Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected ad windows pop up. What to do?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Irishboy

Irishboy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 29 November 2009 - 11:35 PM

I'm not sure how to fix this but ever time I search in google and click on one of the search results I get taken to a different site. Also sometimes a new tab opens up with ads. I am currently running Avast and Search and Destroy. I have ran Combo Fix and Hijackthis which I will post results for.

System Info
Windows 7 32 bit
Firefox
AMD Phenom II X4 955 Processor 3.21 GHz
4.00 GB Ram





Results from ComboFix


ComboFix 09-11-28.03 - Macnet Server 11/29/2009 17:08.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3319.2514 [GMT -7:00]
Running from: c:\users\Macnet Server\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Macnet Server\AppData\Roaming\inst.exe
c:\windows\system32\sqlite3.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT
-------\Service_RkHit


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-28 00:49 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-28 00:49 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-28 00:49 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-28 00:49 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-28 00:49 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-28 00:49 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-28 00:49 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-11-28 00:37 . 2009-11-28 00:37 -------- d-----w- c:\program files\Trend Micro
2009-11-28 00:12 . 2009-11-27 23:49 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-27 23:51 . 2009-11-28 00:01 -------- d-----w- C:\dvmexp
2009-11-27 23:51 . 2009-11-27 23:51 -------- d--h--w- c:\temp\dvmexp
2009-11-27 23:48 . 2009-11-27 23:48 5908024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-27 23:48 . 2009-11-27 23:48 327000 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-27 23:48 . 2009-11-27 23:48 87496 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-27 23:48 . 2009-11-27 23:48 933120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-27 23:48 . 2009-11-27 23:48 641632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-27 23:48 . 2009-11-27 23:48 816272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-27 23:47 . 2009-11-27 23:48 822904 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-27 23:47 . 2009-11-27 23:47 1638640 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-27 23:47 . 2009-11-27 23:47 788880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-27 23:47 . 2009-11-27 23:47 1184912 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-27 23:45 . 2009-11-27 23:45 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-27 23:45 . 2009-10-03 08:15 2924848 -c--a-w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-27 23:45 . 2009-11-27 23:49 -------- d-----w- c:\programdata\Lavasoft
2009-11-27 23:45 . 2009-11-27 23:45 -------- d-----w- c:\program files\Lavasoft
2009-11-27 23:38 . 2009-11-27 23:51 -------- d-----w- C:\temp
2009-11-27 23:38 . 2009-11-27 23:38 -------- d--h--w- c:\temp\tmpdvmexp
2009-11-27 23:28 . 2009-11-28 00:33 -------- d-----w- c:\users\Macnet Server\AppData\Local\Google
2009-11-26 06:17 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-26 00:52 . 2009-11-26 00:52 -------- d-----w- c:\users\Macnet Server\AppData\Local\{6CDD08D2-4502-44F0-9753-3D5B10261DFE}
2009-11-26 00:50 . 2009-11-26 00:50 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\NASNaviator2
2009-11-26 00:50 . 2009-11-26 00:53 -------- d-----w- c:\program files\BUFFALO
2009-11-25 00:55 . 2009-11-28 04:48 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-25 00:55 . 2009-11-25 00:57 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-24 01:30 . 2009-11-24 01:30 -------- d-----w- c:\program files\CCleaner
2009-11-24 00:57 . 2009-07-28 22:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 00:57 . 2009-11-28 00:35 -------- d-----w- c:\programdata\Avira
2009-11-24 00:30 . 2009-11-24 00:30 -------- d-----w- c:\programdata\XoftSpySE
2009-11-24 00:04 . 2009-11-24 00:04 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\Malwarebytes
2009-11-24 00:04 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-24 00:04 . 2009-11-24 00:04 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-24 00:04 . 2009-11-24 00:04 -------- d-----w- c:\programdata\Malwarebytes
2009-11-24 00:04 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-23 23:26 . 2009-11-23 23:26 -------- d-----w- c:\users\Macnet Server\AppData\Local\Microsoft Games
2009-11-21 04:30 . 2009-11-21 04:30 10134 ----a-r- c:\users\Macnet Server\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-11-21 04:30 . 2009-11-21 04:30 -------- d-----w- c:\program files\Microsoft WSE
2009-11-21 04:30 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-21 04:27 . 2009-11-21 04:27 -------- d-----w- c:\program files\Electronic Arts
2009-11-21 04:15 . 2009-11-21 04:15 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-11-21 04:12 . 2009-11-21 04:12 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 04:12 . 2009-11-21 04:22 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\DAEMON Tools Pro
2009-11-21 03:38 . 2009-11-24 00:01 34 ----a-w- c:\windows\system32\BD7440N.DAT
2009-11-19 05:21 . 2009-11-19 05:24 -------- d-----w- c:\users\Macnet Server\.dvdcss
2009-11-19 03:29 . 2009-11-19 03:30 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\Vso
2009-11-19 03:29 . 2009-11-19 03:29 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-11-19 03:29 . 2009-11-19 03:29 47360 ----a-w- c:\users\Macnet Server\AppData\Roaming\pcouffin.sys
2009-11-19 03:29 . 2009-09-02 23:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-11-19 03:29 . 2009-09-02 23:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-11-19 03:29 . 2009-09-02 23:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-11-19 03:29 . 2009-09-02 23:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-11-19 03:29 . 2009-09-02 23:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-11-19 03:29 . 2009-09-02 23:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-11-19 03:29 . 2009-09-02 23:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-11-19 03:29 . 2009-11-19 03:29 -------- d-----w- c:\program files\VSO
2009-11-19 03:02 . 2009-11-19 03:02 -------- d-----w- c:\program files\Java
2009-11-19 03:00 . 2009-11-19 03:02 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-19 02:58 . 2009-11-19 03:59 4096 d-----w- c:\program files\PS3 Media Server
2009-11-19 02:41 . 2009-11-19 02:41 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\Win7codecs
2009-11-19 02:41 . 2009-11-19 02:41 -------- d-----w- c:\program files\Win7codecs
2009-11-19 02:40 . 2009-11-19 02:41 -------- d-----w- c:\programdata\Win7codecs
2009-11-17 22:59 . 2009-11-17 22:59 -------- d-----w- c:\programdata\ASUS OC Profiles
2009-11-15 23:48 . 2006-12-19 04:09 184320 ----a-w- c:\windows\system32\NmUninst.exe
2009-11-15 23:48 . 2006-12-19 03:52 81408 ----a-w- c:\windows\system32\drivers\NmPar.sys
2009-11-15 23:48 . 2006-12-19 03:52 8192 ----a-w- c:\windows\system32\NmCoInst.dll
2009-11-15 23:48 . 2006-12-19 03:52 35328 ----a-w- c:\windows\system32\pnpports.dll
2009-11-15 23:48 . 2006-12-19 03:50 63488 ----a-w- c:\windows\system32\drivers\NmSerial.sys
2009-11-15 21:00 . 2009-11-16 00:07 -------- d-----r- c:\users\Macnet Server\Virtual Machines
2009-11-15 20:55 . 2009-09-23 01:18 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2009-11-15 20:55 . 2009-09-23 01:19 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2009-11-15 20:55 . 2009-09-23 01:19 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2009-11-15 20:55 . 2009-09-23 01:18 2169856 ----a-w- c:\windows\system32\VPCWizard.exe
2009-11-15 20:55 . 2009-09-23 01:18 1002496 ----a-w- c:\windows\system32\VMWindow.exe
2009-11-15 20:55 . 2009-09-23 01:18 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2009-11-15 20:55 . 2009-09-23 01:18 793600 ----a-w- c:\windows\system32\vmsal.exe
2009-11-15 20:55 . 2009-09-23 01:18 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2009-11-15 20:55 . 2009-09-23 01:18 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2009-11-15 20:55 . 2009-09-23 01:18 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2009-11-15 20:55 . 2009-09-23 01:18 3329536 ----a-w- c:\windows\system32\vpc.exe
2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\Windows XP Mode
2009-11-15 20:51 . 2009-11-21 03:28 -------- d-----w- C:\My Folder
2009-11-15 20:50 . 2009-11-15 20:50 -------- d-----w- c:\program files\uTorrent
2009-11-15 20:50 . 2009-11-19 04:13 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\uTorrent
2009-11-15 20:27 . 2009-11-15 20:27 -------- d-----w- c:\windows\system32\BestPractices
2009-11-15 20:27 . 2009-11-15 20:27 -------- d-----w- C:\inetpub
2009-11-15 02:38 . 2009-11-15 02:38 -------- d-----w- c:\users\Macnet Server\AppData\Local\ElevatedDiagnostics
2009-11-15 02:34 . 2009-11-15 02:34 -------- d-----w- c:\program files\Microsoft.NET
2009-11-15 02:33 . 2009-09-02 22:05 48960 ----a-w- c:\windows\system32\netfxperf.dll
2009-11-15 02:33 . 2009-09-02 22:05 297792 ----a-w- c:\windows\system32\mscoree.dll
2009-11-15 02:33 . 2009-09-02 22:05 1130824 ----a-w- c:\windows\system32\dfshim.dll
2009-11-15 02:33 . 2009-09-02 22:05 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-11-15 02:33 . 2009-09-02 22:05 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2009-11-15 02:29 . 2009-11-15 02:29 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-15 02:28 . 2009-11-15 02:28 -------- d-----w- c:\program files\Microsoft
2009-11-15 02:28 . 2009-11-15 02:28 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-15 02:28 . 2009-11-15 02:29 -------- d-----w- c:\program files\Windows Live
2009-11-15 02:28 . 2009-11-15 02:28 -------- d-----w- c:\windows\PCHEALTH
2009-11-15 02:28 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-15 02:28 . 2009-11-15 02:28 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-15 02:24 . 2009-11-15 02:24 -------- d-----w- c:\program files\Common Files\Windows Live
2009-11-15 02:24 . 2009-11-15 02:24 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-15 02:22 . 2009-11-15 02:22 -------- d-----w- c:\users\Macnet Server\AppData\Local\WindowsUpdate
2009-11-15 02:09 . 2009-11-23 23:14 4096 d-----w- c:\program files\dsslegendCS
2009-11-15 02:03 . 2009-11-15 02:03 -------- d-----w- c:\programdata\McAfee
2009-11-11 02:15 . 2009-11-11 02:15 -------- d-----w- C:\ASUS.000
2009-11-11 02:14 . 2009-11-11 02:21 -------- d-----w- c:\program files\Downloaded Installations
2009-11-11 01:48 . 2009-11-11 01:48 -------- d-----w- c:\programdata\ATI
2009-11-11 01:45 . 2009-11-11 01:45 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-11-11 01:44 . 2009-11-11 01:44 10134 ----a-r- c:\users\Macnet Server\AppData\Roaming\Microsoft\Installer\{2573A5FB-0352-4B85-E948-10FFCDD28731}\ARPPRODUCTICON.exe
2009-11-11 01:43 . 2009-11-11 01:43 -------- d-----w- C:\ATI
2009-11-11 01:37 . 2009-11-11 01:37 -------- d-----w- c:\programdata\FLEXnet
2009-11-11 01:36 . 2009-11-26 01:04 -------- d-----w- c:\users\Macnet Server\AppData\Local\Adobe
2009-11-11 01:34 . 2009-11-26 01:04 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-11 01:06 . 2009-11-21 04:09 -------- d-----w- c:\users\Macnet Server\AppData\Local\Deployment
2009-11-11 01:06 . 2009-11-11 01:06 -------- d-----w- c:\users\Macnet Server\AppData\Local\Apps
2009-11-11 01:03 . 2009-11-11 01:03 -------- d-----w- c:\users\Macnet Server\AppData\Roaming\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-15 20:57 . 2009-11-15 20:57 -------- d-----w- c:\program files\Windows Virtual PC
2009-11-10 00:24 . 2009-11-10 00:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2009-10-07 12:31 . 2009-10-07 12:31 17744 ----a-w- c:\windows\system32\aspnet_counters.dll
2009-10-07 09:44 . 2009-10-07 09:44 767312 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2009-10-02 04:06 . 2009-11-10 23:42 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-30 14:33 . 2009-09-30 14:33 104976 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys
2009-09-24 07:46 . 2009-09-24 07:46 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-09-23 23:00 . 2009-09-23 23:00 5161472 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2009-09-23 22:28 . 2009-09-23 22:28 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:28 . 2009-09-23 22:28 360448 ----a-w- c:\windows\system32\atieclxx.exe
2009-09-23 22:27 . 2009-09-23 22:27 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-09-23 22:26 . 2009-09-23 22:26 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-09-23 22:26 . 2009-09-23 22:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:25 . 2009-09-23 22:25 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:25 . 2009-09-23 22:25 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-09-23 22:25 . 2009-09-23 22:25 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:22 . 2009-07-13 22:09 3009536 ----a-w- c:\windows\system32\atidxx32.dll
2009-09-23 22:06 . 2009-08-18 09:20 3593216 ----a-w- c:\windows\system32\atiumdag.dll
2009-09-23 21:55 . 2009-09-23 21:55 12603904 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:48 . 2009-08-18 09:05 2849792 ----a-w- c:\windows\system32\atiumdva.dll
2009-09-23 21:36 . 2009-09-23 21:36 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2009-09-23 21:36 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:36 . 2009-09-23 21:36 204800 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:33 . 2009-09-23 21:33 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:33 . 2009-09-23 21:33 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:32 . 2009-09-23 21:32 3502080 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:21 . 2009-09-23 21:21 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 12:55 . 2009-11-27 23:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-07 10:13 . 2009-09-07 10:13 69382 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-09-03 07:04 . 2009-11-10 23:42 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun" [X]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-05-25 5391872]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-19 149280]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\users\Macnet Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - c:\program files\BUFFALO\NASNAVI\NasNavi.exe [2009-4-14 1553800]
NAS Scheduler.lnk - c:\program files\BUFFALO\NASNAVI\nassche.exe [2009-11-25 206128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [11/27/2009 4:49 PM 64288]
R1 AsUpIO;AsUpIO;c:\windows\System32\drivers\AsUpIO.sys [11/10/2009 5:25 PM 11448]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/27/2009 5:49 PM 114768]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [9/23/2009 3:27 PM 172032]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/27/2009 5:49 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/27/2009 5:49 PM 53328]
R2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [4/10/2009 6:29 PM 294912]
R2 NasPmService;NAS PM Service;c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 --> c:\program files\BUFFALO\NASNAVI\nassvc.exe -Service_Execute -dcyc=60 -dto=3 -dluc=0 -dmin=1 -dmax=60 -dflc=0 -apc=0 -log=0 -pm=1 -pall=1 -phttp=0 -pbc=0 -ppro=0 -pcyc=0 -pmin=1 -pmax=60 -pflc=0 [?]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/24/2009 5:55 PM 1153368]
R3 NmPar;MosChip PCI Parallel Port;c:\windows\System32\drivers\NmPar.sys [11/15/2009 4:48 PM 81408]
R3 nmserial;MosChip PCI Serial Port;c:\windows\System32\drivers\NmSerial.sys [11/15/2009 4:48 PM 63488]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [11/10/2009 5:28 PM 90112]
S2 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [10/7/2009 2:44 AM 129856]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 4:17 AM 1184912]
S2 PS3 Media Server;PS3 Media Server;c:\program files\PS3 Media Server\win32\service\wrapper.exe [8/17/2008 1:40 AM 217088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.21006\WPF\WPFFontCache_v0400.exe [10/7/2009 2:44 AM 752984]
S4 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [4/22/2009 12:01 PM 124256]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 23:48]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Macnet Server\AppData\Roaming\Mozilla\Firefox\Profiles\cfzub4yp.default\
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Launch PC Probe II - (no file)
AddRemove-Ad-Aware - c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\taskhost.exe
c:\program files\BUFFALO\NASNAVI\nassvc.exe
c:\program files\ASUS\AASP\1.00.95\aaCenter.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\sppsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\java.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Completion time: 2009-11-29 17:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 00:17

Pre-Run: 1,945,511,849,984 bytes free
Post-Run: 1,945,229,651,968 bytes free

- - End Of File - - 0E2E1217C1C2B64BC515416449C57C09


Results From Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:26:59 PM, on 11/30/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\AASP\1.00.95\aaCenter.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\BUFFALO\NASNAVI\nassche.exe
C:\Windows\Explorer.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: NAS Scheduler.lnk = C:\Program Files\BUFFALO\NASNAVI\nassche.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM - C:\ASUS.SYS\config\DVMExportService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NAS PM Service (NasPmService) - BUFFALO INC. - C:\Program Files\BUFFALO\NASNAVI\nassvc.exe
O23 - Service: PS3 Media Server - Unknown owner - C:\Program Files\PS3 Media Server\win32\service\wrapper.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4520 bytes

Moving from AII to HJT. ~ OB

Edited by Orange Blossom, 29 November 2009 - 11:36 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:28 PM

Posted 12 December 2009 - 01:40 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:28 PM

Posted 17 December 2009 - 06:07 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users