BleepingComputer.com: Browser redirect

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

Browser redirect I'm having trouble with a browser redirect virus

#1 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 14 July 2011 - 07:55 PM

Here is what I have so far.

I am using Windows Vista 64bit on a Presario A900 twin processors with 2Gig ram.
I get a redirect to seemingly random website search pages running me around in circles. Some of the sites I visit Yahoo in particular does not allow this activity as often as Google.
Google is useless other than the fact that I can go to certain sites there also. kind of weird,,,,
I am not computer illiterate and this one has me baffled I have tried a lot of different tactics but to no avail. I have to say this one kind of scares me. It seems to be tied in to Google somehow. Randomly I will get a google search page pop up when I am not even on the net, it also has tried to e-mail a person in the UK using MS's e-mail client. I don't even have this set up so it hasn't been a problem as far as i can tell.
Help!



Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7091

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/13/2011 7:04:46 PM
mbam-log-2011-07-13 (19-04-46).txt

Scan type: Quick scan
Objects scanned: 170405
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Gary at 22:48:20 on 2011-07-12
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.620 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.whatcomdjs.com/
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MemberPluginBHO Class: {c3e5e149-27b7-49d1-8420-b02ac52af663} - C:\Program Files (x86)\MemberPlugin\MemberPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRunOnce: [Application Restart #4] C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --http://login.yahoo.com/config/reset_cookies_token?.token=b.8v0X_dv9IixRRi.sDUuB7wnPlfxhibcwYNWyCopznJOvT4z.neZZLBhMoqfKXTcpnerPFjM6Rx1Z1dhxfwUdlC9y1upYQKq325qmryBGYopkOQEvLnNKzFCPsJ8Y7USVIhzBbIklcAQ3CqIUQW_AMNpvsPR_KrYuj9LEqt1vPSrR0HSFE1di0BRvYbFBHEdq0xKWcXKai9Qnx6rdMw_nQ0UuuAb4TlfC5haG_3KNgNmegMnm54mrjh.RnS7x7tC364.sm3DRholDrWPcp1NrOTiAhGMy9FzxPGpEbAOWOtgLqicI1pQ_sJRlyaPGSjb0U1r7uJncGkMzd0LGre0DbCkLsq6m2MWyR_7m0XoW0mQKG0mfYbK8IPTmLUGJFN1SanhuSj9PMCAtzdCy7NZfVGRFxQt0B.LPSZt9.CFFHL9Q06z9zlkOsckGYxxjRzOe.bzpy8IOY8ZcbDggKseQqvyS8DT7ngOI64FJRqflCxme0a.tSyO5_yBw3kOdx3Q.oNBiKz.tWfSiQihJF0TVvp9hHlT34YYpn1nN3u3Pt9GuK6RDLKsYefl9JwAYvAdXYTKjv6OD6Y8O3hPyCj8tj_iZYUpNC8XO56nx3rrVmAkdCrycLntFHDUw80sRntqY0Rpagrp5ASHdwq6NkSMNrk0x7XFM._ymGdkvy.hFnKSVhL3jawNrmRfjm9jjHufs2DucwbyuVNMZc4zZASQOuek9mS5GAVY_9Cmmox7KB_d2oOdOA-&.done=http%3A%2F%2Fus%2Erd%2Eyahoo%2Ecom%2Fmessenger%2Fclient%2F%3Fhttp%3A%2F%2Fmail%2Eyahoo%2Ecom%2F --restore-last-session
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube Download - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{19613167-4D54-4106-8782-60AD1623A32D} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO-X64: DVDVideoSoftTB - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: MemberPluginBHO Class: {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files (x86)\MemberPlugin\MemberPlugin.dll
BHO-X64: MemberPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - No File
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-4 21504]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-6-15 222512]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\system32\DRIVERS\Rtnic64.sys --> C:\Windows\system32\DRIVERS\Rtnic64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-10 136176]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-10 136176]
S3 ksaud;Creative USB Audio Driver;C:\Windows\system32\drivers\ksaud.sys --> C:\Windows\system32\drivers\ksaud.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2010-6-4 19968]
S3 usbkey;USB Dongle;C:\Windows\system32\DRIVERS\USBKey64.sys --> C:\Windows\system32\DRIVERS\USBKey64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-4 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-07-13 05:41:11 -------- d-----w- C:\Users\Gary\AppData\Local\{76FCF170-2626-40E2-B788-0908EEF63B70}
2011-07-08 14:47:36 -------- d-----w- C:\Users\Gary\AppData\Local\{8E12AFBE-6120-4409-BFC9-D669B9B2C87D}
2011-07-06 20:58:28 -------- d-----w- C:\Users\Gary\AppData\Local\{36F92C3E-B2A8-4E29-9F7A-B56CAF79AC09}
2011-07-06 17:12:09 -------- d-----w- C:\Users\Gary\AppData\Local\{7C793436-9144-446E-83D9-229987A2E30D}
2011-07-06 05:11:42 -------- d-----w- C:\Users\Gary\AppData\Local\{DAC7F7A3-A90A-4AD1-AF33-B3EBA0CEAC5E}
2011-07-04 18:22:29 -------- d-----w- C:\Users\Gary\AppData\Local\{1C8F4E95-9C21-46D3-AE33-549EB99F6641}
2011-07-04 05:40:33 -------- d-----w- C:\Users\Gary\AppData\Local\{DA51331D-B971-4B3E-8153-84F7C1062B96}
2011-07-04 04:58:26 -------- d-----w- C:\Users\Gary\AppData\Local\{0AC75EDC-649A-4C24-A12A-F198FDEAA9E2}
2011-07-03 02:04:44 -------- d-----w- C:\Users\Gary\AppData\Local\{3184FA80-FC4C-4A99-BE7F-3605A935E16C}
2011-06-29 19:41:29 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-06-29 19:41:29 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-06-29 17:11:47 -------- d-----w- C:\Users\Gary\AppData\Local\{DBAAAE52-1A3D-4DEA-A7D0-723F40817834}
2011-06-25 21:22:23 -------- d-----w- C:\Users\Gary\AppData\Local\{1DA024F0-3A99-4504-AC95-D32FF5CDB70F}
2011-06-24 17:07:15 -------- d-----w- C:\Users\Gary\AppData\Local\{858758EF-5309-4327-8895-F0E7C0A6A177}
2011-06-15 22:30:57 904704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VC\msdia80.dll
2011-06-15 20:51:40 53248 ----a-w- C:\Windows\SysWow64\CSVer.dll
2011-06-15 20:51:02 -------- d-----w- C:\Users\Gary\AppData\Roaming\hpqLog
2011-06-15 20:48:50 1919968 ----a-w- C:\Windows\System32\drivers\wdfcoinstaller01005.dll
2011-06-15 20:48:50 18432 ----a-w- C:\Windows\System32\drivers\HpqKbFiltr.sys
2011-06-15 20:48:50 11136 ----a-w- C:\Windows\System32\drivers\CPQBttn64.sys
2011-06-15 20:48:47 1885488 ----a-w- C:\Windows\SysWow64\BttnCmns.dll
2011-06-15 20:48:47 1885488 ----a-w- C:\Windows\SysWow64\BttnCmn.dll
2011-06-15 20:34:13 -------- d-----w- C:\Users\Gary\{8508456b-d5ae-48db-a2f1-85ab5afed913}
2011-06-15 20:21:44 -------- d-----w- C:\Program Files (x86)\DriverFinder
2011-06-15 20:21:01 -------- d-----w- C:\Users\Gary\AppData\Roaming\DriverFinder
2011-06-15 16:48:40 -------- d-----w- C:\Users\Gary\AppData\Local\{1CD0452A-3D52-4F96-87A8-033FE4DAB54D}
2011-06-15 03:27:26 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-15 03:27:26 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-15 03:27:19 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-15 03:27:19 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-15 03:27:10 405504 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-15 03:26:44 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-15 03:26:44 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-15 03:26:44 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-15 03:26:37 2762752 ----a-w- C:\Windows\System32\win32k.sys
2011-06-15 03:26:31 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-06-15 03:26:31 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-06-15 03:26:28 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-06-15 03:26:25 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 03:26:24 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
==================== Find3M ====================
.
2011-06-14 21:21:00 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-05 05:15:14 74240 ----a-w- C:\Windows\SysWow64\NWKL2_64.DLL
2011-06-05 05:15:14 74240 ----a-w- C:\Windows\System32\NWKL2_64.DLL
2011-06-05 05:15:14 68096 ----a-w- C:\Windows\SysWow64\KL2DLL64.DLL
2011-06-05 05:15:14 68096 ----a-w- C:\Windows\System32\KL2DLL64.DLL
2011-06-05 05:15:14 47104 ----a-w- C:\Windows\SysWow64\ppmon.exe
2011-06-05 05:15:14 47104 ----a-w- C:\Windows\System32\ppmon.exe
2011-06-04 20:14:48 282624 ----a-w- C:\Windows\SysWow64\Scroll.ocx
2011-05-29 16:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 16:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-04 11:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-21 05:30:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-04-15 20:05:17 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-04-15 20:05:16 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-04-15 20:05:16 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-04-15 20:05:16 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-04-15 04:28:12 117328 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
.
============= FINISH: 22:57:40.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2010 4:35:23 PM
System Uptime: 7/12/2011 10:37:59 PM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30ED
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | CPU | 1600/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 127.647 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Adobe Shockwave Player 11.5
Advanced System Optimizer
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Blaze Audio Record Cleaner
Blaze Audio Wave Creator
Capture NX
CDGRip V2 (v2.00.32)
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
CompuHost
Conduit Engine
Creative Audio Console
Creative Sound Blaster Properties x64 Edition
D3DX10
DriverFinder
DVDVideoSoftTB Toolbar
FastStone Photo Resizer 3.0
Free Audio Converter version 2.2.17.426
Free Studio version 5.0.8
FullVu Video 3
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Common Access Service Library
HP Quick Launch Buttons
Internet Explorer Member Plugin
Java Auto Updater
Java™ 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.0.1200
Mesh Runtime
Messenger Companion
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Small Business
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Publishing Wizard 1.52
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NEF Codec
Nikon Message Center
office Convert Pdf to Jpg Jpeg Tiff Free 6.4
OmniFormat
Pdf995
PdfEdit995
Picture Control Utility
Power CD+G Burner
Power SCDG Ripper
QuickTime
Samsung ML-2010 Series
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Segoe UI
Shockwave
Solid MP4 Video Converter 3.0.3.2
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series SDK
Xara Web Designer 6
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
7/7/2011 9:30:19 AM, Error: EventLog [6008] - The previous system shutdown at 9:15:30 AM on 7/7/2011 was unexpected.
7/7/2011 2:51:01 AM, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/7/2011 2:51:01 AM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/7/2011 2:51:01 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
7/7/2011 2:51:01 AM, Error: Service Control Manager [7031] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/7/2011 2:51:01 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
7/7/2011 2:51:01 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/6/2011 1:47:39 PM, Error: EventLog [6008] - The previous system shutdown at 1:45:51 PM on 7/6/2011 was unexpected.
7/5/2011 7:02:50 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia DfsC kl1 NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr sptd tdx Wanarpv6
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2011 7:02:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
7/5/2011 7:02:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/5/2011 7:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/5/2011 7:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/5/2011 7:02:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
7/5/2011 7:02:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/5/2011 7:02:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/5/2011 7:01:00 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
7/12/2011 12:57:29 PM, Error: Service Control Manager [7000] - The w4shwdrv service failed to start due to the following error: This driver has been blocked from loading
7/12/2011 12:57:29 PM, Error: Application Popup [1060] - \??\C:\Users\Gary\AppData\Local\Temp\w4s5D8D.tmp has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/12/2011 10:39:37 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
7/12/2011 10:07:35 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough storage is available to complete this operation.
7/12/2011 10:07:35 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: Not enough storage is available to complete this operation.
7/12/2011 10:06:26 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer PDF995 with shared resource name PDF995. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================


This also popped up when I had my laptop closed,, weird random/scary stuff

HTTP Status 404 -

--------------------------------------------------------------------------------

type Status report

message

description The requested resource () is not available.


--------------------------------------------------------------------------------

Apache Tomcat/6.0.32



What does this mean? where did it come from?

Here is the scan as I have re=run everything trying to get it right this time/ Please note that my comments are now in red for ease of reading. Thanks.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/14/2011 at 22:51:44.
Operating System: Windows ™ Vista Home Premium


Processes terminated by Rkill or while it was running:

C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe


Rkill completed on 07/14/2011 at 22:52:59.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/15/2011 at 01:13 AM

Application Version : 4.55.1000

Core Rules Database Version : 7411
Trace Rules Database Version: 5223

Scan type : Complete Scan
Total Scan Time : 02:12:42

Memory items scanned : 383
Memory threats detected : 0
Registry items scanned : 12835
Registry threats detected : 0
File items scanned : 166065
File threats detected : 143

Adware.Tracking Cookie
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@invitemedia[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@adxpose[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@windows-media-player.software.informer[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@adinterax[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@content.yieldmanager[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@advertise[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@r1-ads.ace.advertising[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@apmebf[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@insightexpressai[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@search.clicksclick[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@anrtx.tacoda[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@beacon.dmsinsights[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@pointroll[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@search.seekfinds[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@doubleclick[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@revsci[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@lucidmedia[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ads.pointroll[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@content.yieldmanager[3].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@realmedia[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@advertising[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@tacoda.at.atwola[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@content.yieldmanager[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@kontera[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@www.googleadservices[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@tacoda.at.atwola[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@questionmarket[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@tribalfusion[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@serving-sys[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@zedo[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ru4[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@collective-media[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@adserver.adtechus[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@citi.bridgetrack[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ar.atwola[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@fastclick[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@imrworldwide[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ads.cnn[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@martiniadnetwork[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@trafficmp[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@atdmt[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@yieldmanager[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@at.atwola[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@track.clickpayz[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@advertise[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@enhance[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@mediaplex[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@pro-market[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@cdn.jemamedia[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@search.findsmy[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@burstnet[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@247realmedia[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@newmusiccountdown.mevio[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@www.burstnet[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@bs.serving-sys[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@media6degrees[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ad.yieldmanager[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@specificclick[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@search.boltfind[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ads.undertone[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ads.fashionetc[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@ads.blogtalkradio[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@adbrite[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@liveperson[1].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@lucidmedia[1].txt
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.imrworldwide.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.atdmt.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
dc.tremormedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.avgtechnologies.112.2o7.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.yieldmanager.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.casalemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.doubleclick.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ru4.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.apmebf.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.mediaplex.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.burstnet.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.tribalfusion.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.invitemedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.www.burstnet.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.content.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.lucidmedia.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
www.burstnet.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.questionmarket.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.fastclick.net [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.a1.interclick.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.adserver.adtechus.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
ad.yieldmanager.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.ads.pointroll.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.nextag.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.serving-sys.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
.advertising.com [ C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
secure-us.imrworldwide.com [ C:\Users\Gary\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NGSCHUBD ]
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@advertising[2].txt
C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Cookies\gary@collective-media[2].txt

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/15/2011 at 1:23:05.
Operating System: Windows ™ Vista Home Premium

I ran Rkill again and got this message


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Rkill completed on 07/15/2011 at 1:24:33.

Here is the log from the Malwarebytes scan

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7143

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

7/15/2011 1:35:56 AM
mbam-log-2011-07-15 (01-35-56).txt

Scan type: Quick scan
Objects scanned: 170940
Time elapsed: 4 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The Malwarebytes scan ran last night. No malicious items were detected.
This morning I found this on my desktop. It was an e-mail setup through Microsoft email client.
This is the body of the message.

**IMPORTANT: Please send this request from the login email address of your Google Checkout account.****
Please opt me out of the use by Google%checkout-opt-out2@google.com <checkout-opt-out2@google.com>

I ran the scan from Kaspersky and no infection was found.
I’m still infected. So far I have had no issues running any of the scans.
Thanks
Gary

Things are getting worse over here,,, I just lost all e-mail messages in both my round-cube accounts. Google is absolutely worthless. HELP!

EDIT: Posts merged ~Budapest

This post has been edited by Budapest: 16 July 2011 - 04:39 PM

#2 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 11:55 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK

    Do not re-enable these drivers until otherwise instructed.


Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt

    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply


information and logs:

    In your next post I need the following

    • .logs from DDS
    • let me know of any problems you may have had


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#3 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 19 July 2011 - 01:53 PM

Hi Gringo
Thanks so much for your help
Here is the attached DDS log
I am still getting messages such as "are you sure you want to delete this file"
Also here is a screen shot. I just figured out how to do that on this laptop,, if nothing else I earned something,,, lol
Thanks again
Gary


DDS (Ver_2011-07-14.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421
Run by Gary at 11:37:05 on 2011-07-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.635 [GMT -7:00]
.
AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe
C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BitDefender\BitDefender 2011\antispam32\bdimguiaux.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Gary\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\Windows\MSAgent\agentsvr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Gary\Downloads\Defogger (1).exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.whatcomdjs.com/
uURLSearchHooks: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - <orphaned>
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {3fdba1ba-ae28-4045-9048-4ed2f3865629} - <orphaned>
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - <orphaned>
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: MemberPluginBHO Class: {C3E5E149-27B7-49D1-8420-B02AC52AF663} - C:\Program Files (x86)\MemberPlugin\MemberPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: DVDVideoSoftTB Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
TB: Bitdefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Free YouTube Download - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - C:\Users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{19613167-4D54-4106-8782-60AD1623A32D} : DHCPNameServer = 192.168.0.1
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: Bitdefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\IEToolbar.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\ieshow.exe"
x64-Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: ipp - <Clsid value has no data>
x64-Handler: msdaipp - <Clsid value has no data>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2010-6-4 27648]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-3-16 11576]
R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-3-24 53224]
R3 bdfm;BDFM;C:\Windows\System32\drivers\bdfm.sys [2010-5-13 162896]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2007-11-1 293376]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-6-15 222512]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2008-10-29 52736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-10 136176]
S3 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2010-11-29 591968]
S3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2010-11-29 1186272]
S3 fssfltr;FssFltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-13 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-7-10 136176]
S3 ksaud;Creative USB Audio Driver;C:\Windows\System32\drivers\ksaud.sys [2009-6-4 983936]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2010-6-4 19968]
S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248]
S3 usbkey;USB Dongle;C:\Windows\System32\drivers\usbkey64.sys [2010-6-4 62808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-6-4 89920]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-07-18 16:00:30 309320 ----a-w- C:\Windows\SysWow64\drivers\TrufosAlt.sys
2011-07-16 18:18:50 72605 ----a-w- C:\ProgramData\bdinstall.bin
2011-07-13 10:01:24 50867144 ----a-w- C:\Windows\System32\mrt.exe
2011-06-14 21:21:00 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-05 05:15:14 74240 ----a-w- C:\Windows\SysWow64\NWKL2_64.DLL
2011-06-05 05:15:14 74240 ----a-w- C:\Windows\System32\NWKL2_64.DLL
2011-06-05 05:15:14 68096 ----a-w- C:\Windows\SysWow64\KL2DLL64.DLL
2011-06-05 05:15:14 68096 ----a-w- C:\Windows\System32\KL2DLL64.DLL
2011-06-05 05:15:14 47104 ----a-w- C:\Windows\SysWow64\ppmon.exe
2011-06-05 05:15:14 47104 ----a-w- C:\Windows\System32\ppmon.exe
2011-06-04 20:14:48 282624 ----a-w- C:\Windows\SysWow64\Scroll.ocx
2011-06-02 13:50:04 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-05-04 11:52:34 157472 ----a-w- C:\Windows\SysWow64\javaws.exe
2011-05-04 11:52:33 145184 ----a-w- C:\Windows\SysWow64\javaw.exe
2011-05-04 11:52:32 145184 ----a-w- C:\Windows\SysWow64\java.exe
2011-05-04 11:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-02 17:16:14 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-05-02 17:13:21 975360 ----a-w- C:\Windows\System32\inetcomm.dll
2011-04-29 16:15:56 344576 ----a-w- C:\Windows\System32\schannel.dll
2011-04-29 15:59:36 276992 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-04-29 13:41:02 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 13:40:56 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-29 13:39:34 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-29 13:39:34 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-29 13:39:31 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-23 01:37:29 17773568 ----a-w- C:\Windows\System32\mshtml.dll
2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-04-23 01:27:46 10885632 ----a-w- C:\Windows\System32\ieframe.dll
2011-04-23 01:23:54 1344000 ----a-w- C:\Windows\System32\urlmon.dll
2011-04-23 01:20:36 818176 ----a-w- C:\Windows\System32\jscript.dll
2011-04-23 01:19:35 2136064 ----a-w- C:\Windows\System32\iertutil.dll
2011-04-23 01:19:29 96256 ----a-w- C:\Windows\System32\mshtmled.dll
2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-04-23 01:17:42 248320 ----a-w- C:\Windows\System32\ieui.dll
2011-04-22 23:36:19 12269056 ----a-w- C:\Windows\SysWow64\mshtml.dll
2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-04-22 23:32:21 9703936 ----a-w- C:\Windows\SysWow64\ieframe.dll
2011-04-22 23:30:18 1102336 ----a-w- C:\Windows\SysWow64\urlmon.dll
2011-04-22 23:26:50 716800 ----a-w- C:\Windows\SysWow64\jscript.dll
2011-04-22 23:26:21 1785344 ----a-w- C:\Windows\SysWow64\iertutil.dll
2011-04-22 23:26:01 72704 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-04-22 23:24:12 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2011-04-21 14:20:24 405504 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-21 05:30:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2010-07-08 17:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe
.
============= FINISH: 11:41:29.76 ===============

Attached File(s)


This post has been edited by gringo_pr: 19 July 2011 - 02:06 PM

#4 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 02:06 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

    In your next post I need the following

  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#5 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 19 July 2011 - 04:02 PM

Hi Gringo
I'm still getting the Igoogle popups here is the Logfile. I have a new screenshot if you want it.
I had to copy and paste it here because the virus will not allow me to see it in the browse files.
Thanks
Gary

ComboFix 11-07-19.03 - Gary 07/19/2011 12:33:25.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.802 [GMT -7:00]
Running from: c:\users\Gary\Downloads\ComboFix.exe
AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DSC_0187 - Copy.JPG
c:\windows\SysWow64\office.exe
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
.
.
2011-07-19 20:17 . 2011-07-19 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-19 19:12 . 2011-07-19 19:20 -------- dc----w- C:\32788R22FWJFW
2011-07-18 16:00 . 2011-07-18 16:00 309320 ----a-w- c:\windows\SysWow64\drivers\TrufosAlt.sys
2011-07-17 19:41 . 2011-07-17 19:41 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-16 18:15 . 2011-07-16 18:15 -------- d-----w- c:\users\Gary\AppData\Roaming\BitDefender
2011-07-16 18:14 . 2011-07-16 18:14 -------- d-----w- c:\program files\BitDefender
2011-07-16 18:09 . 2011-07-16 18:09 -------- d-----w- c:\users\Gary\AppData\Roaming\QuickScan
2011-07-16 18:09 . 2011-07-16 18:20 -------- d-----w- c:\programdata\BitDefender
2011-07-16 18:09 . 2011-07-16 18:14 -------- d-----w- c:\program files\Common Files\BitDefender
2011-07-16 18:08 . 2011-03-24 22:36 431176 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2011-07-16 18:08 . 2011-07-16 18:18 72605 ----a-w- c:\programdata\bdinstall.bin
2011-07-15 23:30 . 2011-07-16 00:02 -------- d-----w- c:\users\Gary\AppData\Roaming\uTorrent
2011-07-15 23:30 . 2011-07-17 19:46 -------- d-----w- c:\program files (x86)\Object
2011-07-13 21:26 . 2011-07-13 21:26 -------- d-----w- c:\program files (x86)\CleanUp!
2011-07-12 23:14 . 2011-06-02 13:50 2764288 ----a-w- c:\windows\system32\win32k.sys
2011-07-12 23:14 . 2011-04-20 16:03 451072 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 23:14 . 2011-04-20 15:58 85504 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-05 07:43 . 2011-07-05 07:43 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-06-29 19:41 . 2011-04-29 16:15 344576 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 19:41 . 2011-04-29 15:59 276992 ----a-w- c:\windows\SysWow64\schannel.dll
2011-06-24 17:09 . 2011-06-24 17:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-14 21:21 . 2011-05-19 07:00 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-05 05:15 . 2010-06-05 00:59 74240 ----a-w- c:\windows\SysWow64\NWKL2_64.DLL
2011-06-05 05:15 . 2010-06-05 00:59 74240 ----a-w- c:\windows\system32\NWKL2_64.DLL
2011-06-05 05:15 . 2010-06-05 00:59 68096 ----a-w- c:\windows\SysWow64\KL2DLL64.DLL
2011-06-05 05:15 . 2010-06-05 00:59 68096 ----a-w- c:\windows\system32\KL2DLL64.DLL
2011-06-05 05:15 . 2010-06-05 00:59 47104 ----a-w- c:\windows\SysWow64\ppmon.exe
2011-06-05 05:15 . 2010-06-05 00:59 47104 ----a-w- c:\windows\system32\ppmon.exe
2011-06-04 20:14 . 2010-06-05 07:16 282624 ----a-w- c:\windows\SysWow64\Scroll.ocx
2011-05-04 11:52 . 2010-06-06 19:11 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-02 17:16 . 2011-06-15 03:26 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-02 17:13 . 2011-06-15 03:26 975360 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:41 . 2011-06-15 03:27 176128 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:40 . 2011-06-15 03:27 145920 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-29 13:39 . 2011-06-15 03:26 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-29 13:39 . 2011-06-15 03:26 135680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-29 13:39 . 2011-06-15 03:26 107008 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-23 01:29 . 2011-06-15 10:30 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-15 10:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-15 10:30 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-15 10:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-21 14:20 . 2011-06-15 03:27 405504 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-21 05:30 . 2011-04-21 05:30 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-21 05:29 . 2011-04-21 05:29 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-21 05:29 . 2011-04-21 05:29 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-21 05:29 . 2011-04-21 05:29 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-21 05:29 . 2011-04-21 05:29 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-21 05:29 . 2011-04-21 05:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-21 05:29 . 2011-04-21 05:29 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-21 05:29 . 2011-04-21 05:29 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-21 05:29 . 2011-04-21 05:29 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-21 05:29 . 2011-04-21 05:29 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-21 05:29 . 2011-04-21 05:29 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-21 05:29 . 2011-04-21 05:29 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-21 05:29 . 2011-04-21 05:29 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-21 05:29 . 2011-04-21 05:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-21 05:29 . 2011-04-21 05:29 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-21 05:29 . 2011-04-21 05:29 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-21 05:29 . 2011-04-21 05:29 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-04-21 05:29 . 2011-04-21 05:29 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-21 05:29 . 2011-04-21 05:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-21 05:29 . 2011-04-21 05:29 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-21 05:29 . 2011-04-21 05:29 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-21 05:29 . 2011-04-21 05:29 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-21 05:29 . 2011-04-21 05:29 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-21 05:29 . 2011-04-21 05:29 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-21 05:29 . 2011-04-21 05:29 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-21 05:29 . 2011-04-21 05:29 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-21 05:29 . 2011-04-21 05:29 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-21 05:29 . 2011-04-21 05:29 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-21 05:29 . 2011-04-21 05:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-21 05:29 . 2011-04-21 05:29 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-21 05:29 . 2011-04-21 05:29 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-21 05:29 . 2011-04-21 05:29 448512 ----a-w- c:\windows\system32\html.iec
2011-04-21 05:29 . 2011-04-21 05:29 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-21 05:29 . 2011-04-21 05:29 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-21 05:29 . 2011-04-21 05:29 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-21 05:29 . 2011-04-21 05:29 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-21 05:29 . 2011-04-21 05:29 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-21 05:29 . 2011-04-21 05:29 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2010-07-08 17:37 . 2010-07-08 17:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 19:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 23:54 175912 ----a-w- c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-02-17 206392]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-07-16 92352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 136176]
R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 136176]
R3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [x]
R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248]
R3 usbkey;USB Dongle;c:\windows\system32\DRIVERS\USBKey64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-07-16 53224]
S3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-05 222512]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 05:07]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-11 05:07]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186509149-3218873776-1939932130-1000Core.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 05:07]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-186509149-3218873776-1939932130-1000UA.job
- c:\users\Gary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-17 05:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-22 245760]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-05-25 109056]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-14 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-07-14 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-07-14 202264]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-07-16 109344]
"BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-07-16 2026680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.whatcomdjs.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube Download - c:\users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Gary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{3303E956-2A3A-48E0-BE39-2E0EF11A2F44} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe
c:\program files (x86)\Yahoo!\Messenger\YahooMessenger.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-07-19 13:53:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-19 20:53
.
Pre-Run: 137,134,862,336 bytes free
Post-Run: 137,803,685,888 bytes free
.
- - End Of File - - 3E2D4621CC6D7ABEB221D3E728FF4021

#6 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 19 July 2011 - 05:12 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


Gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#7 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 19 July 2011 - 08:59 PM

Gringo

2011/07/19 18:54:51.0587 3636 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/19 18:54:53.0592 3636 ================================================================================
2011/07/19 18:54:53.0592 3636 SystemInfo:
2011/07/19 18:54:53.0592 3636
2011/07/19 18:54:53.0592 3636 OS Version: 6.0.6002 ServicePack: 2.0
2011/07/19 18:54:53.0592 3636 Product type: Workstation
2011/07/19 18:54:53.0592 3636 ComputerName: SUPERDJ
2011/07/19 18:54:53.0595 3636 UserName: Gary
2011/07/19 18:54:53.0595 3636 Windows directory: C:\Windows
2011/07/19 18:54:53.0595 3636 System windows directory: C:\Windows
2011/07/19 18:54:53.0595 3636 Running under WOW64
2011/07/19 18:54:53.0595 3636 Processor architecture: Intel x64
2011/07/19 18:54:53.0595 3636 Number of processors: 2
2011/07/19 18:54:53.0595 3636 Page size: 0x1000
2011/07/19 18:54:53.0595 3636 Boot type: Normal boot
2011/07/19 18:54:53.0595 3636 ================================================================================
2011/07/19 18:54:59.0833 3636 Initialize success
2011/07/19 18:55:21.0475 4288 ================================================================================
2011/07/19 18:55:21.0475 4288 Scan started
2011/07/19 18:55:21.0475 4288 Mode: Manual;
2011/07/19 18:55:21.0475 4288 ================================================================================
2011/07/19 18:55:25.0022 4288 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/07/19 18:55:25.0169 4288 adp94xx (9137451d37ba1c325cd6c2def3d2d692) C:\Windows\system32\drivers\adp94xx.sys
2011/07/19 18:55:25.0554 4288 adpahci (01f80898df5cc7df19b3b11351846263) C:\Windows\system32\drivers\adpahci.sys
2011/07/19 18:55:26.0003 4288 adpu160m (da001db13fff45dfe9109936e265b7cc) C:\Windows\system32\drivers\adpu160m.sys
2011/07/19 18:55:26.0083 4288 adpu320 (2b10c35c5b7c5c0c28f572e035319602) C:\Windows\system32\drivers\adpu320.sys
2011/07/19 18:55:26.0191 4288 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/07/19 18:55:26.0259 4288 agp440 (5ccdd13bc602ae33cd8b62d33c29ab72) C:\Windows\system32\drivers\agp440.sys
2011/07/19 18:55:26.0306 4288 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/07/19 18:55:26.0362 4288 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/07/19 18:55:26.0394 4288 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/07/19 18:55:26.0443 4288 AmdK8 (de55dc52f7ceb89a967572d6b491ada2) C:\Windows\system32\drivers\amdk8.sys
2011/07/19 18:55:26.0501 4288 ApfiltrService (d6aaaf45ee27ff78d176ff5038166f39) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/19 18:55:26.0579 4288 arc (2e8623f2fed998a97129a3db919551c8) C:\Windows\system32\drivers\arc.sys
2011/07/19 18:55:26.0615 4288 arcsas (741a003c041a3ec480a2e71af71e9654) C:\Windows\system32\drivers\arcsas.sys
2011/07/19 18:55:26.0664 4288 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/19 18:55:26.0709 4288 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/07/19 18:55:27.0038 4288 athr (8aab1125385d6c2f0d2795d143118383) C:\Windows\system32\DRIVERS\athrx.sys
2011/07/19 18:55:27.0323 4288 avc3 (34fc546a5c13dae1aa07defd579effe7) C:\Windows\system32\DRIVERS\avc3.sys
2011/07/19 18:55:27.0459 4288 avckf (8a1fafe409b3d24d55be62bfc8ecec8e) C:\Windows\system32\DRIVERS\avckf.sys
2011/07/19 18:55:27.0623 4288 bdfm (57a812537b752e2b0409576120183e4f) C:\Windows\system32\DRIVERS\bdfm.sys
2011/07/19 18:55:27.0743 4288 Bdfndisf (7afb43894a9bcea183ebca27d2baa48c) c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys
2011/07/19 18:55:27.0831 4288 bdfsfltr (66116e0a4da8407ff7f2aaace52b8b54) C:\Windows\system32\DRIVERS\bdfsfltr.sys
2011/07/19 18:55:27.0886 4288 Bdftdif (27464666d1048910aeb7777638917c20) C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys
2011/07/19 18:55:28.0045 4288 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/19 18:55:28.0122 4288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/07/19 18:55:28.0157 4288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/07/19 18:55:28.0196 4288 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/07/19 18:55:28.0240 4288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/07/19 18:55:28.0275 4288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/07/19 18:55:28.0316 4288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/07/19 18:55:28.0349 4288 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/07/19 18:55:28.0564 4288 CAXHWAZL (942bd3cb0933febd194b42d4e489c246) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
2011/07/19 18:55:29.0019 4288 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/19 18:55:29.0253 4288 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/19 18:55:29.0392 4288 circlass (f28f00596824058bc61d5edf434c9b82) C:\Windows\system32\drivers\circlass.sys
2011/07/19 18:55:29.0518 4288 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/07/19 18:55:30.0011 4288 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/19 18:55:30.0483 4288 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/07/19 18:55:31.0068 4288 CnxtHdAudService (5c8fd0d456d442d38bb7fd3dd2a524e5) C:\Windows\system32\drivers\CHDRT64.sys
2011/07/19 18:55:31.0237 4288 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/19 18:55:31.0286 4288 crcdisk (b1192dcd5b9cf46beed0e2a9e5bcf59a) C:\Windows\system32\drivers\crcdisk.sys
2011/07/19 18:55:31.0407 4288 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/07/19 18:55:31.0495 4288 DgiVecp (cfbb4907c7542180b5e0282301240006) C:\Windows\system32\Drivers\DgiVecp.sys
2011/07/19 18:55:31.0544 4288 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/07/19 18:55:31.0629 4288 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/07/19 18:55:32.0288 4288 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/19 18:55:32.0483 4288 E1G60 (d57fe09b575545738a73a0c193d0616a) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/07/19 18:55:33.0070 4288 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/07/19 18:55:33.0221 4288 elxstor (3d6298aff3fe06c0616ce5d090a3eeaa) C:\Windows\system32\drivers\elxstor.sys
2011/07/19 18:55:33.0341 4288 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/07/19 18:55:33.0382 4288 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/07/19 18:55:33.0425 4288 fdc (61b6dbd1ad1143f008364d4e9a96b224) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/19 18:55:33.0476 4288 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/07/19 18:55:33.0515 4288 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/07/19 18:55:33.0556 4288 flpydisk (12c3d1b4d0ce49e1ce343ba2f22f15e0) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/19 18:55:33.0601 4288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/07/19 18:55:33.0669 4288 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/19 18:55:33.0704 4288 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/19 18:55:33.0741 4288 gagp30kx (b54520cc7b4b55134d7527b1cd3fc1f2) C:\Windows\system32\drivers\gagp30kx.sys
2011/07/19 18:55:33.0827 4288 HBtnKey (da22d4c228a23ad8410a59599cf5b86a) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/07/19 18:55:33.0881 4288 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/07/19 18:55:33.0989 4288 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/19 18:55:34.0072 4288 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/07/19 18:55:34.0108 4288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/07/19 18:55:34.0160 4288 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/19 18:55:34.0225 4288 HpCISSs (8edc820115df1e04763b2923676ea5b2) C:\Windows\system32\drivers\hpcisss.sys
2011/07/19 18:55:34.0265 4288 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/07/19 18:55:34.0343 4288 HSF_DPV (dda869537ae9ce501954cb7793134d96) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/07/19 18:55:34.0446 4288 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/07/19 18:55:34.0493 4288 i2omp (f2901763845570ecac48e6a50ec50812) C:\Windows\system32\drivers\i2omp.sys
2011/07/19 18:55:34.0549 4288 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/19 18:55:34.0604 4288 iaStorV (72c3ee7ea3cd75a772e62ae0e5df8b8c) C:\Windows\system32\drivers\iastorv.sys
2011/07/19 18:55:34.0872 4288 igfx (96599a03c238e2ff43f9ba192bb2cefb) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/07/19 18:55:35.0197 4288 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/07/19 18:55:35.0263 4288 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/07/19 18:55:35.0318 4288 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/19 18:55:35.0370 4288 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/19 18:55:35.0442 4288 IPMIDRV (eacdbbe429c6d170bdeee0effcbc317b) C:\Windows\system32\drivers\ipmidrv.sys
2011/07/19 18:55:35.0478 4288 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/07/19 18:55:35.0511 4288 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/07/19 18:55:35.0552 4288 isapnp (d3bb520b31f28c1a065cd058e762ee73) C:\Windows\system32\drivers\isapnp.sys
2011/07/19 18:55:35.0597 4288 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/19 18:55:35.0643 4288 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/07/19 18:55:35.0672 4288 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/07/19 18:55:35.0733 4288 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/19 18:55:35.0790 4288 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/19 18:55:35.0845 4288 kl1 (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
2011/07/19 18:55:35.0926 4288 ksaud (0bc501f8889c59e332ba5b3765ceeb30) C:\Windows\system32\drivers\ksaud.sys
2011/07/19 18:55:36.0041 4288 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/19 18:55:36.0096 4288 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/07/19 18:55:36.0189 4288 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/19 18:55:36.0268 4288 LSI_FC (1572f8d999c0ab4376afdce058a78df9) C:\Windows\system32\drivers\lsi_fc.sys
2011/07/19 18:55:36.0309 4288 LSI_SAS (64470979c3e3c9ff60edfb5230c56e0e) C:\Windows\system32\drivers\lsi_sas.sys
2011/07/19 18:55:36.0345 4288 LSI_SCSI (4ced7d3b54bfc5bbae75c4a73c7f7428) C:\Windows\system32\drivers\lsi_scsi.sys
2011/07/19 18:55:36.0382 4288 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/07/19 18:55:36.0434 4288 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/07/19 18:55:36.0470 4288 megasas (2f631c2939d5f2e8958935ee701d70d7) C:\Windows\system32\drivers\megasas.sys
2011/07/19 18:55:36.0512 4288 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/07/19 18:55:36.0551 4288 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/19 18:55:36.0587 4288 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/19 18:55:36.0627 4288 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/19 18:55:36.0656 4288 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/07/19 18:55:36.0696 4288 mpio (ed48eac719ee28db773359eb1b06e2b5) C:\Windows\system32\drivers\mpio.sys
2011/07/19 18:55:36.0740 4288 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/19 18:55:36.0787 4288 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/07/19 18:55:36.0831 4288 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/19 18:55:36.0880 4288 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/19 18:55:36.0920 4288 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/19 18:55:36.0961 4288 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/19 18:55:37.0001 4288 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
2011/07/19 18:55:37.0054 4288 msdsm (96d7c0a1b98434c6e4ff0c2e26a0e20a) C:\Windows\system32\drivers\msdsm.sys
2011/07/19 18:55:37.0164 4288 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/07/19 18:55:37.0211 4288 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/07/19 18:55:37.0264 4288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/19 18:55:37.0298 4288 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/19 18:55:37.0332 4288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/07/19 18:55:37.0401 4288 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/07/19 18:55:37.0435 4288 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/19 18:55:37.0489 4288 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/07/19 18:55:37.0517 4288 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/07/19 18:55:37.0566 4288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/19 18:55:37.0646 4288 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/07/19 18:55:37.0695 4288 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/19 18:55:37.0720 4288 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/19 18:55:37.0762 4288 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/19 18:55:37.0799 4288 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/07/19 18:55:37.0832 4288 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/19 18:55:37.0864 4288 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/19 18:55:37.0958 4288 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/07/19 18:55:38.0025 4288 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/07/19 18:55:38.0089 4288 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/19 18:55:38.0169 4288 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/07/19 18:55:38.0219 4288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/07/19 18:55:38.0264 4288 nvraid (840eeb44dc49317a6161961f7682cd99) C:\Windows\system32\drivers\nvraid.sys
2011/07/19 18:55:38.0304 4288 nvstor (94c5334040a5d500897f4c5fd12aeede) C:\Windows\system32\drivers\nvstor.sys
2011/07/19 18:55:38.0349 4288 nv_agp (aa1b6c86a4763502e20b65c025f39bad) C:\Windows\system32\drivers\nv_agp.sys
2011/07/19 18:55:38.0473 4288 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/07/19 18:55:38.0549 4288 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/07/19 18:55:38.0583 4288 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/07/19 18:55:38.0642 4288 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/07/19 18:55:38.0679 4288 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/07/19 18:55:38.0727 4288 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/07/19 18:55:38.0778 4288 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/07/19 18:55:38.0927 4288 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/19 18:55:38.0966 4288 Processor (6bc78e5f12cbb74e7930aaaa4a0db387) C:\Windows\system32\drivers\processr.sys
2011/07/19 18:55:39.0111 4288 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/19 18:55:39.0166 4288 ql2300 (4a29d25704917161bad9b4659a248dfd) C:\Windows\system32\drivers\ql2300.sys
2011/07/19 18:55:39.0258 4288 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/07/19 18:55:39.0308 4288 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/19 18:55:39.0345 4288 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/19 18:55:39.0392 4288 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/19 18:55:39.0459 4288 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/19 18:55:39.0494 4288 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/19 18:55:39.0550 4288 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/19 18:55:39.0584 4288 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/19 18:55:39.0642 4288 rdpdr (2d98dda8edce73df99854bf3692ccc87) C:\Windows\system32\drivers\rdpdr.sys
2011/07/19 18:55:39.0690 4288 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/19 18:55:39.0758 4288 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/07/19 18:55:39.0859 4288 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/19 18:55:39.0907 4288 RTL8023x64 (c02ff907a2de4f6c6f7e34fbad08660e) C:\Windows\system32\DRIVERS\Rtnic64.sys
2011/07/19 18:55:39.0959 4288 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/07/19 18:55:40.0033 4288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/07/19 18:55:40.0086 4288 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/07/19 18:55:40.0126 4288 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/07/19 18:55:40.0174 4288 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/07/19 18:55:40.0236 4288 sffdisk (541b32f8d6b2dcb92ec43bab267e79ea) C:\Windows\system32\drivers\sffdisk.sys
2011/07/19 18:55:40.0265 4288 sffp_mmc (446e7cca3325c7e0ae0fde7f73cdd9c2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/07/19 18:55:40.0296 4288 sffp_sd (67edc221348911e895af51c57d9a3725) C:\Windows\system32\drivers\sffp_sd.sys
2011/07/19 18:55:40.0330 4288 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/07/19 18:55:40.0379 4288 SiSRaid2 (08dda16573fa44f8b13afe74597ad2e5) C:\Windows\system32\drivers\sisraid2.sys
2011/07/19 18:55:40.0423 4288 SiSRaid4 (c52259e9daaf3890d572d87ffee0979e) C:\Windows\system32\drivers\sisraid4.sys
2011/07/19 18:55:40.0484 4288 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/07/19 18:55:40.0581 4288 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/07/19 18:55:40.0665 4288 sptd (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/07/19 18:55:40.0749 4288 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/07/19 18:55:40.0800 4288 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/19 18:55:40.0835 4288 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/19 18:55:40.0887 4288 SSPORT (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
2011/07/19 18:55:40.0930 4288 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/19 18:55:40.0998 4288 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/07/19 18:55:41.0068 4288 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/07/19 18:55:41.0108 4288 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/07/19 18:55:41.0219 4288 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/07/19 18:55:41.0306 4288 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/19 18:55:41.0350 4288 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/19 18:55:41.0394 4288 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/07/19 18:55:41.0427 4288 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/07/19 18:55:41.0478 4288 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/19 18:55:41.0526 4288 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/19 18:55:41.0783 4288 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/19 18:55:41.0809 4288 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/07/19 18:55:41.0854 4288 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/19 18:55:41.0910 4288 uagp35 (e4722dfbd6232acf17543ef2c2dce8d2) C:\Windows\system32\drivers\uagp35.sys
2011/07/19 18:55:41.0969 4288 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/19 18:55:42.0049 4288 uliagpkx (5663d7696abbe71f8c9d915c5374118a) C:\Windows\system32\drivers\uliagpkx.sys
2011/07/19 18:55:42.0091 4288 uliahci (6030b68e86a30d1b315b51c4d7778b16) C:\Windows\system32\drivers\uliahci.sys
2011/07/19 18:55:42.0144 4288 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/07/19 18:55:42.0203 4288 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/07/19 18:55:42.0285 4288 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/19 18:55:42.0395 4288 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
2011/07/19 18:55:42.0486 4288 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/19 18:55:42.0547 4288 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/07/19 18:55:42.0601 4288 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/19 18:55:42.0712 4288 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/19 18:55:42.0801 4288 usbkey (1e1c64d8ad3d38f4e5b9cfebd723a70e) C:\Windows\system32\DRIVERS\USBKey64.sys
2011/07/19 18:55:42.0855 4288 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/07/19 18:55:42.0907 4288 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/19 18:55:42.0979 4288 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/19 18:55:43.0065 4288 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/19 18:55:43.0126 4288 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/19 18:55:43.0224 4288 vga (2998dc48905e9b4821ad8fd75b3e070c) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/19 18:55:43.0289 4288 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/07/19 18:55:43.0352 4288 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/07/19 18:55:43.0409 4288 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/07/19 18:55:43.0471 4288 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/07/19 18:55:43.0543 4288 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/07/19 18:55:43.0593 4288 vsmraid (410ae2c141142c58bc617fc2c677f8b0) C:\Windows\system32\drivers\vsmraid.sys
2011/07/19 18:55:43.0733 4288 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/07/19 18:55:43.0806 4288 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 18:55:43.0854 4288 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/19 18:55:43.0945 4288 Wd (59b501b0a04c9672142b7ffa2bdbf663) C:\Windows\system32\drivers\wd.sys
2011/07/19 18:55:44.0020 4288 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/19 18:55:44.0224 4288 winachsf (590812dd01a4fe83c6e92fdb701e59a6) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/07/19 18:55:44.0435 4288 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/19 18:55:44.0584 4288 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/07/19 18:55:44.0663 4288 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/19 18:55:44.0796 4288 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/19 18:55:44.0868 4288 XAudio (f22e443518bc599d12888daf292a56d8) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/07/19 18:55:45.0026 4288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/07/19 18:55:45.0060 4288 Boot (0x1200) (ca3311649c64d74ca75abb98e329a0fa) \Device\Harddisk0\DR0\Partition0
2011/07/19 18:55:45.0083 4288 ================================================================================
2011/07/19 18:55:45.0083 4288 Scan finished
2011/07/19 18:55:45.0083 4288 ================================================================================
2011/07/19 18:55:45.0131 6100 Detected object count: 0
2011/07/19 18:55:45.0131 6100 Actual detected object count: 0

Thanks
Gary

#8 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 20 July 2011 - 02:27 AM

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: Posted Image <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#9 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 20 July 2011 - 12:16 PM

Gringo
Here they are.
Thanks
Gary


Windows IP Configuration

Host Name . . . . . . . . . . . . : superDJ
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hsd1.wa.comcast.net.

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : Atheros AR5007 802.11b/g WiFi Adapter
Physical Address. . . . . . . . . : 00-1F-3A-15-C0-03
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6ca6:c455:5a4:b53a%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.101(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, July 19, 2011 1:22:12 PM
Lease Expires . . . . . . . . . . : Tuesday, July 26, 2011 1:35:03 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 218111802
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-99-F4-57-00-40-C0-28-41-20
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC
Physical Address. . . . . . . . . : 00-1B-38-EE-3C-B4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{357275FF-43EC-43E7-A09A-3D9079A83C6C}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.wa.comcast.net.
Description . . . . . . . . . . . : isatap.hsd1.wa.comcast.net.
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 74.125.127.103
74.125.127.105
74.125.127.104
74.125.127.106
74.125.127.99
74.125.127.147

Server: UnKnown
Address: 192.168.0.1

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56



Pinging google.com [74.125.224.146] with 32 bytes of data:

Request timed out.

Reply from 74.125.224.146: bytes=32 time=31ms TTL=50



Ping statistics for 74.125.224.146:

Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),

Approximate round trip times in milli-seconds:

Minimum = 31ms, Maximum = 31ms, Average = 31ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=60ms TTL=50

Reply from 209.191.122.70: bytes=32 time=60ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 60ms, Maximum = 60ms, Average = 60ms

===========================================================================
Interface List
9 ...00 1f 3a 15 c0 03 ...... Atheros AR5007 802.11b/g WiFi Adapter
8 ...00 1b 38 ee 3c b4 ...... Realtek RTL8139/810x Family Fast Ethernet NIC
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{357275FF-43EC-43E7-A09A-3D9079A83C6C}
14 ...00 00 00 00 00 00 00 e0 isatap.hsd1.wa.comcast.net.
10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.101 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.101 281
192.168.0.101 255.255.255.255 On-link 192.168.0.101 281
192.168.0.255 255.255.255.255 On-link 192.168.0.101 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.101 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.101 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
9 281 fe80::/64 On-link
9 281 fe80::6ca6:c455:5a4:b53a/128
On-link
1 306 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 20 July 2011 - 12:49 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS

Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:

      ipconfig /flushdns


Now lets check the router again

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: Posted Image <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#11 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 20 July 2011 - 01:54 PM

Hi Gringo
I have done as you instructed, after resetting the modem it would not let me back on my wireless connection. I am writing from my office comp, which is hardwired and as of yet has no issues, makes sense now that I think about it,,,
So I can get on an unsecured connection. As it is the same signal strength I am thinking it is my system without a password. (I had someone set up my network and I don't know/have the password. Stupid I know)

When I tried to flush the DNS I get the error message
(The requested operation requires elevation)
I am the admin on this comp so,,, what is up?
Thanks
Gary

#12 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 21 July 2011 - 10:31 PM

are you still getting redirected?


gringo
I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

#13 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 21 July 2011 - 11:43 PM

Aside from not getting any more popups, nothing has changed in the browser dept. Now it seems to be affecting IE also as I've been using that because Google has become frustrating. I have noticed if I want to get somewhere instead of clicking on the link I have to copy and paste the URL into the address bar then most of the time it will go where I need to,,,.
Hope you can help!
Thanks
Gary
P.S.
I still can't flush the DNS

#14 User is offline   Agent Starling 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 41
  • Joined: 12-July 11

Posted 22 July 2011 - 02:05 PM

Gringo
I figured out a way around my inability to flush the DNS.
Open the CMD shortcut, right-click and say "run as administrator.
I flushed the DNS and I still have the same problem.
Thanks
Gary

This post has been edited by Agent Starling: 22 July 2011 - 02:06 PM

#15 User is online   gringo_pr 

  • Bleepin Gringo
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Team
  • Posts: 85,518
  • Joined: 03-July 08
  • Gender:Male
  • Location:Puerto rico

Posted 22 July 2011 - 04:55 PM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

  • Please post the contents of OTListIt.txt in your next reply.

I will be online from 5-31 to 6-4 in a very limited amount

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic

Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Share this topic:


  • 4 Pages +
  • 1
  • 2
  • 3
  • Last »
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users