BleepingComputer.com: CANT STOP REDIRECTS

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

CANT STOP REDIRECTS

#1 User is offline   madkelsey13 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 11-July 11

Posted 14 July 2011 - 07:22 AM

My Browser redirects even after a restore to factory settings. Does not redirect if full address is typed in http:// bar nor from links in favourites. Ran all the advised antimalware, spyware, rootkits etc without success.


DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Mum at 13:10:04 on 2011-07-14
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.1907.574 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Mum\AppData\Local\Temp\nsz35D.tmp\SED.DAT
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://toshiba.msn.com
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Nectar Search Toolbar BHO: {B7C2F0D8-2209-4693-A15D-5A537211D48B} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll
TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll
TB: Nectar Search Toolbar: {8020143D-5926-4394-A04D-DD0B649DA121} - C:\Program Files (x86)\Nectar Search Toolbar\Toolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{CDB46838-EE40-4FA0-92A7-DF4D8358C044} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AutorunsDisabled - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-7-14 288088]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 189440]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-7-14 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-7-14 64856]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-7-14 42184]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-7-10 1811456]
R2 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-10 2320920]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-7-10 20592]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-7-10 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-7-10 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-2 344680]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-7-10 1142376]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-7-10 51576]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-7-14 600920]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2011-4-18 40832]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 84864]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-7-10 232992]
.
=============== Created Last 30 ================
.
2011-07-14 11:07:12 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-07-14 11:07:07 64856 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-07-14 11:06:41 40112 ----a-w- C:\Windows\avastSS.scr
2011-07-14 11:06:31 -------- d-----w- C:\ProgramData\AVAST Software
2011-07-14 11:06:31 -------- d-----w- C:\Program Files\AVAST Software
2011-07-13 21:51:26 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B862AB3-7F00-4299-B2F2-7D4950039546}\mpengine.dll
2011-07-13 21:51:17 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-07-13 21:47:17 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B70395D7-9310-4431-9D52-0FA9EBCE6AD7}\gapaengine.dll
2011-07-13 21:44:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-07-13 21:43:52 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-07-13 21:43:30 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-07-13 21:36:43 -------- d-----w- C:\ProgramData\AVG10
2011-07-13 18:48:19 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-13 18:48:13 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-13 18:19:50 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-07-13 18:19:50 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-07-13 17:57:07 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2011-07-13 17:57:07 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2011-07-13 17:57:07 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2011-07-13 17:57:07 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-07-13 17:57:07 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2011-07-13 17:57:07 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2011-07-13 17:57:07 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2011-07-13 17:57:07 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-07-13 17:57:07 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-07-13 17:57:07 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2011-07-13 17:56:58 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-07-13 17:53:18 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2011-07-13 17:53:18 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2011-07-13 17:39:59 148992 ----a-w- C:\Windows\System32\t2embed.dll
2011-07-13 17:37:46 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-13 17:37:46 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-07-13 17:37:46 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-07-13 17:37:24 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-07-13 17:37:24 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-07-13 17:37:19 5509504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-07-13 17:37:18 3957632 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-07-13 17:37:17 3901824 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-07-13 17:35:52 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-13 17:32:55 1739176 ----a-w- C:\Windows\System32\ntdll.dll
2011-07-13 17:31:53 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-13 17:31:52 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-13 17:31:52 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-13 17:31:51 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-07-13 17:31:51 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-07-13 17:31:49 112000 ----a-w- C:\Windows\System32\consent.exe
2011-07-13 17:31:48 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-13 17:26:59 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-13 17:26:59 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-13 17:26:58 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-13 11:03:22 -------- d-----w- C:\Users\Mum\AppData\Local\Diagnostics
2011-07-13 10:38:48 -------- d-----w- C:\Users\Mum\AppData\Roaming\AVG
2011-07-13 10:25:06 -------- d-----w- C:\Users\Mum\AppData\Roaming\WinBatch
2011-07-12 21:24:37 -------- d-----w- C:\Program Files (x86)\Nectar Search Toolbar
2011-07-12 20:40:08 -------- d-----w- C:\Users\Mum\AppData\Roaming\Malwarebytes
2011-07-12 20:39:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-10 15:59:40 -------- d-----w- C:\ProgramData\TOSHIBA Tempro
2011-07-10 15:59:40 -------- d-----w- C:\ProgramData\IsolatedStorage
2011-07-10 14:45:14 -------- d-----w- C:\Users\Mum\AppData\Roaming\AVG10
2011-07-10 14:44:16 -------- d--h--w- C:\ProgramData\Common Files
2011-07-10 14:43:10 -------- d-----w- C:\ProgramData\AVG10 prog data
2011-07-10 14:42:41 -------- d-----w- C:\Program Files (x86)\AVG
2011-07-10 14:41:38 -------- d-----w- C:\ProgramData\MFAData
2011-07-10 14:37:43 -------- d-----w- C:\Users\Mum\AppData\Local\TOSHIBA_Corporation
2011-07-10 14:31:47 -------- d-----w- C:\Users\Mum\AppData\Local\Toshiba
2011-07-10 14:30:50 -------- d-----w- C:\Users\Mum\AppData\Local\VirtualStore
2011-07-10 14:22:56 -------- d-----w- C:\Windows\OemDrv
2011-07-10 14:16:05 35008 ----a-w- C:\Windows\System32\drivers\PGEffect.sys
2011-07-10 14:13:20 626792 ----a-w- C:\Windows\System32\drivers\rtl819xp.sys
2011-07-10 14:13:20 450048 ----a-w- C:\Windows\System32\drivers\rtl8187B.sys
2011-07-10 14:13:20 442368 ----a-w- C:\Windows\System32\drivers\rtl8187Se.sys
2011-07-10 14:13:20 1221224 ----a-w- C:\Windows\System32\drivers\rtl8192se.sys
2011-07-10 14:13:20 1142376 ----a-w- C:\Windows\System32\drivers\rtl8192ce.sys
2011-07-10 14:13:19 451072 ----a-w- C:\Windows\SysWow64\ISSRemoveSP.exe
2011-07-10 14:13:19 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2011-07-10 14:12:54 -------- d-----w- C:\Windows\SysWow64\sda
2011-07-10 14:11:56 7367200 ----a-w- C:\Windows\SysWow64\RtsUStoricon.dll
2011-07-10 14:11:56 422432 ----a-w- C:\Windows\System32\RtsUStor.dll
2011-07-10 14:11:56 232992 ----a-w- C:\Windows\System32\drivers\RtsUStor.sys
2011-07-10 14:11:41 -------- d-----w- C:\Program Files\Synaptics
2011-07-10 14:07:48 24576 ----a-w- C:\Windows\SysWow64\TSCI.dll
2011-07-10 14:07:48 24576 ----a-w- C:\Windows\SysWow64\THCI.dll
2011-07-10 14:07:16 -------- d-----w- C:\Windows\SysWow64\Microsoft.VC80.MFC
2011-07-10 14:07:15 -------- d-----w- C:\ProgramData\xp
2011-07-10 14:07:15 -------- d-----w- C:\ProgramData\win7_64
2011-07-10 14:07:15 -------- d-----w- C:\ProgramData\win7_32
2011-07-10 14:07:15 -------- d-----w- C:\ProgramData\vista64
2011-07-10 14:07:15 -------- d-----w- C:\ProgramData\vista32
2011-07-10 14:07:03 20592 ----a-w- C:\Windows\System32\drivers\CeKbFilter.sys
2011-07-10 14:06:46 8192 ----a-w- C:\Windows\System32\TSBWLS.dll
2011-07-10 14:06:46 49664 ----a-w- C:\Windows\System32\HWS_Ctrl.dll
2011-07-10 14:06:15 -------- d-----w- C:\Windows\System32\Microsoft.VC80.MFC
2011-07-10 14:06:01 -------- d-----w- C:\Windows\Downloaded Installations
2011-07-10 14:03:58 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-07-10 14:03:58 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-07-10 14:02:01 538136 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-07-10 13:59:33 -------- d-----w- C:\Intel
2011-07-10 13:58:44 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2011-07-10 13:58:36 56344 ----a-w- C:\Windows\System32\drivers\HECIx64.sys
2011-07-10 13:56:07 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-07-10 13:55:30 -------- d-sh--w- C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 14:25:24 84864 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-22 20:18:28 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-04-22 20:14:08 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-04-22 19:31:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-04-22 18:49:57 482816 ----a-w- C:\Windows\System32\html.iec
2011-04-22 18:23:59 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-04-18 12:18:50 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2011-04-18 12:18:50 189440 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
============= FINISH: 13:13:25.53 ===============

Attached Log included.

Not sure if this is relevant but I keep getting this warning off avast even when my internet is closed.

Malicious url blocked

Object: 64.111.211.172

Infection: URL:Mal

Process: c:\Progran Files\Internet Explorer\iexplore.exe


when I click on more details this is what I get

Infection Details
URL:
Process: file://C:\Program Files\Internet Explorer\iexplore.exe
Infection: al


Many thanks for your help.

So Sorry forgot to include the attached file in my last post but am not sure how to do it now.

EDIT: Posts merged ~Budapest

This post has been edited by Budapest: 14 July 2011 - 04:50 PM
Reason for edit: Moved to the log forum. ~ OB

#2 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 11:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


information and logs:

    In your next post I need the following

    • .logs from DDS
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   madkelsey13 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 8
  • Joined: 11-July 11

Posted 19 July 2011 - 03:11 PM

Thank you very much for responding to my request but I no-longer need help. I have just finished reformatting my hard drive and re-installed windows using a iso official download and my product key.

many thanks.

This post has been edited by madkelsey13: 19 July 2011 - 03:11 PM

#4 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 04:42 PM

No Problem And Thanks For Letting Us Know



Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,515
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 22 July 2011 - 02:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users