Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirect and Windows Unable To Install New Updates


  • This topic is locked This topic is locked
4 replies to this topic

#1 psycoma

psycoma

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 14 April 2010 - 10:51 AM

Yep, another thread/request involving that fricken. I clicked on an image in google and my java crashed, then Mcafee went nutty, quarantining and/or removing several PUPs and Trojans, chiefly among them, Spam-Waka and Downloader-CDN. I've scanned with everything from Mcafee to Malware Bytes to Hitman Pro 3.5 all to no avail. I even purchased Registry Mechanic from PC Tools hoping that would work but thus far, no luck. Googling some of the file names in system32 that I wanted more information on yielded many results from your website and I saw one thread that was an exact duplicate of the issue(s) I'm having. Hopefully I've done the right prep and am pasting the right logs/info and hopefully you all can help me.


DDS Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by Kathy at 9:41:21.55 on Wed 04/14/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2942.1622 [GMT -5:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\lpremove.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Kathy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/home.php?ref=home#/home.php?ref=home
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=FX7020
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [OM_Monitor] c:\program files\olympus\olympus master\Monitor.exe -NoStart
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OM_Monitor] c:\program files\olympus\olympus master\FirstStart.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TexTally] "c:\program files\nch software\textally\textally.exe" -logon
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://games.pogo.com/online2/pogo/bejeweled2/popcaploader_v6.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

================= FIREFOX ===================

FF - ProfilePath - c:\users\kathy\appdata\roaming\mozilla\firefox\profiles\prht3t53.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo!
FF - prefs.js: browser.startup.homepage - hxxp://theblackorder.arcofdescent.org/forum/
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\users\kathy\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\kathy\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-14 217032]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-3-16 214664]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-14 112592]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-8-29 359952]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-4-13 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-4-14 1153368]
R3 AVer88xHD;AVerMedia 23888 AvStream Video Capture;c:\windows\system32\drivers\AVer88xHD.sys [2008-1-7 401408]
R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [2008-3-16 36224]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-3-16 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-3-16 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-3-16 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-3-16 40552]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-14 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-14 1142224]

=============== Created Last 30 ================

2010-04-14 14:19:51 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2010-04-14 14:18:47 67291088 ----a-w- C:\kav2010_9.0.0.736en.exe
2010-04-14 08:11:48 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-14 08:11:31 0 d-----w- c:\programdata\Hitman Pro
2010-04-14 08:10:07 0 d-----w- c:\program files\Hitman Pro 3.5
2010-04-14 08:09:45 5650240 ----a-w- C:\HitmanPro35.exe
2010-04-14 07:53:56 767952 ----a-w- c:\windows\BDTSupport.dll
2010-04-14 07:53:55 882 ----a-w- c:\windows\RegSDImport.xml
2010-04-14 07:53:55 879 ----a-w- c:\windows\RegISSImport.xml
2010-04-14 07:53:55 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-04-14 07:53:55 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-04-14 07:53:55 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-04-14 07:53:55 131 ----a-w- c:\windows\IDB.zip
2010-04-14 07:53:55 1152444 ----a-w- c:\windows\UDB.zip
2010-04-14 07:51:46 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-14 07:51:46 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-14 07:51:46 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-04-14 07:51:41 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-14 07:51:41 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-14 07:51:41 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-14 07:51:41 217032 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-14 07:50:14 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-14 07:50:14 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-14 07:50:09 0 d-----w- c:\users\kathy\appdata\roaming\PC Tools
2010-04-14 07:50:09 0 d-----w- c:\programdata\PC Tools
2010-04-14 07:50:09 0 d-----w- c:\program files\Spyware Doctor
2010-04-14 07:49:37 36590872 ----a-w- C:\sdsetup.exe
2010-04-14 06:05:24 0 d-----w- C:\avvepo5950dat
2010-04-14 06:04:21 69692897 ----a-w- C:\avvepo5950dat.zip
2010-04-14 06:00:03 66735953 ----a-w- C:\sdat5950.exe
2010-04-14 05:01:35 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-14 05:01:35 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-14 05:00:23 16409960 ----a-w- C:\spybotsd162.exe
2010-04-14 04:45:43 2934503 ----a-w- C:\5950xdat.exe
2010-04-14 01:00:03 532480 ----a-w- C:\cwshredder.exe
2010-04-13 21:38:20 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2010-04-13 21:38:20 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2010-04-13 21:38:20 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2010-04-13 21:38:19 506368 ----a-w- c:\windows\system32\msxml.dll
2010-04-13 21:38:18 0 d-----w- c:\program files\common files\PC Tools
2010-04-13 21:36:58 10239072 ----a-w- C:\rminstall.exe
2010-04-13 07:07:09 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-04-08 20:08:06 0 d-----w- c:\users\kathy\appdata\roaming\Anabel
2010-03-27 00:04:56 757 ---ha-w- C:\IPH.PH
2010-03-27 00:04:54 0 d--h--w- C:\TEMP
2010-03-24 19:44:25 0 d-----w- c:\users\kathy\appdata\roaming\BloodTies
2010-03-24 13:29:09 0 d-----w- c:\users\kathy\appdata\roaming\TheScruffs
2010-03-24 13:28:54 0 d-sh--w- c:\windows\ftpcache
2010-03-23 21:19:14 0 d-----w- c:\users\kathy\appdata\roaming\Go-Go Gourmet Chef of the Year
2010-03-23 04:10:02 0 d-----w- c:\users\kathy\appdata\roaming\Playrix Entertainment
2010-03-22 05:57:32 0 d-----w- c:\users\kathy\appdata\roaming\Gamers Digital
2010-03-22 05:57:32 0 d-----w- c:\programdata\Gamers Digital
2010-03-20 17:51:21 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-20 17:51:20 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-20 17:51:19 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-20 17:44:46 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-03-20 17:44:46 101888 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-19 15:52:26 0 d-----w- c:\users\kathy\appdata\roaming\Flood Light Games
2010-03-19 15:52:26 0 d-----w- c:\programdata\Flood Light Games
2010-03-18 18:16:54 14998 ----a-w- C:\December 2009.xlsx
2010-03-18 17:09:50 0 d-----w- c:\programdata\Gogii
2010-03-17 23:46:34 0 d-----w- c:\users\kathy\appdata\roaming\Virtual Prophecy
2010-03-17 22:32:41 4096 ----a-w- c:\windows\d3dx.dat
2010-03-17 22:28:33 0 d-----w- C:\newpogo games
2010-03-17 21:26:38 0 d-----w- c:\programdata\Yahoo!

==================== Find3M ====================

2010-04-14 14:27:36 52735 ----a-w- c:\programdata\nvModes.dat
2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-03 04:33:12 5115824 ----a-w- C:\mbam-setup.exe
2010-01-27 22:43:06 1418800 ----a-w- C:\EfxInstM.exe
2010-01-25 12:58:44 473088 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:58:44 154624 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:58:44 154112 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:58:29 472576 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:56:33 312320 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:36:22 435712 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-25 08:36:19 515584 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:36:05 431104 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:58 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-23 08:05:07 2048 ----a-w- c:\windows\system32\tzres.dll
2009-12-22 16:41:06 86016 ----a-w- c:\windows\inf\infstrng.dat
2009-12-22 16:41:06 86016 ----a-w- c:\windows\inf\infstor.dat
2009-12-22 16:41:06 51200 ----a-w- c:\windows\inf\infpub.dat
2009-03-29 00:14:43 9914224 ----a-w- c:\program files\winamp5551_full_emusic-7plus_en-us.exe
2009-02-14 21:05:39 174 --sha-w- c:\program files\desktop.ini
2009-02-14 20:59:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-02-14 19:03:52 44232524 ----a-w- c:\program files\FlipVideoUpdater.exe
2009-02-14 18:45:06 4732800 ----a-w- c:\program files\FlipVideoFWUpdate.exe
2009-02-14 17:26:24 84663688 ----a-w- c:\program files\Setup_FlipShare.exe
2008-09-17 00:10:35 2310246 ----a-w- c:\program files\bushleave.bmp
2008-09-14 21:39:22 1225664 ----a-w- c:\program files\WotLK-Beta-3.0.1-enUS-downloader.exe
2008-04-29 01:03:00 965240 ----a-w- c:\program files\WoW-2.4.1.8125-to-0.4.2.8209-enUS-downloader.exe
2008-04-15 14:36:54 36645913 ----a-w- c:\program files\Second_Life_1-19-1-4_Setup.exe
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-11-03 03:17:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-11-03 03:17:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-11-03 03:17:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-11-03 03:17:35 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 9:42:09.58 ===============


Help me, OB1...you're my only hope!

Attached Files


Edited by psycoma, 14 April 2010 - 11:49 AM.


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 PM

Posted 15 April 2010 - 08:16 PM


Hello psycoma smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.



Please run RKill right before running ComboFix. I won't need any log RKill produces just the one from ComboFix.



RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.





Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.


When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.






Note: Please post the log in the reply window and do not make it an attachment. Do this with all subsequent replies unless I ask otherwise.







Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 psycoma

psycoma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 16 April 2010 - 01:45 AM

Hi, sorry for not getting back to you before now about this but I just got my system up and running, got all my updates installed and got back online.

While I was at work yesterday my husband attempted to do a restore of the system. He was unaware that I'd come here seeking help. When he did that, he updated our antivirus to Norton as comcast no longer supports Mcafee and it was absent from our computer anyway. When he did this, the online tech had him download vista SP1 as it was not yet installed on my system.

After the first in the series of restarts involved in installing the SP, the computer decided it liked being off better than it liked being on and refused to restart. Gateway's system recovery stepped in, backed up my files and restored the computer to its fresh out of box factory settings. I copied the files that I wanted copied (namely pictures of my daughter), had ownership and priviledges of the Gateway created backup folder transfered to me and deleted said folder.

That seems to have cleared up my infection. Imagine that....wiping my system actually managed to clean it >.>

For anyone else having an issue with this particular infection, I can tell you that for me, nothing worked. So if the folks here tell you to do something, I'd strongly recommend that you follow their instructions. Unless that is you don't mind having a significantly slimmer used disk space >.>

Thanks again to all here who tried to (or were in the process of trying to) help me. You can close this topic and move onto the next request. smashcomp.gif

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 PM

Posted 16 April 2010 - 10:40 AM

I'm glad to hear you got your issue resolved. These infections are getting harder to deal with as time goes by because the bad guys can also see what we are doing and thus they try to thwart us at every move. New versions of some viruses are often released several times a day so a fix someone sees for a problem like their own may or may not work when applied to their computer.


I appreciate you letting me know and good luck to you in the future. smile.gif


If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:03:07 PM

Posted 17 April 2010 - 12:04 AM

Since this issue appears to be resolved ... this Topic has been closed.

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users