Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links Redirecting


  • This topic is locked This topic is locked
10 replies to this topic

#1 Drunkenseer

Drunkenseer

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 29 October 2009 - 11:01 AM

my antivirus found a few trojans on my machine and has since quarantined the files. However now whenever I search on google about 50-75% of the links redirect to advertisement sites. Any help will be greatly appreciated.
-----------------------------
DDS Report
-----------------------------

DDS (Ver_09-10-26.01) - NTFSx86
Run by Chris at 15:49:18.75 on 29/10/2009
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.2814.1355 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\AUDIODG.EXE
C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Skype\Plugins\Plugins\9E0D937F462E4362A83B254A9F8AB3F8\InnerPassFileSharing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\BitLord\BitLord.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\consent.exe
C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03M5VGTN\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Innerpass] c:\programdata\skype\plugins\plugins\9e0d937f462e4362a83b254a9f8ab3f8\InnerPassFileSharing.exe autostart
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SignIn] "c:\program files\microsoft online services\sign in\SignIn.exe" /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: livemeeting.com\www502
Trusted Zone: microsoftonline.com\3connectcouk-3.sharepoint.emea
Trusted Zone: microsoftonline.com\3connectcouk-5.sharepoint.emea
Trusted Zone: microsoftonline.com\3connectcouk-6.sharepoint.emea
Trusted Zone: microsoftonline.com\home.emea
Trusted Zone: uk.com\www.intoportal
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\innerpass\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\gd7grzjy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ;c:\windows\system32\drivers\nvmf6232.sys [2009-7-1 287392]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-17 166912]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-29 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-9-9 55176]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2009-10-29 15:20:03 0 d-----w- c:\program files\Trend Micro
2009-10-29 12:35:27 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-29 12:35:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 08:53:12 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-10-29 08:53:09 0 d-----w- c:\windows\system32\QuickTime
2009-10-29 08:52:54 0 d-----w- c:\programdata\TechSmith
2009-10-29 08:52:36 0 d-----w- c:\program files\common files\TechSmith Shared
2009-10-28 17:28:13 0 d-----w- c:\users\chris\Tracing
2009-10-28 17:27:44 81736 ----a-w- c:\windows\system32\lmdimon8.dll
2009-10-28 17:26:07 0 d-----w- c:\programdata\Applications
2009-10-28 15:10:48 883 ----a-w- c:\users\chris\.recently-used.xbel
2009-10-28 14:57:40 0 d-----w- c:\users\chris\.thumbnails
2009-10-28 14:52:27 0 d-----w- c:\users\chris\.gimp-2.6
2009-10-28 14:51:34 0 d-----w- c:\program files\GIMP-2.0
2009-10-27 12:59:20 0 d-----w- c:\program files\Paint.NET
2009-10-26 11:32:19 0 d-----w- c:\users\chris\appdata\roaming\mioObjects
2009-10-26 11:26:45 134076 ----a-w- c:\windows\ColorPic Uninstaller.exe
2009-10-26 11:26:42 0 d-----w- c:\program files\ColorPic 4.1
2009-10-23 20:32:44 0 d-----w- C:\ftp_files
2009-10-23 09:00:03 0 d-----w- c:\program files\common files\Innerpass
2009-10-23 08:59:51 143360 ----a-w- c:\windows\system32\unzip32.dll
2009-10-21 22:29:36 0 d-----w- c:\programdata\FLEXnet
2009-10-21 22:11:46 0 d-----w- c:\program files\common files\Macrovision Shared
2009-10-20 21:35:32 0 d-----w- c:\programdata\MySQL
2009-10-20 21:33:36 0 d-----w- c:\program files\PHP
2009-10-20 21:26:54 0 d-----w- c:\program files\MySQL
2009-10-20 21:24:41 0 d-----w- c:\program files\Microsoft ASP.NET
2009-10-20 21:23:21 0 d-----w- c:\program files\IIS
2009-10-20 21:14:51 0 d-----w- c:\program files\Microsoft Web Designer Tools
2009-10-20 20:57:30 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2009-10-20 20:56:46 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2009-10-20 20:54:30 0 d-----w- c:\windows\system32\RsFx
2009-10-20 20:51:21 0 d-----w- c:\windows\system32\1033
2009-10-20 20:46:22 0 d-----w- c:\program files\Microsoft SQL Server
2009-10-20 20:29:55 0 d-----w- c:\windows\system32\BestPractices
2009-10-20 20:29:52 0 d-----w- C:\inetpub
2009-10-20 20:24:15 0 d-----w- c:\program files\Microsoft
2009-10-19 12:45:29 39 ----a-w- c:\windows\vbaddin.ini
2009-10-19 12:42:18 162 ----a-w- c:\windows\ODBC.INI
2009-10-19 12:26:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-19 07:35:22 0 d-----w- c:\programdata\Adobe
2009-10-19 07:29:49 0 d-----w- c:\programdata\LightScribe
2009-10-18 20:25:52 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-10-18 20:13:42 0 d-----r- c:\program files\Skype
2009-10-18 19:48:52 0 d-----w- c:\programdata\Skype
2009-10-18 17:12:39 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-18 17:12:39 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-10-18 17:12:37 71168 ----a-w- c:\windows\system32\fontsub.dll
2009-10-18 17:12:37 507568 ----a-w- c:\windows\system32\winload.exe
2009-10-18 17:12:37 2613248 ----a-w- c:\windows\explorer.exe
2009-10-18 17:12:36 442920 ----a-w- c:\windows\system32\winresume.exe
2009-10-18 17:12:36 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-10-18 17:12:36 108544 ----a-w- c:\windows\system32\t2embed.dll
2009-10-18 17:12:35 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-18 15:27:22 0 d-----w- c:\program files\Microsoft Online Services
2009-10-18 13:33:09 257024 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-18 11:33:54 34816 ----a-w- c:\windows\system32\msasn1.dll
2009-10-17 19:24:55 886398 ----a-w- c:\windows\system32\PerfStringBackup.INI
2009-10-17 19:24:44 0 d-----w- c:\windows\system32\wbem\Performance
2009-10-17 18:29:26 0 d-----w- c:\windows\Panther
2009-10-17 18:19:29 0 d-----w- C:\Windows.old
2009-10-17 17:33:16 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-17 15:31:46 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-10-17 15:22:59 0 d-----w- c:\windows\PCHEALTH
2009-10-17 15:17:42 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-10-17 15:15:10 0 d-----w- c:\programdata\Microsoft Help
2009-10-17 15:00:43 0 d-----w- c:\programdata\WinZip
2009-10-17 14:25:10 0 d-----w- c:\users\chris\appdata\roaming\ESET
2009-10-17 14:23:49 0 d-----w- c:\programdata\ESET
2009-10-17 14:23:49 0 d-----w- c:\program files\ESET
2009-10-17 13:41:48 0 d-----w- c:\program files\VideoLAN
2009-10-17 13:01:49 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-10-17 12:26:02 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-10-17 12:26:02 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-17 12:25:39 0 d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-17 12:25:39 0 d-----w- c:\program files\iTunes
2009-10-17 12:25:39 0 d-----w- c:\program files\iPod
2009-10-17 12:24:42 0 d-----w- c:\program files\Bonjour
2009-10-17 12:24:17 0 d-----w- c:\programdata\Apple Computer
2009-10-17 12:23:39 0 d-----w- c:\programdata\Apple
2009-10-17 12:13:41 0 d-----w- c:\programdata\NVIDIA
2009-10-17 12:02:33 0 d-----w- c:\program files\BitLord
2009-10-17 11:59:15 0 d-----w- c:\program files\NVIDIA Corporation
2009-10-17 11:58:48 705536 ----a-w- c:\windows\system32\cohelper.dll
2009-10-17 11:58:48 6136 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-10-17 11:57:24 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-10-17 11:55:20 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-17 11:54:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2009-10-17 11:54:45 0 d-----w- c:\program files\Synaptics
2009-10-17 11:53:43 0 d-----w- c:\program files\NetWaiting
2009-10-17 11:50:45 0 d-sh--w- c:\windows\Installer
2009-10-17 11:50:41 0 d-----w- c:\windows\system32\sda
2009-10-17 11:49:06 7360512 ----a-w- c:\windows\system32\RTSUSTORicon.dll
2009-10-17 11:49:06 266240 ----a-w- c:\windows\system32\RtsUStor.dll
2009-10-17 11:49:06 166912 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2009-10-17 11:49:05 0 d-----w- c:\program files\Realtek
2009-10-17 11:47:07 0 d-----w- c:\program files\CONEXANT
2009-10-17 11:33:53 0 d-sh--w- C:\Recovery
2009-10-17 09:16:46 8192 --sha-r- C:\BOOTSECT.BAK
2009-10-09 01:37:44 1096704 ----a-w- c:\windows\system32\drivers\athr.sys
2009-10-05 09:59:02 0 d-----w- C:\Brink PC

==================== Find3M ====================

2009-09-11 06:26:26 38240 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2009-09-11 06:26:20 135048 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-09-11 06:23:50 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-09-11 06:17:16 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-08-28 18:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-21 19:23:46 57344 ----a-w- c:\windows\system32\nvapo32v.dll
2009-08-21 19:23:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
2009-08-20 18:18:10 155648 ----a-w- c:\windows\system32\nvcohda.dll
2009-08-20 18:18:02 485920 ----a-w- c:\windows\system32\nvuhda.exe
2009-08-17 22:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 15:51:34.84 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:42 PM

Posted 02 November 2009 - 11:32 AM

Hi Drunkenseer,

Were you able to run RootRepeal (step 7 in preparation tutorial >here)?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Drunkenseer

Drunkenseer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 03 November 2009 - 03:44 AM

Hi Blade,

Unfortunately not it errors whenever I try to run it (even as administrator)

The attached shows the error message.

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:42 PM

Posted 03 November 2009 - 05:19 AM

Please start RootRepeal, and, before doing anything else, try changing the "Disk Access Level" in the Settings->Options dialog. Try moving it to the "Special" or "High" level. Also, click on the Files tab, and uncheck "Use lowest level for MBR check". Please let me know if this fixes the problem.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 Drunkenseer

Drunkenseer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 03 November 2009 - 05:51 AM

Sorry Blade its a no go.

changed the settings and clicked scan and the attached is the log report.


I forogt to mention previously that I am on Windows 7, would that cause an issue?

Attached Files



#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:42 PM

Posted 03 November 2009 - 11:35 AM

Yep, Rootrepeal doesn't support win7 yet.

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • Please post contents of that file & fresh dds log in your next reply.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Drunkenseer

Drunkenseer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 04 November 2009 - 04:39 AM

Woo-Hoo!

Seems to have worked! can now actually use google again.

DDS log is attached.

Attached Files

  • Attached File  DDS.txt   17.23KB   0 downloads


#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:42 PM

Posted 04 November 2009 - 04:48 AM

May I see MBAM report too, please? :(

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 Drunkenseer

Drunkenseer
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:42 AM

Posted 04 November 2009 - 05:05 AM

erm.... I may have forgotten to save the log of the scan!

would a new scan suffice?

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:42 PM

Posted 04 November 2009 - 09:46 AM

Hi,

See if you're able to find the log in this folder:
%userprofile%\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:12:42 PM

Posted 11 November 2009 - 09:35 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users