Search Engine Redirect

Stuck on option 2

Created the disk fine, however I never reached the install screen. I have reached the attached screen. any further as it either wanted me to restore or load drivers, which was neither of your options. So I want to confirm I am doing what you intended if I select "use recovery tools...." option


And now I am on my iPad and can't figure out how to attach a photo....apple...
 
Here is the photo, it asks me to load drivers if i pick option one...but most of the drivers on the win 7 cd I have are old..
 
Hi,

I'm creating the disk now - can I ask what you think the malfunction is, or why I am creating the disk?
Click to expand...
Redirecting causing pest has made some adjustments to your partitions and that needs fixing. By having system recovery disc available we have better changes to survive if something goes south.

See if that load drivers option works. Seems that your Windows installation isn't present on that grid. Could be cos of that SSD type hard drive (driver loading could help on this).
 
Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
 
TDS killer doesn't want to run. I try and execute the program and all it does it sit there. I have rebooted, but the exe is not starting the application. there are only two files an exe and a eula? or am I missing something.
 
I tried downloading a different version, and also changing the file extension to .com and/or renaming the file.

doesn't want to run.
 
Hi,

Download GParted ISO image to your desktop. You need an empty CD for this.

Start GParted to CD burning process by double-clicking the downloaded GParted iso file and then clicking Burn-button in Windows Disc Image Burner window.

---

When GParted CD is ready reboot the system with it.

1. Choose the GParted Live (Default Settings) option and hit Enter.
2. When asked "Which Mode do you Prefer" - Hit Enter to use Gparted automatically, and the GParted Desktop will display.
3. Take a photo of the screen showing drive partitions and attach it to your post.
 
Here are the photos.

I am curious what we are looking for - or what lead you down this path. I would consider myself at least a little more adept than the average user -but I am clueless what we are seeing, is it the 1mb or partitioned space on the 2TB drive?
 
Hi,

what lead you down this path
Click to expand...
All those symptoms there gave me clue enough :)


We need to do something on that thing shown in partition 96gb SSD.jpg. Screenshot could had been more zoomed in so I could had been able to read clearly those texts there. If instructions below doesn't seem to match things visible on screen let me know and grab fresh screenshot before doing anything.


Next you need to boot into GParted and activate that 96gb SSD drive. When done:
1. right click /dev/sda2 (the one with Windows in label column) and select manage flags. Check boot option, click close.
2. right click /dev/sda3 (the one with no label) and select manage flags. Uncheck hidden (and also boot if it's still checked), click close.

After that flags for SSD drive should be like this:
/dev/sda1 with no flags
/dev/sda2 with boot flag
/dev/sda3 with no flags

When ok, click gray bar on GParted desktop to bring up an option to shutdown. Select it and remove the GParted CD from the drive and see if Windows loads up.
 
OK - sorry for the late response - been working 13 hours, and haven't been around my PC.....

so - looks like the boot sector for the OS is in that 200mb partition, if you take a look at the screen shots looks like it couldn't boot from that windows partition.

I went ahead and switched it back to boot - and everything is "normal"

I took a screen shot of the error message (little triangle next to SDA3)

Let me know what you think
 
Hi,

Could you put it like I told? Then if that boot manager is missing error still shows up please do this:

1. Boot into the Recovery Environment by using the system recovery cd I made you to create a bit earlier.
2. Select the "Repair your Computer" Option there and choose Startup Repair (you likely need to use load drivers again to get operating system instance appear in the grid).
3. When Start Up Repair finishes, reboot back into the Recovery Environment, select your Windows Installation and choose Startup Repair, again.
4. When Startup Repair is finished, you should be able to successfully boot back into Windows.
 
Hi,

Did you complete all those steps in my previous post without issues? If so then please do post fresh screenshot of GParted.
 
Hi,

Assuming that system now boots correctly please see if redirecting still occurs.
 
I did, and it doesn't - the overall performance is increased on searches also (something I expected).

Just curious though that partition is still active though, so what is the partition used for?
 
Hi,

That partition we disabled was created by TDL4 infection. It can be deleted now. Go to disk management (diskmgmt.msc command) and right click 258MB partition there. Select delete volume. When done run TDSSKiller by following those steps in my earlier post regarding it. Post back the report + fresh dds logs.
 
SO will windows just reassign that partition? honestly I am pretty amazed at how you tracked this down. I am not sure if this common place for you, but on this end you have saved me quite a bit of time/money/headaches. do you guys have the equivalent of a tip jar? BIG thanks

Here is DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Aaron at 9:04:05 on 2011-12-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8170.6297 [GMT -6:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AirPrint\airprint.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\splwow64.exe
F:\F - Programs\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
F:\F - Programs\Spybot - Search & Destroy\TeaTimer.exe
F:\F - Programs\Daemon Tools LIte\DTLite.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
F:\_Installed Programs\i Tunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Q:\140066.enu\Office14\EXCELC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
Q:\140066.enu\Office14\OffSpon.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - F:\F - Programs\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [SpybotSD TeaTimer] F:\F - Programs\Spybot - Search & Destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "F:\F - Programs\Daemon Tools LIte\DTLite.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [4623FW Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "F:\_Installed Programs\i Tunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - F:\F - Programs\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5EABEB89-85B2-49A7-AE98-4592D32FA221} : DhcpNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - F:\F - Programs\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [4623FW Scan2PC] "C:\Windows\twain_32\Samsung\SCX4623W\Scan2Pc.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "F:\_Installed Programs\i Tunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\4dk3o2ps.default\
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: F:\_Installed Programs\i Tunes\Mozilla Plugins\npitunes.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AirPrint;AirPrint;C:\Program Files (x86)\AirPrint\airprint.exe -s --> C:\Program Files (x86)\AirPrint\airprint.exe -s [?]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-4 584488]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-14 2218600]
R2 SBSDWSCService;SBSD Security Center Service;F:\F - Programs\Spybot - Search & Destroy\SDWinSec.exe [2011-12-15 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-5-21 11576]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-7 378472]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-12-30 14:09:19 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FD8C1A1-1128-46BF-B437-89DB116BDB34}\offreg.dll
2011-12-30 09:29:16 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3FD8C1A1-1128-46BF-B437-89DB116BDB34}\mpengine.dll
2011-12-30 09:21:03 -------- d-sh--w- C:\Boot
2011-12-28 14:26:22 -------- d-sh--w- C:\$RECYCLE.BIN
2011-12-28 05:10:25 -------- d-----w- C:\Users\Aaron\AppData\Local\Skyrim
2011-12-28 05:03:06 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll
2011-12-28 05:03:06 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll
2011-12-28 05:03:06 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll
2011-12-28 05:03:06 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll
2011-12-28 05:03:04 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll
2011-12-28 05:03:04 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll
2011-12-28 05:03:03 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll
2011-12-28 05:03:03 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
2011-12-28 05:03:00 517960 ----a-w- C:\Windows\System32\XAudio2_5.dll
2011-12-28 05:03:00 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-12-28 05:01:58 4496232 ----a-w- C:\Windows\System32\d3dx9_34.dll
2011-12-28 04:17:19 -------- d-----w- C:\Program Files (x86)\Steam
2011-12-27 20:09:18 -------- d-----w- C:\ComboFix
2011-12-27 18:38:05 -------- d-----w- C:\Program Files (x86)\ESET
2011-12-27 18:36:17 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-27 18:34:51 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2011-12-27 18:34:51 660368 ----a-w- C:\Windows\System32\deployJava1.dll
2011-12-25 22:32:28 98816 ----a-w- C:\Windows\sed.exe
2011-12-25 22:32:28 518144 ----a-w- C:\Windows\SWREG.exe
2011-12-25 22:32:28 256000 ----a-w- C:\Windows\PEV.exe
2011-12-25 22:32:28 208896 ----a-w- C:\Windows\MBR.exe
2011-12-23 20:52:26 1578288 ----a-w- C:\abc123.com
2011-12-16 04:21:37 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-12-02 05:09:40 -------- d-----w- C:\Users\Aaron\AppData\Roaming\Malwarebytes
2011-12-02 05:09:33 -------- d-----w- C:\ProgramData\Malwarebytes
.
==================== Find3M ====================
.
2011-11-24 04:52:09 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-11-05 05:41:43 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-11-05 05:32:50 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-05 04:35:00 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-05 04:26:03 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-05 03:32:47 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-05 02:48:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-26 05:21:20 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-10-15 06:31:56 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-10-15 05:38:59 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
.
============= FINISH: 9:04:15.36 ===============
 
Just doing 20 minutes of reading, this thing is pretty nasty.

http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot

looks like my machine/ IP address, could have been used for any number of things?...it is pretty much insane how much information a person needs to know to fully understand what the potential of these viruses are now.

On a side note - with access to the main HD, should I be concerned over any of my files being transferred via P2P off of this machine? I really don't have much, but I could go change all of my passwords to the 100 websites I use?

Thanks again for all of your help so far. i'll be gone for the next 10-12 hours. but will be back later tonight.
 
You must log in or register to reply here.
Back
Top