local settings\application data\InterVideo
2012-07-05 05:30:41   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-25 01:01:00   --------   d-----w-   c:\documents and settings\rena\application data\TP-LINK
2012-06-25 01:00:35   --------   d-----w-   c:\program files\TP-LINK
2012-06-25 00:59:45   1076968   ----a-w-   c:\windows\system32\rtl8192cu.sys
2012-06-25 00:59:44   1076968   ----a-w-   c:\windows\system32\drivers\RTL8192cu.sys
2012-06-25 00:53:19   --------   d-----w-   c:\documents and settings\all users\application data\TP-LINK
.
==================== Find3M  ====================
.
2012-07-11 20:51:14   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19:44   22040   ----a-w-   c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19:38   219160   ----a-w-   c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19:38   15384   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19:34   15384   ----a-w-   c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19:30   17944   ----a-w-   c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:18:58   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-06-02 22:18:58   214256   ----a-w-   c:\windows\system32\muweb.dll
2012-06-02 22:18:58   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
.
=================== ROOTKIT  ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: HTS541010G9SA00 rev.MBZOC60D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4314B1]<<
c:\windows\system32\drivers\PCTCore.sys PC Tools Kernel Driver Suite
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a43893c]; MOV EAX, [0x8a438ab0]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x8A4B9AB8]
3 CLASSPNP[0xF7657FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x8A549AA8]
5 PCTCore[0xF741F88F] -> nt!IofCallDriver[0x804E37D5] -> \Device\00000083[0x8A54C900]
7 ACPI[0xF758E620] -> nt!IofCallDriver[0x804E37D5] -> [0x8A4E1940]
\Driver\atapi[0x8A505570] -> IRP_MJ_CREATE -> 0x8A4314B1
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a;  }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A4312E2
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
Logged

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #9 on: July 22, 2012, 09:51:45 AM »
23:30:55.0234 0872   \Device\Harddisk0\DR0\Partition0 - ok
23:30:55.0234 0872   Boot (0x1200)   (33103fb9bcde8af244d6f4290f46ff0e) \Device\Harddisk1\DR3\Partition0
23:30:55.0234 0872   \Device\Harddisk1\DR3\Partition0 - ok
23:30:55.0250 0872   Boot (0x1200)   (e2d041a6683a0c5999cdd33b32887c3f) \Device\Harddisk6\DR9\Partition0
23:30:55.0250 0872   \Device\Harddisk6\DR9\Partition0 - ok
23:30:55.0250 0872   ============================================================
23:30:55.0250 0872   Scan finished
23:30:55.0250 0872   ============================================================
23:30:55.0359 0200   Detected object count: 28
23:30:55.0359 0200   Actual detected object count: 28
23:38:25.0859 0200   Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0859 0200   Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0875 0200   AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0875 0200   AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0906 0200   aspnet_state ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0906 0200   aspnet_state ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0921 0200   BrPar ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0921 0200   BrPar ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0937 0200   cdrbsdrv ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0937 0200   cdrbsdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0937 0200   EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0937 0200   EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0953 0200   IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0953 0200   IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0968 0200   Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0968 0200   Image Converter video recording monitor for VAIO Entertainment ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:25.0984 0200   MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:25.0984 0200   MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0000 0200   MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0000 0200   MSSQLServerADHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0015 0200   PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0015 0200   PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0031 0200   RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0031 0200   RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0046 0200   S24EventMonitor ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0046 0200   S24EventMonitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0062 0200   s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0062 0200   s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0062 0200   ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0062 0200   ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0078 0200   SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0078 0200   SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0093 0200   SSScsiSV ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0093 0200   SSScsiSV ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0109 0200   VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0109 0200   VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0125 0200   VAIO Event Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0125 0200   VAIO Event Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0140 0200   VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0140 0200   VAIOMediaPlatform-IntegratedServer-AppServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0171 0200   VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0171 0200   VAIOMediaPlatform-IntegratedServer-HTTP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0187 0200   VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0187 0200   VAIOMediaPlatform-IntegratedServer-UPnP ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0187 0200   VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0187 0200   VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0203 0200   VzFw ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0203 0200   VzFw ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0218 0200   WmcCds ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0218 0200   WmcCds ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:26.0234 0200   WmcCdsLs ( UnsignedFile.Multi.Generic ) - skipped by user
23:38:26.0234 0200   WmcCdsLs ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:38:27.0093 0200   \Device\Harddisk0\DR0\# - copied to quarantine
23:38:27.0093 0200   \Device\Harddisk0\DR0 - copied to quarantine
23:38:27.0125 0200   \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
23:38:27.0140 0200   \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
23:38:27.0140 0200   \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
23:38:27.0140 0200   \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
23:38:27.0156 0200   \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
23:38:27.0156 0200   \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
23:38:27.0203 0200   \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
23:38:27.0203 0200   \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
23:38:27.0203 0200   \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
23:38:27.0218 0200   \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
23:38:27.0234 0200   \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
23:38:27.0234 0200   \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
23:38:27.0234 0200   \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
23:38:27.0234 0200   \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
23:38:27.0281 0200   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
23:38:27.0281 0200   \Device\Harddisk0\DR0 - ok
23:38:27.0281 0200   \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
23:38:27.0296 0200   \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
23:38:27.0296 0200   \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
23:39:05.0156 1004   Deinitialize success
Logged

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #10 on: July 22, 2012, 09:55:54 AM »
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.20.04

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Rena :: RENA-VAIO [administrator]

7/22/2012 8:38:32 AM
mbam-log-2012-07-22 (08-38-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219421
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bad: (\\.\globalroot\systemroot\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\n.) Good: (wbemess.dll) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\WINDOWS\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\U\00000004.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\U\80000000.@ (Trojan.Sirefef) -> Quarantined and deleted successfully.

(end)
Logged

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 22687
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #11 on: July 22, 2012, 10:24:47 AM »
Please rerun TDSSKiller using the same instructions. This time the TDSS File system entries, set them to quarantine. Then after that is done run a Spybot search and destroy scan using the instructions below (don't worry about the a log for it, just let me know how the scan and immunization went).

Download and scan with Spybot S&D 1.6.2
http://www.safer-networking.org/en/download/index.html

           1. Install Spybot. Be sure to UNCHECK TeaTimer when presented with the option to install.
           2. Run Spybot, go to the Menu Bar at the top choose Mode and make certain that "Default mode" has a check mark beside it.
           3. Click the button "Search for Updates".
           4. If any updates are found, install them by placing a checkmark next to each one and clicking "Download Updates".If you encounter any error messages while downloading the updates, manually download them from here.
           5. Click on "Immunize". When it detects what has or has not been blocked, block all remaining items by clicking the green plus sign next to immunize at the top.
           6. Click the button "Check for Problems".
           7. When Spybot is complete, it will be showing RED entries, bold BLACK entries and GREEN entries in the window.
           8. Make certain there is a check mark beside all of the RED entries ONLY.
           9. Choose "Fix Selected Problems" and allow Spybot to fix the RED entries.
          10. REBOOT to complete the scan and clear memory.

        Note: After Windows loads, Spybot may run again to clean some files that it could not clean during the prior session. Follow the same procedure.
Logged

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #12 on: July 22, 2012, 03:14:47 PM »
I just scanned with TDSS & Spybot and found nothing, but I just tried to click on www.fedex.com/Tracking & it took me to somewhere else.

What else should I do?

Btw how to uninstall teatimer? I forgot to uncheck.
Logged

Offline Hoov

  • Malware Removal Mentors
  • Global Moderator
  • Diamond Member
  • Posts: 22687
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #13 on: July 22, 2012, 03:48:24 PM »
Don't try uninstalling it, just disable it. Start Spybot and up at the top right click on mode. Then click on advanced. Now on the left click on Tools. Then click on Resident and uncheck the box for Teatimer. Close Spybot and reboot the computer.


* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall
Logged

Consumer Security

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline indogirl79

  • Bronze Member
  • Posts: 32
Re: [In Progress] Redirect URL, please help to fix it.
« Reply #14 on: July 22, 2012, 09:45:22 PM »
Here is the log:

ComboFix 12-07-21.01 - Rena 07/22/2012  20:09:29.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1534.1083 [GMT -7:00]
Running from: c:\documents and settings\Rena\Desktop\ComboFix.exe
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\NetworkService\Local Settings\Application Data\{5103dd13-a68c-aa42-0055-6c1e3d15c397}
c:\documents and settings\NetworkService\Local Settings\Application Data\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\@
c:\documents and settings\NetworkService\Local Settings\Application Data\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\n
c:\documents and settings\Rena\Local Settings\Application Data\InterVideo\codrwwcf.dll
c:\documents and settings\Rena\Start Menu\Internet Explorer.lnk
c:\documents and settings\Rena\WINDOWS
c:\windows\assembly\GAC\Desktop.ini
c:\windows\dasetup.log
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\@
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\L\00000004.@
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\L\1afb2d56
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\L\201d3dde
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\n
c:\windows\Installer\{5103dd13-a68c-aa42-0055-6c1e3d15c397}\U\80000032.@
c:\windows\system32\CddbCdda.dll
c:\windows\system32\MUI\040C\tourstart.exe
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0C0A\tourstart.exe
c:\windows\system32\PowerToyReadme.htm
c:\windows\system32\SET187.tmp
c:\windows\system32\SET188.tmp
c:\windows\system32\SET189.tmp
c:\windows\system32\SET18E.tmp
c:\windows\system32\SET196.tmp
c:\windows\system32\SET198.tmp
c:\windows\system32\SET1AD.tmp
c:\windows\system32\SET1B6.tmp
c:\windows\system32\SET1BB.tmp
c:\windows\system32\SET1BC.tmp
c:\windows\system32\SET1BD.tmp
c:\windows\system32\SET1BE.tmp
c:\windows\system32\SET1D5.tmp
c:\windows\system32\SET1DC.tmp
c:\windows\system32\SET1E6.tmp
c:\windows\system32\SET1ED.tmp
c:\windows\system32\SET318.tmp
c:\windows\system32\SET319.tmp
c:\windows\system32\SET31A.tmp
c:\windows\system32\SET31F.tmp
c:\windows\system32\SET329.tmp
c:\windows\system32\SET343.tmp
c:\windows\system32\SET34C.tmp
K:\autorun.inf
K:\setup.exe
.
.
(((((((((((((((((((((((((   Files Created from 2012-06-23 to 2012-07-23  )))))))))))))))))))))))))))))))
.
.
2012-07-22 06:38 . 2012-07-22 06:38   --------   d-----w-   C:\TDSSKiller_Quarantine
2012-07-22 06:15 . 2012-07-22 06:15   770384   ----a-w-   c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-22 06:15 . 2012-07-22 06:15   421200   ----a-w-   c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-20 03:25 . 2012-07-20 03:25   --------   d-----w-   c:\documents and settings\NetworkService\Local Settings\Application Data\InterVideo
2012-07-19 18:15 . 2012-07-19 18:15   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\InterVideo
2012-07-18 17:32 . 2012-07-23 03:18   --------   d-----w-   c:\documents and settings\Rena\Local Settings\Application Data\InterVideo
2012-07-05 05:30 . 2012-07-22 07:03   426184   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-06-25 01:01 . 2012-06-25 01:01   --------   d-----w-   c:\documents and settings\Rena\Application Data\TP-LINK
2012-06-25 01:00 . 2012-06-25 01:00   --------   d-----w-   c:\program files\TP-LINK
2012-06-25 00:59 . 2011-04-08 20:31   1076968   ----a-w-   c:\windows\system32\rtl8192cu.sys
2012-06-25 00:59 . 2011-04-08 20:31   1076968   ----a-w-   c:\windows\system32\drivers\RTL8192cu.sys
2012-06-25 00:53 . 2012-06-25 01:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\TP-LINK
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 07:03 . 2011-12-22 03:54   70344   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-22 06:44 . 2012-07-22 06:44   19511   ----a-w-   C:\TDSSKiller.2.7.46.0_21.07.2012_23.28.56_log.zip
2012-07-03 20:46 . 2009-07-25 01:09   22344   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-06-02 22:19 . 2007-06-21 01:43   22040   ----a-w-   c:\windows\system32\wucltui.dll.mui
2012-06-02 22:19 . 2007-06-21 01:43   15384   ----a-w-   c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 22:19 . 2006-02-21 22:14   329240   ----a-w-   c:\windows\system32\wucltui.dll
2012-06-02 22:19 . 2006-02-21 22:14   219160   ----a-w-   c:\windows\system32\wuaucpl.cpl
2012-06-02 22:19 . 2006-02-21 22:14   210968   ----a-w-   c:\windows\system32\wuweb.dll
2012-06-02 22:19 . 2007-06-21 01:43   15384   ----a-w-   c:\windows\system32\wuapi.dll.mui
2012-06-02 22:19 . 2006-02-21 22:14   53784   ----a-w-   c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2006-02-21 22:14   35864   ----a-w-   c:\windows\system32\wups.dll
2012-06-02 22:19 . 2006-02-21 21:01   97304   ----a-w-   c:\windows\system32\cdm.dll
2012-06-02 22:19 . 2005-05-26 11:16   45080   ----a-w-   c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2007-06-21 01:43   17944   ----a-w-   c:\windows\system32\wuaueng.dll.mui
2012-06-02 22:19 . 2006-02-21 22:14   577048   ----a-w-   c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2006-02-21 22:14   1933848   ----a-w-   c:\windows\system32\wuaueng.dll
2012-06-02 22:18 . 2010-01-01 02:17   275696   ----a-w-   c:\windows\system32\mucltui.dll
2012-06-02 22:18 . 2010-01-01 02:17   214256   ----a-w-   c:\windows\system32\muweb.dll
2012-06-02 22:18 . 2010-01-01 02:17   17136   ----a-w-   c:\windows\system32\mucltui.dll.mui
2012-07-22 06:15 . 2011-09-15 03:02   136672   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-27 6746112]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-08-12 02:09   73728   ----a-w-   c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/7/2009 11:12 PM 207280]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [9/22/2011 11:43 AM 645048]
R3 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R3 RTL8192cu;%RTL8192cu.DeviceDesc%;c:\windows\system32\drivers\RTL8192cu.sys [6/24/2012 5:59 PM 1076968]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2/21/2006 2:02 PM 71961]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 11:01 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/27/2010 11:01 PM 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/17/2012 9:53 AM 113120]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [4/23/2008 11:38 PM 358600]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 02:20]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 06:01]
.
2012-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 06:01]
.
2009-08-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: microsoft.com\office
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Rena\Application Data\Mozilla\Firefox\Profiles\a5c80s3n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-InterVideo - c:\documents and settings\Rena\Local Settings\Application Data\InterVideo\codrwwcf.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-22 20:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  InterVideo = rundll32.exe "c:\documents and settings\Rena\Local Settings\Application Data\InterVideo\codrwwcf.dll",DllUnregisterServer?3456789
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4186146091-4134632197-3998789832-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{083E4D8E-2C19-5002-AEBA-421B3F674AF6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"oahhaiincefjenoibkopfgibamfjeb"=hex:64,61,68,62,62,67,64,66,00,85
"oaloclmbgnpcihiljhgbngflplpafc"=hex:6b,61,6f,62,70,68,65,6d,61,6d,66,62,6a,67,
   68,6b,66,67,6d,62,6c,69,00,7c
"najhocebakjodchmjpbnocekgcaj"=hex:6b,61,6f,62,70,68,65,6d,61,6d,66,62,6a,67,
   68,6b,66,67,6d,62,6c,69,00,7c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
.
**************************************************************************
.
Completion time: 2012-07-22  20:33:10 - machine was rebooted
ComboFix-quarantined-files.txt  2012-07-23 03:33
.
Pre-Run: 45,804,380,160 bytes free
Post-Run: 45,984,296,960 bytes free
.
- - End Of File - - 464BAF5942C60B0D8B8929A6E00BA2CA


Let me know if there is any unnecessary programs running.
Logged
Pages: [1] 2 3 4   Go Up
« previous next »