Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware and google re-directing virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 angl0fredmption

angl0fredmption

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 20 May 2010 - 11:51 AM

To whom it may concern,
My computer was recently affected by a google-redirecting virus. I'll click on a google link and searchingpleasewait will come up in my address bar and it will say redirecting. When I looked at the bottom of the screen, it says "waiting for coolerfox.com", and I knew it was a virus. I think I also have spyware on my computer as well. When I click on my computer, sometimes I'll see an extra hard drive with the letter "Q" and I've never remembered seeing it before. When I restart my computer, it is gone. Those are all the problems I'm having right now. I went through the malware virus instructions at the beginning of the forum, and saw that I was supposed to run gmer on my computer. I have windows 7, and I think there are some compatibility issues with gmer. I tried running it, and it stops running and my computer will completely restart. It did it about six times. I'm sorry that I don't have a gmer file, but I do have the other ones. Thanks- Your help is very much appreciated!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Freddie at 13:19:28.66 on Wed 05/19/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2812.1388 [GMT -4:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\system32\spool\DRIVERS\W32X86\3\lxdqserv.exe
C:\windows\system32\lxdqcoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Lexmark Z2400 Series\lxdqMsdMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Freddie\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
c:\Program Files\Zune\ZuneNss.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskhost.exe
C:\Users\Freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Freddie\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
Q:\140062.enu\OFFICE14\OUTLOOK.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchHost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Users\Freddie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y14OBHL4\Defogger[1].exe
C:\windows\system32\conhost.exe
C:\windows\system32\msiexec.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Freddie\Desktop\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [MyTOSHIBA] "c:\program files\toshiba\my toshiba\MyToshiba.exe" /AUTO
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Google Update] "c:\users\freddie\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
mRun: [lxdqamon] "c:\program files\lexmark z2400 series\lxdqamon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRunOnce: [{91120000-002E-0000-0000-0000000FF1CE}] c:\windows\system32\cmd.exe /c del "c:\programdata\microsoft help\Rgstrtn.lck" /Q /A:H
dRunOnce: [{90120000-0019-0409-0000-0000000FF1CE}] c:\windows\system32\cmd.exe /c del "c:\programdata\microsoft help\Rgstrtn.lck" /Q /A:H
StartupFolder: c:\users\freddie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\freddie\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~2.lnk - c:\program files\common files\microsoft shared\virtualization handler\CVH.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: ActiveGS.cab - hxxp://activegs.freetoolsassociation.com/ActiveGS.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Virtual%20Villagers%20-%20The%20Secret%20City/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Virtual%20Villagers%20-%20The%20Secret%20City/Images/armhelper.ocx
DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} - hxxps://domino5.ncat.edu/dwa7W.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - c:\program files\toshiba\my toshiba\MyToshiba.exe /SETUP

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-4 214664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-10-15 176128]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-8-10 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
R2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2009-4-28 94208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-12-23 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-12-10 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-12-10 144704]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-8-11 185712]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-10-15 7680]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-12-10 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-12-10 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-12-10 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-12-10 40552]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-10-15 187392]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-10-15 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-8-6 685424]
RUnknown SASKUTIL;SASKUTIL; [x]
S?2 taisregispinger;taisregispinger;c:\program files\toshiba\toshibaregistration\TaisRegistPinger.exe [2009-9-2 210304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-30 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-12-10 34248]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-10-15 171520]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

=============== Created Last 30 ================

2010-05-19 17:14:03 0 ----a-w- c:\users\freddie\defogger_reenable
2010-05-19 08:26:56 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-19 08:26:44 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-16 20:34:42 0 d-----w- c:\program files\ConvertHelper
2010-05-11 20:53:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-06 14:23:26 0 d-----w- c:\programdata\DivX
2010-05-04 15:16:45 0 d-----w- c:\program files\iPod
2010-05-04 15:16:44 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-04 15:16:44 0 d-----w- c:\program files\iTunes
2010-05-04 15:10:07 0 d-----w- c:\program files\Bonjour
2010-04-27 22:06:49 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 22:06:46 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 22:06:46 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-04-22 04:20:26 0 d-----w- c:\program files\Sony
2010-04-22 04:20:23 0 d-----w- c:\program files\StarWarsGalaxies
2010-04-20 06:23:34 0 d-----w- c:\users\freddie\appdata\roaming\Composer
2010-04-20 06:23:32 0 ----a-w- c:\users\freddie\net_rim_plazmic_flint_dispatcherservice0.0.log.lck
2010-04-20 06:10:35 13791744 ----a-w- c:\users\freddie\BlackBerry_USB_and_Modem_Drivers_ENG.msi
2010-04-20 06:10:23 225280 ----a-w- c:\windows\system32\net_rim_plazmic_flint_dialog.dll
2010-04-20 06:09:08 0 d--h--w- c:\program files\Zero G Registry
2010-04-20 06:09:00 0 d--h--w- c:\users\freddie\InstallAnywhere

==================== Find3M ====================

2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-08 21:33:56 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 19:27:36 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27:16 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27:16 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27:16 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27:16 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-02 01:52:53 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-01-23 08:42:12 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-06 06:05:06 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 13:19:56.68 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:06 AM

Posted 22 May 2010 - 11:26 AM

Hi,

Could you try to run GMER by having nothing but sections option checked, please?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 angl0fredmption

angl0fredmption
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:06 AM

Posted 22 May 2010 - 02:32 PM

Blade,

Thanks for the immediate response. I found the problem. The issue was in my hosts file. The problem has been resolved.

Thanks

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:06 AM

Posted 22 May 2010 - 04:02 PM

Ok. Thanks for letting us know.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users