Well, as I assumed, you have been allow TDSSKiller to killed all legitimate items. None of this is malicious. You have killed the legit drivers. Some things from now on might not work properly. As for ComboFix log, while he was working, AntiVirus engine were not down. You’re lucky he’s gone unnoticed.
Both tool which you run have great power, and they can cause damage to the system.
Allow me to explain.
I do not mind what you do with your machine … Although warnings are clear, and where ever you see the instructions for running TDSSKiller or ComboFix,
it stood clear instructions on how to do with it.
The trick is that when someone post here the diagnostic logs (OTL for example) I look at the log line by line. Each item is important to me.
And when I see the entries here as belonging to the CF and TDSSK, I lost my time looking at OTL log, because I do not know what these tools are doing before and therefore the posted log does not mean anything to me and I have to seek and catch the item …
Let’s not talk about what these tools can do (kill, delete, whipe …), by just running them because you saw someone recommended is not wise at all.
Official warning abaut Combofix. Please read:
http://www.bleepingcomputer.com/forums/topic273628.html
…or you may read authors warning in person:
http://www.techsupportforum.com/1829551-post6.html
Re-run OTL.exe.
[*]Copy and paste the following text written inside of the quote box into the Custom Scans/Fixes box.
:OTL
IE - HKU\S-1-5-21-1919952068-1180565166-816242637-1000\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
[*]Then click the Run Fix button at the top.
[*]Let the program run unhindered; it will reboot the system when it is done and open notepad with logreport. Attach here that logreport.[/list]
If the log doesn’t appear, it can be found here:
c:_OTL\MovedFiles\mmddyyyy_hhmmss.log
===== Next =====
Please download zoek.zip or zoek.rar by smeenk (
http://www.mcshield.net/personal/magna86/Images/Zoek_icon.png
) from here or here and save it to your Desktop.
Unpack the archive…
[list]
[*]Close any open browsers
[*] Temporarily disable your AntiVirus program. (If necessary)
If you are unsure how to do this please read this or this Instruction.
[*]Double click on zoek.exe to run the tool .
Please wait while the tool does not start…
[*]Copy the text present inside the code box below and paste it into the large window in the zoek tool:
EmptyCLSID;
jid1-BOjn8b0IM7kH2w@jetpack.xpi;FF
movableAppButton@Merci.chao.xpi;FF
{6005d9b1-d115-485a-a92a-3f6453ca3fe2}.xpi;FF
C:\Windows\SysNative\rzfytj.xif;F
C:\Windows\SysNative\qbhh.uyg;F
C:\Windows\SysNative\yefhggz.pns;F
C:\Windows\SysNative\giawegu.cjn;F
C:\Windows\SysNative\aecmdv.cra;F
AutoClean;
[*] Click on
http://www.mcshield.net/personal/magna86/Images/Run%20Script%20by%20zoek.png
button.
Please wait until a logreport will open (this can be after reboot)
[*]Save notepad to your Desktop and attach here zoek-results.log
Note: It will also create a log in the C:\ directory named “zoek-results.log”