Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics
Reload this Page Freeze.com Net Assistant?

        
Join Tech Support Forum Today

 
 
Thread Tools Search this Thread


Old 10-28-2011, 11:14 PM   #1
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Freeze.com Net Assistant?
Hello, somehow i seem to have a new friend in my add remove programs called Freeze.com net assistant? Apparently trying to fix my pc, i somehow installed this, yesterday, by looking at the folders. Anyways, i can remove it through the add/remove, but wasnt sure after reading up on it, if i should make sure theres nothing else. I will post the logs. I appreciate your help.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Josh Grassi at 1:43:18 on 2011-10-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2956 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257537500812
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A1BAE528-D7B1-42EB-A977-A3D86823FC2B} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\josh grassi\application data\mozilla\firefox\profiles\r1nk3976.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl3360c736;MpKsl3360c736;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf4b1b56-5914-4154-a30a-e412c314f589}\MpKsl3360c736.sys [2011-10-29 28752]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-7-23 12184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-27 2253120]
S1 MpKsl44f8345f;MpKsl44f8345f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{50f533cf-3c37-4aee-8f66-78703a230113}\mpksl44f8345f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{50f533cf-3c37-4aee-8f66-78703a230113}\MpKsl44f8345f.sys [?]
S1 MpKsl46c977ca;MpKsl46c977ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\mpksl46c977ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\MpKsl46c977ca.sys [?]
S1 MpKsl48c054b2;MpKsl48c054b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb7c237-f309-483b-94e1-6b010897320d}\mpksl48c054b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb7c237-f309-483b-94e1-6b010897320d}\MpKsl48c054b2.sys [?]
S1 MpKsl8987112c;MpKsl8987112c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\mpksl8987112c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\MpKsl8987112c.sys [?]
S1 MpKsl9414d5c4;MpKsl9414d5c4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\mpksl9414d5c4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\MpKsl9414d5c4.sys [?]
S1 MpKslbdfaa35f;MpKslbdfaa35f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\mpkslbdfaa35f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\MpKslbdfaa35f.sys [?]
S1 MpKsleb1a2cfd;MpKsleb1a2cfd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\mpksleb1a2cfd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\MpKsleb1a2cfd.sys [?]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-11-6 47624]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [2008-11-19 2688]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-29 05:34:34 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf4b1b56-5914-4154-a30a-e412c314f589}\MpKsl3360c736.sys
2011-10-29 05:34:32 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf4b1b56-5914-4154-a30a-e412c314f589}\offreg.dll
2011-10-29 05:34:30 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{cf4b1b56-5914-4154-a30a-e412c314f589}\mpengine.dll
2011-10-29 04:40:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 01:27:38 -------- d-----w- c:\program files\Freeze.com
2011-10-29 01:27:30 -------- d-----w- c:\program files\Yahoo!
2011-10-28 05:27:50 -------- d-----w- C:\Gigabyte lan
2011-10-27 21:43:40 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-10-27 21:43:10 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-27 21:43:10 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-27 21:43:10 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-27 21:43:10 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-27 21:43:09 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-27 21:43:09 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-27 21:43:04 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-27 21:43:04 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-27 21:43:04 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-27 21:40:33 -------- d-----w- C:\NVIDIA
2011-10-27 00:50:34 -------- d-----w- c:\program files\Speccy
2011-10-22 14:45:01 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-22 14:37:17 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-22 14:37:14 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-22 14:37:13 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-10-22 14:31:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-10-22 14:30:59 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-22 14:29:58 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-22 14:28:59 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-22 14:27:59 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-10-22 14:26:13 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-22 14:26:12 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-22 14:26:10 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-22 14:26:08 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-22 14:26:07 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2011-10-22 14:26:06 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-10-22 14:26:04 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-10-22 14:26:02 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-10-22 14:26:00 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-10-22 14:26:00 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2011-10-22 14:25:58 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2011-10-22 14:25:56 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-10-22 14:25:56 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2011-10-22 14:25:54 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-10-22 14:25:51 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-10-22 14:25:50 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2011-10-22 14:25:49 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-10-22 14:25:47 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2011-10-22 14:25:46 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2011-10-22 14:18:22 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-22 14:16:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-10-22 14:16:57 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2011-10-22 14:16:55 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2011-10-22 14:16:55 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2011-10-22 14:16:53 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-10-22 14:16:52 31744 -c--a-w- c:\windows\system32\dllcache\pagecnt.dll
2011-10-22 14:14:58 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-10-22 14:13:59 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-10-22 14:13:57 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2011-10-22 14:13:56 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-10-22 14:13:54 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-10-22 14:13:54 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2011-10-22 14:12:09 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2011-10-22 14:12:09 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-10-22 14:12:08 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2011-10-22 14:12:06 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2011-10-22 14:12:06 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2011-10-22 14:11:59 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-10-22 14:11:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-22 14:11:56 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-22 14:11:51 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-22 14:11:51 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-22 14:05:59 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-10-22 14:05:58 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-10-22 14:05:56 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-10-22 14:05:55 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-10-22 14:05:54 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-10-22 14:05:52 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-10-22 14:05:50 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-10-22 14:05:46 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-22 13:19:30 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2011-10-22 13:18:15 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2011-10-22 13:18:08 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-10-22 13:18:07 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-10-22 13:18:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-22 13:18:04 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-10-22 13:18:03 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-10-22 13:18:01 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-10-22 13:18:00 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-10-22 13:16:58 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-10-22 13:15:59 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2011-10-22 13:14:58 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2011-10-22 13:13:59 110592 -c--a-w- c:\windows\system32\dllcache\dc260usd.dll
2011-10-22 13:12:57 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2011-10-22 13:11:40 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-21 20:23:18 -------- d-----w- c:\program files\VideoLAN
2011-10-21 20:23:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 18:50:42 -------- d-----w- c:\windows\system32\Adobe
2011-10-21 15:08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 15:03:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 15:03:09 -------- d-----w- c:\documents and settings\josh grassi\application data\Malwarebytes
2011-10-21 15:03:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-21 14:58:13 98816 ----a-w- c:\windows\sed.exe
2011-10-21 14:58:13 518144 ----a-w- c:\windows\SWREG.exe
2011-10-21 14:58:13 256000 ----a-w- c:\windows\PEV.exe
2011-10-21 14:58:13 208896 ----a-w- c:\windows\MBR.exe
2011-10-15 04:16:17 -------- d-----w- c:\documents and settings\josh grassi\local settings\application data\TechSmith
2011-10-05 23:38:35 -------- d-----w- c:\documents and settings\josh grassi\application data\NVIDIA
2011-10-05 23:19:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-05 23:19:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-05 22:10:48 -------- d-----w- c:\program files\WhoCrashed
2011-10-05 22:00:26 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-05 21:53:10 -------- d-----w- c:\documents and settings\josh grassi\application data\Windows Search
2011-10-04 16:00:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 15:45:26 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-02 18:21:35 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-02 02:18:56 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
==================== Find3M ====================
.
2011-10-21 20:22:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-09 01:59:07 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-08 04:50:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50:00 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50:00 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50:00 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50:00 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50:00 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50:00 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50:00 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50:00 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-05 23:38:42 189744 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-24 21:46:13 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 1:43:53.73 ===============
Attached Files
File Type: zip attach.zip (4.1 KB, 9 views)

__________________
grassi is offline  
Old 10-29-2011, 08:11 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,126
OS: XP Win7 Win8 Ubuntu 10.10


Re: Freeze.com Net Assistant?
Hi,

As you have already found out, you should easily be able to remove it via the Add or Remove Programs applet in Control Panel. I don't see any malware entries in the log. However, it appears that you already ran Combofix. What prompted you to run Combofix? What happened when you ran it? The log it produced contains valuable information for us. Please posts its log which should be located at C:\Combofix.txt.

I would also like to advise that while you may see ComboFix being used quite often, it should never be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool)

Going forward, I highly recommend you heed such instructions. As explained in Post 2 of our pre-posting topic...

Also, when you are done with uninstall Freeze.com, please reboot and post a fresh DDS.txt to check if it has been removed fully.

__________________


Member of ASAP since 2005
Member of UNITE since 2006

My services are free but should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
amateur is offline  
Old 10-29-2011, 09:50 AM   #3
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Re: Freeze.com Net Assistant?
combofix? I didnt use combofix? I just followed the directons with DDS and then Gmer. I did bring my pc to the shop 2 weeks ago for my many issues, but had no luck. I think they used it to remove some .dll virus, ill have to check the receipt, but like i said that was a few weeks ago. Gonna remove the Freeze.com program via add remove programs, then post my log to make sure its gone, in a new reply.
__________________
grassi is offline  
Old 10-29-2011, 02:10 PM   #4
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Re: Freeze.com Net Assistant?
Here is my new .txt. Im wondering if combofix has messed something up? Or wondering if it says, when it was used?

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by Josh Grassi at 17:05:41 on 2011-10-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2903 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257537500812
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A1BAE528-D7B1-42EB-A977-A3D86823FC2B} : DhcpNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\josh grassi\application data\mozilla\firefox\profiles\r1nk3976.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl76b71b41;MpKsl76b71b41;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbc15413-100c-41cf-8f1e-4d92a971f93a}\MpKsl76b71b41.sys [2011-10-29 28752]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2009-7-23 12184]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-27 2253120]
S1 MpKsl44f8345f;MpKsl44f8345f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{50f533cf-3c37-4aee-8f66-78703a230113}\mpksl44f8345f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{50f533cf-3c37-4aee-8f66-78703a230113}\MpKsl44f8345f.sys [?]
S1 MpKsl46c977ca;MpKsl46c977ca;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\mpksl46c977ca.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\MpKsl46c977ca.sys [?]
S1 MpKsl48c054b2;MpKsl48c054b2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb7c237-f309-483b-94e1-6b010897320d}\mpksl48c054b2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb7c237-f309-483b-94e1-6b010897320d}\MpKsl48c054b2.sys [?]
S1 MpKsl8987112c;MpKsl8987112c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\mpksl8987112c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\MpKsl8987112c.sys [?]
S1 MpKsl9414d5c4;MpKsl9414d5c4;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\mpksl9414d5c4.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\MpKsl9414d5c4.sys [?]
S1 MpKslbdfaa35f;MpKslbdfaa35f;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\mpkslbdfaa35f.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e7145321-804a-4201-92d6-82deaea6f93e}\MpKslbdfaa35f.sys [?]
S1 MpKsleb1a2cfd;MpKsleb1a2cfd;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\mpksleb1a2cfd.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{be441d5e-93b9-468e-a591-b73f3749400c}\MpKsleb1a2cfd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\GSvr.exe [2008-11-6 47624]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [2008-11-19 2688]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-10-29 20:27:19 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbc15413-100c-41cf-8f1e-4d92a971f93a}\MpKsl76b71b41.sys
2011-10-29 20:27:17 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbc15413-100c-41cf-8f1e-4d92a971f93a}\offreg.dll
2011-10-29 06:36:23 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{fbc15413-100c-41cf-8f1e-4d92a971f93a}\mpengine.dll
2011-10-29 04:40:07 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-29 01:27:30 -------- d-----w- c:\program files\Yahoo!
2011-10-28 05:27:50 -------- d-----w- C:\Gigabyte lan
2011-10-27 21:43:40 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation
2011-10-27 21:43:10 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-27 21:43:10 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-27 21:43:10 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-27 21:43:10 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-27 21:43:09 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-27 21:43:09 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-27 21:43:04 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-27 21:43:04 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-10-27 21:43:04 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-10-27 21:40:33 -------- d-----w- C:\NVIDIA
2011-10-27 00:50:34 -------- d-----w- c:\program files\Speccy
2011-10-22 14:45:01 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-10-22 14:37:17 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2011-10-22 14:37:14 53760 -c--a-w- c:\windows\system32\dllcache\wiamsmud.dll
2011-10-22 14:37:13 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-10-22 14:31:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2011-10-22 14:30:59 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-10-22 14:29:58 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2011-10-22 14:28:59 252032 -c--a-w- c:\windows\system32\dllcache\sis300iv.dll
2011-10-22 14:27:59 82432 -c--a-w- c:\windows\system32\dllcache\rwia450.dll
2011-10-22 14:26:13 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2011-10-22 14:26:12 40448 -c--a-w- c:\windows\system32\dllcache\ql1240.sys
2011-10-22 14:26:10 45312 -c--a-w- c:\windows\system32\dllcache\ql12160.sys
2011-10-22 14:26:08 33152 -c--a-w- c:\windows\system32\dllcache\ql10wnt.sys
2011-10-22 14:26:07 40320 -c--a-w- c:\windows\system32\dllcache\ql1080.sys
2011-10-22 14:26:06 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2011-10-22 14:26:04 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2011-10-22 14:26:02 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2011-10-22 14:26:00 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2011-10-22 14:26:00 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2011-10-22 14:25:58 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2011-10-22 14:25:56 363520 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2011-10-22 14:25:56 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2011-10-22 14:25:54 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2011-10-22 14:25:51 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2011-10-22 14:25:50 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2011-10-22 14:25:49 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2011-10-22 14:25:47 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2011-10-22 14:25:46 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll
2011-10-22 14:18:22 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-10-22 14:16:59 29769 -c--a-w- c:\windows\system32\dllcache\pcntn5m.sys
2011-10-22 14:16:57 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2011-10-22 14:16:55 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2011-10-22 14:16:55 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2011-10-22 14:16:53 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2011-10-22 14:16:52 31744 -c--a-w- c:\windows\system32\dllcache\pagecnt.dll
2011-10-22 14:14:58 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2011-10-22 14:13:59 7168 -c--a-w- c:\windows\system32\dllcache\mxport.dll
2011-10-22 14:13:57 19968 -c--a-w- c:\windows\system32\dllcache\mxnic.sys
2011-10-22 14:13:56 19968 -c--a-w- c:\windows\system32\dllcache\mxicfg.dll
2011-10-22 14:13:54 21888 -c--a-w- c:\windows\system32\dllcache\mxcard.sys
2011-10-22 14:13:54 12672 -c--a-w- c:\windows\system32\dllcache\mutohpen.sys
2011-10-22 14:12:09 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2011-10-22 14:12:09 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2011-10-22 14:12:08 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2011-10-22 14:12:06 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2011-10-22 14:12:06 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2011-10-22 14:11:59 5504 -c--a-w- c:\windows\system32\dllcache\mstee.sys
2011-10-22 14:11:59 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-10-22 14:11:56 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-10-22 14:11:51 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-10-22 14:11:51 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-10-22 14:05:59 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2011-10-22 14:05:58 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2011-10-22 14:05:56 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2011-10-22 14:05:55 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2011-10-22 14:05:54 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2011-10-22 14:05:52 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2011-10-22 14:05:50 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2011-10-22 14:05:46 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2011-10-22 13:19:30 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2011-10-22 13:18:15 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2011-10-22 13:18:08 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-10-22 13:18:07 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2011-10-22 13:18:05 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2011-10-22 13:18:04 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2011-10-22 13:18:03 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2011-10-22 13:18:01 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2011-10-22 13:18:00 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2011-10-22 13:16:58 13463552 -c--a-w- c:\windows\system32\dllcache\hwxjpn.dll
2011-10-22 13:15:59 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2011-10-22 13:14:58 629952 -c--a-w- c:\windows\system32\dllcache\eqn.sys
2011-10-22 13:13:59 110592 -c--a-w- c:\windows\system32\dllcache\dc260usd.dll
2011-10-22 13:12:57 36480 -c--a-w- c:\windows\system32\dllcache\bthprint.sys
2011-10-22 13:11:40 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-10-21 20:23:18 -------- d-----w- c:\program files\VideoLAN
2011-10-21 20:23:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-21 18:50:42 -------- d-----w- c:\windows\system32\Adobe
2011-10-21 15:08:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-21 15:03:09 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-21 15:03:09 -------- d-----w- c:\documents and settings\josh grassi\application data\Malwarebytes
2011-10-21 15:03:09 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-21 14:58:13 98816 ----a-w- c:\windows\sed.exe
2011-10-21 14:58:13 518144 ----a-w- c:\windows\SWREG.exe
2011-10-21 14:58:13 256000 ----a-w- c:\windows\PEV.exe
2011-10-21 14:58:13 208896 ----a-w- c:\windows\MBR.exe
2011-10-15 04:16:17 -------- d-----w- c:\documents and settings\josh grassi\local settings\application data\TechSmith
2011-10-05 23:38:35 -------- d-----w- c:\documents and settings\josh grassi\application data\NVIDIA
2011-10-05 23:19:53 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-05 23:19:53 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-05 22:10:48 -------- d-----w- c:\program files\WhoCrashed
2011-10-05 22:00:26 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-05 21:53:10 -------- d-----w- c:\documents and settings\josh grassi\application data\Windows Search
2011-10-04 16:00:11 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 15:45:26 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-02 18:21:35 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-02 02:18:56 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
==================== Find3M ====================
.
2011-10-21 20:22:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-09 01:59:07 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-08 04:50:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50:00 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50:00 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50:00 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50:00 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50:00 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50:00 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50:00 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50:00 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-05 23:38:42 189744 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-24 21:46:13 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 1734.90 ===============
__________________
grassi is offline  
Old 10-29-2011, 10:52 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,126
OS: XP Win7 Win8 Ubuntu 10.10


Re: Freeze.com Net Assistant?
Hi grassi,

Freeze.com appears to have uninstalled cleanly. I don't see any leftovers.

Quote:
Im wondering if combofix has messed something up? Or wondering if it says, when it was used?
Combofix does not mess anything up by itself. However, there are certain circumstances when the end result may be disastrous if it was run by an untrained person. Our analysts are trained to avoid and handle such situations.

Combofix was run on the machine on October 21, 2011.
__________________


Member of ASAP since 2005
Member of UNITE since 2006

My services are free but should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
amateur is offline  
Old 10-31-2011, 12:47 AM   #6
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Re: Freeze.com Net Assistant?
Thank You Amateur, I did call the store and asked they did indeed use it on the 21 to get rid of a virus, which he spelled out but after searching, i think the spelling is off. My pc is doing better but not good. I wish i had better options here to bring my pc somewhere. Im not having much luck at either place. So far ive made more progress here, then getting it back from them. I appreciate your help. Im gonna have to find a tech that can pretty much dump this thing and start over from scratch. Still getting warnings in eventvwr, which i thought i just took care of, :( Thank You again...
__________________
grassi is offline  
Old 10-31-2011, 03:05 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,126
OS: XP Win7 Win8 Ubuntu 10.10


Re: Freeze.com Net Assistant?
If they haven't removed it, there should still be a Combofix log. Please go to Start>Run and copy paste the following command. It will bring up a text file. Please copy/paste the contents of the file. It will enable me to see what has been removed.

C:\Combofix.txt

=============

Quote:
Still getting warnings in eventvwr, which i thought i just took care of
What kind of errors? Are you referring to the errors about Microsoft Security Essentials not being able to update? Your previous Attach.txt indicates that the service has been stopped. We can address that shortly but for now please post the Combofix.txt and let's see what happened.
__________________


Member of ASAP since 2005
Member of UNITE since 2006

My services are free but should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
amateur is offline  
Old 11-01-2011, 10:26 PM   #8
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Re: Freeze.com Net Assistant?
okay, i did have the .txt and to give you the virus name that i have on the receipt its written as follows "c: system 32 verscill.exe. - Well the errors are in the event log yes. I was getting bsod for weeks, but it was either my graphics card, or my network drivers, cuz i have updated them and still have to end program once in a while but no BSOD in 3 days. But i have this unkown address that was causing the BSOD, but now it just reports application hang, but no BSOD, also a few new ones like TCPIP and W32 time warnings. Also the one you mentioned but didnt look as serious as the others. I really think its not hardware i hope.

Geeks to go had me reinstall windows, and that started the BSOD, but was having minor issues at the time, with .net framework and active x for adobe, and a few others.

I have been doing minor changes that i seem to have lost when doing the reinstall. Such as settings in bios, which im not to familiar with, but needed to make some changes to some settings for stability(trying to read off my past post here, when i built it.)

ComboFix 11-10-21.01 - Josh Grassi 10/21/2011 10:59:00.4.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3166 [GMT -4:00]
Running from: c:\combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Josh Grassi\5d.jpg
c:\documents and settings\Josh Grassi\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 13:21 . 2011-10-21 13:21 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7AAC96E-C92C-4B1C-BEFE-0A4F7F7EA610}\offreg.dll
2011-10-20 17:43 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D7AAC96E-C92C-4B1C-BEFE-0A4F7F7EA610}\mpengine.dll
2011-10-17 09:59 . 2011-10-17 15:53 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-15 04:16 . 2011-10-15 04:16 -------- d-----w- c:\documents and settings\Josh Grassi\Local Settings\Application Data\TechSmith
2011-10-13 23:14 . 2011-10-13 23:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-10-05 23:38 . 2011-10-05 23:38 -------- d-----w- c:\documents and settings\Josh Grassi\Application Data\NVIDIA
2011-10-05 23:20 . 2011-10-05 23:20 -------- d-----w- c:\documents and settings\UpdatusUser
2011-10-05 23:20 . 2011-10-05 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA
2011-10-05 23:19 . 2011-08-03 11:49 914024 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-05 23:19 . 2011-08-03 11:49 875112 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-05 22:10 . 2011-10-20 17:35 -------- d-----w- c:\program files\WhoCrashed
2011-10-05 22:00 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-05 21:53 . 2011-10-05 21:53 -------- d-----w- c:\documents and settings\Josh Grassi\Application Data\Windows Search
2011-10-04 16:00 . 2011-10-04 16:00 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-04 15:45 . 2011-10-04 15:45 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-04 15:45 . 2011-10-08 23:26 -------- d-----w- c:\program files\Windows Desktop Search
2011-10-02 18:21 . 2011-10-02 18:21 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-02 02:19 . 2011-10-02 02:19 -------- d-----w- c:\program files\Common Files\Java
2011-10-02 02:18 . 2011-10-02 02:18 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-02 02:18 . 2011-10-02 02:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-10-02 02:18 . 2011-10-02 02:18 -------- d-----w- c:\program files\Java
2011-09-26 23:07 . 2011-09-26 23:08 -------- d-----w- c:\documents and settings\Josh Grassi\Local Settings\Application Data\Deployment
2011-09-25 00:06 . 2011-07-15 13:29 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-09-25 00:06 . 2011-08-22 23:48 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-09-25 00:06 . 2011-08-22 23:48 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-09-25 00:06 . 2011-08-22 23:48 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-09-25 00:06 . 2011-08-22 23:48 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-09-25 00:06 . 2011-08-22 23:48 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-09-25 00:06 . 2011-08-22 23:48 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-09-25 00:06 . 2011-08-23 21:48 11081728 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-09-24 23:57 . 2010-12-09 13:42 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-09-24 23:57 . 2010-12-09 13:38 2192768 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-09-24 23:57 . 2010-12-09 13:07 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-09-24 23:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-09-24 23:54 . 2009-08-06 23:24 44768 ----a-w- c:\windows\system32\wups2.dll
2011-09-24 22:35 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2011-09-24 22:35 . 2008-04-14 12:00 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll
2011-09-24 22:35 . 2008-04-14 12:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-09-24 22:35 . 2008-04-14 12:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll
2011-09-24 22:35 . 2008-04-14 12:00 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll
2011-09-24 22:35 . 2008-04-14 12:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll
2011-09-24 22:35 . 2008-04-14 12:00 364032 -c--a-w- c:\windows\system32\dllcache\w3svc.dll
2011-09-24 22:35 . 2008-04-14 12:00 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2011-09-24 22:35 . 2008-04-14 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2011-09-24 22:35 . 2008-04-14 12:00 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2011-09-24 22:35 . 2008-04-14 12:00 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2011-09-24 22:33 . 2008-04-14 12:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2011-09-24 22:33 . 2008-04-14 12:00 7680 -c--a-w- c:\windows\system32\dllcache\pwsdata.dll
2011-09-24 22:33 . 2008-04-14 12:00 6144 -c--a-w- c:\windows\system32\dllcache\pmxgl.dll
2011-09-24 22:33 . 2008-04-14 12:00 131584 -c--a-w- c:\windows\system32\dllcache\pmxviceo.dll
2011-09-24 22:33 . 2008-04-14 12:00 11264 -c--a-w- c:\windows\system32\dllcache\pmxmcro.dll
2011-09-24 22:29 . 2008-04-14 12:00 53760 -c--a-w- c:\windows\system32\dllcache\pintlcsd.dll
2011-09-24 22:27 . 2008-04-14 12:00 20992 -c--a-w- c:\windows\system32\dllcache\permchk.dll
2011-09-24 22:26 . 2008-04-14 12:00 15360 -c--a-w- c:\windows\system32\dllcache\padrs804.dll
2011-09-24 22:26 . 2008-04-14 12:00 14336 -c--a-w- c:\windows\system32\dllcache\padrs412.dll
2011-09-24 22:26 . 2008-04-14 12:00 15872 -c--a-w- c:\windows\system32\dllcache\padrs404.dll
2011-09-24 22:26 . 2008-04-14 12:00 44544 -c--a-w- c:\windows\system32\dllcache\nsepm.dll
2011-09-24 22:26 . 2001-08-18 02:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2011-09-24 22:26 . 2008-04-14 12:00 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll
2011-09-24 22:25 . 2008-04-14 12:00 119808 -c--a-w- c:\windows\system32\dllcache\mtstocom.exe
2011-09-24 22:22 . 2008-04-14 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-09-24 22:22 . 2008-04-14 12:00 92032 -c--a-w- c:\windows\system32\dllcache\mga.dll
2011-09-24 22:22 . 2008-04-14 12:00 85504 -c--a-w- c:\windows\system32\dllcache\metada51.dll
2011-09-24 22:22 . 2008-04-14 12:00 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-09-24 22:22 . 2008-04-14 12:00 37888 -c--a-w- c:\windows\system32\dllcache\md5filt.dll
2011-09-24 22:22 . 2008-04-14 12:00 26624 -c--a-w- c:\windows\system32\dllcache\mdsync.dll
2011-09-24 22:22 . 2001-08-18 02:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2011-09-24 22:22 . 2008-04-14 12:00 33792 -c--a-w- c:\windows\system32\dllcache\lmmib2.dll
2011-09-24 22:22 . 2008-04-14 12:00 22528 -c--a-w- c:\windows\system32\dllcache\lpdsvc.dll
2011-09-24 22:22 . 2008-04-14 12:00 22016 -c--a-w- c:\windows\system32\dllcache\logscrpt.dll
2011-09-24 22:22 . 2008-04-14 12:00 18944 -c--a-w- c:\windows\system32\dllcache\lprmon.dll
2011-09-24 22:22 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\lonsint.dll
2011-09-24 22:13 . 2008-04-14 12:00 59904 -c--a-w- c:\windows\system32\dllcache\imkrinst.exe
2011-09-24 22:10 . 2008-04-14 12:00 45109 -c--a-w- c:\windows\system32\dllcache\imjpuex.exe
2011-09-24 21:59 . 2008-04-14 12:00 311359 -c--a-w- c:\windows\system32\dllcache\imepadsv.exe
2011-09-24 21:59 . 2008-04-14 12:00 86016 -c--a-w- c:\windows\system32\dllcache\imekrmbx.dll
2011-09-24 21:59 . 2008-04-14 12:00 44032 -c--a-w- c:\windows\system32\dllcache\imekrmig.exe
2011-09-24 21:59 . 2008-04-14 12:00 102463 -c--a-w- c:\windows\system32\dllcache\imepadsm.dll
2011-09-24 21:59 . 2008-04-14 12:00 106496 -c--a-w- c:\windows\system32\dllcache\imekrcic.dll
2011-09-24 21:57 . 2008-04-14 12:00 79872 -c--a-w- c:\windows\system32\dllcache\iislog51.dll
2011-09-24 21:57 . 2008-04-14 12:00 7168 -c--a-w- c:\windows\system32\dllcache\iisfecnv.dll
2011-09-24 21:57 . 2008-04-14 12:00 6656 -c--a-w- c:\windows\system32\dllcache\iissync.exe
2011-09-24 21:57 . 2008-04-14 12:00 60928 -c--a-w- c:\windows\system32\dllcache\iisclex4.dll
2011-09-24 21:57 . 2008-04-14 12:00 3584 -c--a-w- c:\windows\system32\dllcache\iismui.dll
2011-09-24 21:57 . 2008-04-14 12:00 19456 -c--a-w- c:\windows\system32\dllcache\iiscrmap.dll
2011-09-24 21:57 . 2008-04-14 12:00 25088 -c--a-w- c:\windows\system32\dllcache\iisadmin.dll
2011-09-24 21:57 . 2008-04-14 12:00 145408 -c--a-w- c:\windows\system32\dllcache\iische51.dll
2011-09-24 21:41 . 2008-04-14 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-09-24 21:41 . 2008-04-14 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-09-24 21:41 . 2008-04-14 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-09-24 21:41 . 2008-04-14 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-09-21 21:32 . 2011-09-21 21:32 -------- d-sh--w- c:\documents and settings\Josh Grassi\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 01:59 . 2010-07-12 17:35 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-10-05 23:38 . 2009-08-12 21:00 189744 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-10-02 02:18 . 2010-04-15 05:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2008-04-14 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2008-04-14 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-24 21:46 . 2010-06-16 22:45 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-04-14 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-04-14 12:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-03 11:49 . 2011-07-27 18:09 600680 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-08-03 11:49 . 2011-07-27 18:09 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-03 11:49 . 2011-07-27 18:09 2387560 ----a-w- c:\windows\system32\nvcuvid.dll
2011-08-03 11:49 . 2011-07-27 18:09 2090088 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-08-03 11:49 . 2011-07-27 18:09 17186816 ----a-w- c:\windows\system32\nvcompiler.dll
2011-08-03 11:49 . 2008-10-07 18:33 4210816 ----a-w- c:\windows\system32\nv4_disp.dll
2011-08-03 11:49 . 2008-10-07 18:33 12542592 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-08-03 11:49 . 2008-03-25 00:52 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-08-03 11:49 . 2008-03-25 00:52 2404864 ----a-w- c:\windows\system32\nvapi.dll
2011-08-03 11:49 . 2008-03-25 00:52 16191488 ----a-w- c:\windows\system32\nvoglnt.dll
2011-08-03 11:49 . 2008-03-25 00:52 146024 ----a-w- c:\windows\system32\nvsvc32.exe
2011-08-03 11:49 . 2008-03-25 00:52 145000 -c--a-w- c:\windows\system32\nvcolor.exe
2011-08-03 11:49 . 2008-03-25 00:52 13892200 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:49 . 2008-03-25 00:52 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:49 . 2007-12-05 06:41 5427200 ----a-w- c:\windows\system32\nvcuda.dll
2011-09-30 06:23 . 2011-09-26 20:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="NvMCTray.dll" [2011-08-03 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-07-05 1632360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST]
2007-12-14 16:46 236040 ----a-w- c:\program files\GIGABYTE\GEST\run.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-08-03 11:49 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-02-13 06:31 16857600 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\GIMP-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"4401:TCP"= 4401:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
S1 MpKsl44f8345f;MpKsl44f8345f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50F533CF-3C37-4AEE-8F66-78703A230113}\MpKsl44f8345f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{50F533CF-3C37-4AEE-8F66-78703A230113}\MpKsl44f8345f.sys [?]
S1 MpKsl48c054b2;MpKsl48c054b2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CCB7C237-F309-483B-94E1-6B010897320D}\MpKsl48c054b2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CCB7C237-F309-483B-94E1-6B010897320D}\MpKsl48c054b2.sys [?]
S1 MpKsl8987112c;MpKsl8987112c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7145321-804A-4201-92D6-82DEAEA6F93E}\MpKsl8987112c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7145321-804A-4201-92D6-82DEAEA6F93E}\MpKsl8987112c.sys [?]
S1 MpKsl9414d5c4;MpKsl9414d5c4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7145321-804A-4201-92D6-82DEAEA6F93E}\MpKsl9414d5c4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7145321-804A-4201-92D6-82DEAEA6F93E}\MpKsl9414d5c4.sys [?]
S1 MpKslbdfaa35f;MpKslbdfaa35f;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7145321-804A-4201-92D6-82DEAEA6F93E}\MpKslbdfaa35f.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{E7145321-804A-4201-92D6-82DEAEA6F93E}\MpKslbdfaa35f.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [7/23/2009 10:30 PM 12184]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [10/5/2011 7:20 PM 2255464]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [11/6/2008 4:16 PM 47624]
S3 io02;Hardware Access Driver;c:\windows\system32\io02.sys [11/19/2008 9:30 PM 2688]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 8:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - LBEEPKE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.2.6 24.92.226.11
FF - ProfilePath - c:\documents and settings\Josh Grassi\Application Data\Mozilla\Firefox\Profiles\r1nk3976.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKU-Default-RunOnce-tscuninstall - c:\windows\system32\tscupgrd.exe
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-EvtMgr6 - c:\program files\Logitech\SetPointP\SetPoint.exe
MSConfigStartUp-nwiz - nwiz.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-21 11:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1844237615-706699826-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{04C61962-5FC5-7F82-5D9A-777B412E0332}\InProcServer32*]
"jabecckdgjclbmmlhdpa"=hex:6a,61,69,66,62,62,61,67,65,63,6e,68,61,63,63,65,70,
65,6e,68,00,fa
"iabeicpccgocefgfdc"=hex:6b,61,61,66,6f,6e,69,67,6b,70,6b,63,6e,67,6b,6c,6f,6a,
6d,6b,6b,70,00,00
.
Completion time: 2011-10-21 11:02:18
ComboFix-quarantined-files.txt 2011-10-21 15:02
.
Pre-Run: 726,546,513,920 bytes free
Post-Run: 726,524,043,264 bytes free
.
- - End Of File - - EBCA8AFF5EDBA085060409BF245397A7
__________________
grassi is offline  
Old 11-02-2011, 12:00 AM   #9
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Re: Freeze.com Net Assistant?
also just realized that my ram in speccy is showing 4.00 GB Dual-Channel DDR2 @ 533MHz (5-7-7-24) .533 is 1/2 of what it should be? See my system under my profile advatar, to the left
__________________
grassi is offline  
Old 11-02-2011, 03:21 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,126
OS: XP Win7 Win8 Ubuntu 10.10


Re: Freeze.com Net Assistant?
Is this the thread you're referring to at G2G?

pc is slow /unresponsive scripts error. - Geeks to Go Forums - Page 9

I believe their recommendation was to reformat and reinstall the operating system when they advised a fresh reinstall. Not sure if that's what has been done . It doesn't appear to be the case. It looks more like you've re-installed over the existing one.

Also, between yourself, different forums, and repair shops, a lot has been done on this system. It's difficult to make a healthy analysis. We can only fix what we see in the logs. Your logs don't show any signs of infection and your initial complaint about Freeze.com Net Assistant seems to have cleared up.

You can inquire about the RAM (Random Access Memory) at our Hardware section as this forum is set up for malware removal only.
__________________


Member of ASAP since 2005
Member of UNITE since 2006

My services are free but should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
amateur is offline  
Old 11-02-2011, 09:11 AM   #11
TSF Enthusiast
 
grassi's Avatar
 
Join Date: Dec 2005
Location: upstate, n.y.
Posts: 1,020
OS: xp pro, sp3

My System

Re: Freeze.com Net Assistant?
Thats the one. He walked me through the repair or installation over the other one. But while doing this, i kept getting some scheduled disk chck, everytime my pc wanted to reboot during the installation/repair. He had me do the disk check, before the repair, but it froze up. I did a hard reboot, never canceled the scheduled disk check, and it kept interrupting me. So that may have been the issue, when trying to repair windows.

Freeze.com is gone, but the net assistant is still bugged, but i guess thats another section as well.

I will go to the RAM (Random Access Memory) to figure the ram out. G2G had me load optimized defaults but i think i had some settings in there for stability.

Just wondering whats up with Microsoft not updating? Seemed like you knew what thats about?
__________________
grassi is offline  
Old 11-02-2011, 10:09 AM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,126
OS: XP Win7 Win8 Ubuntu 10.10


Re: Freeze.com Net Assistant?
Quote:
Just wondering whats up with Microsoft not updating? Seemed like you knew what thats about?
If your antivirus is up-to-date, nothing to be concerned about. It failed to update once, possibly due to the system not being connected to the internet at the time.

Quote:
Freeze.com is gone, but the net assistant is still bugged
From your Attach.txt:

Quote:
Freeze.com NetAssistant
They don't seem to be separate applications.

Also from your Attach.txt:

Quote:
No restore point in system.
Even a bad restore point is better than not having one. If disabled, please re-enable it and set a system restore point as soon as possible.
  • Right-click on Computer and select Properties to open a Windows System Window, and click on the System protection link on the left panel.
  • Click on the Create… button at the bottom of the window to create a system restore point.
  • Type in a name for easy remembering the point, and hit Create button.
__________________


Member of ASAP since 2005
Member of UNITE since 2006

My services are free but should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
amateur is offline  
Old 11-08-2011, 02:39 AM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: here & there and everywhere
Posts: 14,126
OS: XP Win7 Win8 Ubuntu 10.10


Re: Freeze.com Net Assistant?
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

__________________


Member of ASAP since 2005
Member of UNITE since 2006

My services are free but should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.
amateur is offline  
 

« Can't open ANY exe files | Most my files are missing from all my folders »
Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bauer Net Mini Laptop? sid18 Driver Support 1 10-07-2011 05:34 PM
Ps3 to Laptop Net Connection Imapinecone Console Gaming Support 1 09-28-2011 11:14 AM
"Destination net unreachable." Occuring every 5 mins hermitri Windows XP Support 14 03-28-2011 02:35 AM
Printing Assistant - Outlook Calendar 2007 Boertjie Microsoft Office support 0 02-18-2011 01:10 AM

Post a Question




All times are GMT -7. The time now is 12:03 PM.

Contact Us - Tech Support Forum - Site Map - Community Rules - Terms of Service - Privacy - Privacy Statement - Top

Copyright 2001 - 2012, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security