Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search Engine Redirecting


  • This topic is locked This topic is locked
10 replies to this topic

#1 lemmegetatthat

lemmegetatthat

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 29 June 2010 - 10:33 PM

Seems like a popular topic these days, my google searches are being redirected to other sites. I ran AVG and Malwarebytes but the problems still exists. I think they might have slowed the problem down because now the redirected sites wont fully load and leaves me with a blank screen loading. Also, when i try to go to certain sites, for example, diddybeats.com, i see the site gostats.com being loaded, and this too doesn't fully load. I dont know what to do, unfortunately my AVG was not on during the time i got infected.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Mike at 23:11:47.16 on Tue 06/29/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_16
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3263.2154 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\PayPal\PayPal Plug-In\RBroker.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Mike\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Mike\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\8011.lnk - c:\users\mike\appdata\local\temp\mvNat.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\users\mike\appdata\roaming\micros~1\windows\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ireboo~1.lnk - c:\program files\neosmart technologies\ireboot\iReboot.exe
uPolicies-explorer: NoStartMenuMyMusic = 0 (0x0)
uPolicies-explorer: NoUserFolderInStartMenu = 0 (0x0)
uPolicies-explorer: NoStartMenuMyGames = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\bulk image downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\bulk image downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\bulk image downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\bulk image downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\bulk image downloader\iemenu\iebidlinkexplorer.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: acaptuser32.dll,avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\users\mike\appdata\roaming\mozilla\firefox\profiles\em8i4cfq.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
FF - component: c:\users\mike\appdata\roaming\mozilla\firefox\profiles\em8i4cfq.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\users\mike\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\mike\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwx.sys [2010-6-25 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-6-25 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-6-25 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-25 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-25 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-25 243024]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-25 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-6-25 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-6-25 5897808]
R2 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2010-5-30 27136]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-21 47640]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-5-21 173352]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-6-25 122448]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-6-25 30288]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-6-25 20560]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2010-6-8 31504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-6 1343400]

=============== Created Last 30 ================

2010-06-30 02:48:26 176 ----a-w- c:\users\mike\defogger_reenable
2010-06-28 00:39:18 20 ----a-w- c:\windows\system32\SYSTEM
2010-06-27 13:08:33 0 d-----w- c:\users\mike\appdata\roaming\BID
2010-06-27 13:08:26 0 d-----w- c:\program files\Bulk Image Downloader
2010-06-25 14:06:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 14:06:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 12:09:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-25 12:09:40 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-06-25 12:09:40 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-25 12:09:39 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-25 12:09:32 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-25 12:09:31 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-25 12:09:15 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-25 04:11:14 0 d-----w- c:\program files\EASEUS
2010-06-25 03:39:00 98304 --sha-r- c:\windows\system32\user32F.dll
2010-06-23 07:00:50 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00:50 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00:50 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00:50 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00:50 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 00:33:32 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 00:33:29 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 00:33:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-23 00:33:29 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-06-23 00:33:29 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-06-22 22:56:31 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2010-06-22 22:56:31 58184 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2010-06-22 22:56:31 52552 ----a-w- c:\windows\system32\ftserui2.dll
2010-06-22 22:56:31 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2010-06-22 22:56:31 197952 ----a-w- c:\windows\system32\FTLang.dll
2010-06-22 22:56:31 120136 ----a-w- c:\windows\system32\ftbusui.dll
2010-06-22 13:42:44 0 d-----w- C:\remotecoding
2010-06-22 13:42:04 545 ----a-w- c:\windows\UC.PIF
2010-06-22 13:42:04 545 ----a-w- c:\windows\RAR.PIF
2010-06-22 13:42:04 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-22 13:42:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-22 13:42:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-22 13:42:04 545 ----a-w- c:\windows\LHA.PIF
2010-06-22 13:42:04 545 ----a-w- c:\windows\ARJ.PIF
2010-06-22 13:42:04 0 d-----w- c:\users\mike\appdata\roaming\GHISLER
2010-06-22 13:42:04 0 d-----w- C:\totalcmd
2010-06-21 22:58:39 0 d-----w- c:\users\mike\appdata\roaming\TeamViewer
2010-06-21 22:58:32 0 d-----w- c:\program files\TeamViewer
2010-06-21 22:51:55 0 d-----w- c:\users\mike\.VirtualBox
2010-06-21 22:51:26 142928 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-21 22:51:12 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-21 22:51:06 0 d-----w- c:\program files\Oracle
2010-06-21 22:50:18 0 d-----w- c:\programdata\LogMeIn
2010-06-21 22:50:14 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-21 22:50:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2010-06-21 22:50:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-21 22:50:12 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-06-21 22:50:10 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-20 18:30:55 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-20 18:27:37 0 d-----r- c:\program files\Skype
2010-06-20 18:27:33 0 d-----w- c:\programdata\Skype
2010-06-20 15:35:22 0 d-----w- c:\program files\NeoSmart Technologies
2010-06-19 00:49:13 1908 ----a-w- c:\windows\diagwrn.xml
2010-06-19 00:49:13 1908 ----a-w- c:\windows\diagerr.xml
2010-06-09 04:59:57 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 04:59:56 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 04:59:51 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 04:59:45 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 04:59:45 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 17:30:16 31504 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-06-08 17:30:16 111312 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-08 17:30:16 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-08 17:30:14 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-06 17:41:18 0 d-----w- c:\windows\system32\Wat
2010-06-06 17:17:03 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-06 17:16:50 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-06-06 17:16:50 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-06 17:16:47 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-06 17:16:44 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-06 17:16:44 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-06 17:16:43 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-06-06 17:16:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-06 17:15:17 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-06 17:15:17 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-06 17:15:17 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-06 17:14:48 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-06 17:14:30 132608 ----a-w- c:\windows\system32\cabview.dll
2010-06-06 17:10:49 65536 --sha-w- c:\users\mike\ntuser.dat{556de3c1-718e-11df-b438-001d72546870}.TM.blf
2010-06-06 17:10:49 524288 --sha-w- c:\users\mike\ntuser.dat{556de3c1-718e-11df-b438-001d72546870}.TMContainer00000000000000000002.regtrans-ms
2010-06-06 17:10:49 524288 --sha-w- c:\users\mike\ntuser.dat{556de3c1-718e-11df-b438-001d72546870}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-06-29 18:22:58 27240 ----a-w- c:\users\mike\appdata\roaming\nvModes.dat
2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-24 00:00:00 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-01 20:31:44 114688 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\privacie\index.dat
2010-03-09 02:11:06 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-03-09 02:11:06 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-03-09 02:11:06 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 23:12:48.40 ===============



Thanks in advance for the help

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 29 June 2010 - 10:49 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  1. Do not run any other tool untill instructed to do so!
  2. Do not Attach logs unless I ask you to.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.
  6. Do not run any other tool untill instructed to do so!


In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Note** If you are having problems posting the complete log into this thread upload them here http://www.rapidshare.com/ and post the links in this thread

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 lemmegetatthat

lemmegetatthat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 30 June 2010 - 12:06 AM

I followed the how to disable avg post, by turning off the resident scanner, but it was still picking up the combo fix. Anyway, i chose to allow instead of quarantine and the program ran, while combofix was going through the 50 stages, i kept getting a poppup saying one of the programs had stopped working and it was going to try to solve the problem. so i kept cancelling it everytime it came up and combofix continued to run. the system restarted. Now i can directly gain access to the site i listed before, diddybeats.com but if i search for the site in google, i am still being redirected.


ComboFix 10-06-29.03 - Mike 06/30/2010 0:35.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3263.2208 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Fonts\ZWAdobeF.TTF
c:\windows\system32\system
H:\Autorun.inf
J:\Autorun.inf

c:\windows\system32\wuauclt.exe . . . is infected!!

c:\windows\system32\ctfmon.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 04:44 . 2010-06-30 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-30 04:24 . 2010-06-30 04:25 -------- d-----w- C:\32788R22FWJFW
2010-06-29 13:16 . 2010-06-29 13:16 1039712 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-27 13:08 . 2010-06-27 14:36 -------- d-----w- c:\users\Mike\AppData\Roaming\BID
2010-06-27 13:08 . 2010-06-27 13:08 -------- d-----w- c:\program files\Bulk Image Downloader
2010-06-25 14:06 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 14:06 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 12:09 . 2010-06-25 12:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-25 12:09 . 2010-06-25 12:09 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-06-25 12:09 . 2010-06-25 12:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-25 12:09 . 2010-06-25 12:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-25 12:09 . 2010-06-25 12:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-25 12:09 . 2010-06-25 12:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-25 12:09 . 2010-06-30 00:39 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-25 12:09 . 2010-06-25 12:09 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-25 04:11 . 2010-06-25 04:11 -------- d-----w- c:\program files\EASEUS
2010-06-25 03:39 . 2010-06-25 03:39 98304 --sha-r- c:\windows\system32\user32F.dll
2010-06-23 07:00 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 00:33 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 00:33 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 00:33 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-22 22:56 . 2010-03-30 19:29 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2010-06-22 22:56 . 2010-03-30 19:28 58184 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2010-06-22 22:56 . 2010-03-30 19:28 120136 ----a-w- c:\windows\system32\ftbusui.dll
2010-06-22 22:56 . 2010-03-30 19:27 197952 ----a-w- c:\windows\system32\FTLang.dll
2010-06-22 22:56 . 2010-03-30 19:26 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2010-06-22 22:56 . 2010-03-30 19:25 52552 ----a-w- c:\windows\system32\ftserui2.dll
2010-06-22 13:46 . 2010-06-22 13:46 -------- d-----w- c:\users\Mike\AppData\Local\GHISLER
2010-06-22 13:42 . 2010-06-26 16:24 -------- d-----w- C:\remotecoding
2010-06-22 13:42 . 2010-06-22 13:42 -------- d-----w- C:\totalcmd
2010-06-22 13:42 . 2010-06-22 13:42 -------- d-----w- c:\users\Mike\AppData\Roaming\GHISLER
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\UC.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\RAR.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\LHA.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\ARJ.PIF
2010-06-21 22:58 . 2010-06-21 22:58 -------- d-----w- c:\users\Mike\AppData\Roaming\TeamViewer
2010-06-21 22:58 . 2010-06-21 22:58 -------- d-----w- c:\program files\TeamViewer
2010-06-21 22:51 . 2010-06-22 23:28 -------- d-----w- c:\users\Mike\.VirtualBox
2010-06-21 22:51 . 2010-06-08 17:30 142928 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-21 22:51 . 2010-06-08 17:30 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-21 22:51 . 2010-06-21 22:51 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-21 22:51 . 2010-06-21 22:51 -------- d-----w- c:\program files\Oracle
2010-06-21 22:50 . 2010-06-21 22:50 -------- d-----w- c:\users\Mike\AppData\Local\LogMeIn
2010-06-21 22:50 . 2010-06-21 22:50 -------- d-----w- c:\programdata\LogMeIn
2010-06-21 22:50 . 2010-06-02 20:06 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-06-21 22:50 . 2010-06-02 20:06 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-21 22:50 . 2010-06-02 20:06 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-21 22:50 . 2010-01-27 16:22 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-06-21 22:50 . 2010-06-02 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-20 18:30 . 2010-06-20 18:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-20 18:30 . 2010-06-30 04:52 -------- d-----w- c:\users\Mike\AppData\Roaming\skypePM
2010-06-20 18:28 . 2010-06-30 04:52 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2010-06-20 18:27 . 2010-06-20 18:27 -------- d-----r- c:\program files\Skype
2010-06-20 18:27 . 2010-06-20 18:27 -------- d-----w- c:\program files\Common Files\Skype
2010-06-20 18:27 . 2010-06-20 18:27 -------- d-----w- c:\programdata\Skype
2010-06-20 15:35 . 2010-06-20 17:20 -------- d-----w- c:\users\Mike\AppData\Local\NeoSmart_Technologies
2010-06-20 15:35 . 2010-06-20 15:39 -------- d-----w- c:\program files\NeoSmart Technologies
2010-06-09 04:59 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 04:59 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 04:59 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 04:59 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 04:59 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 17:30 . 2010-06-08 17:30 31504 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-06-08 17:30 . 2010-06-08 17:30 111312 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-08 17:30 . 2010-06-08 17:30 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-08 17:30 . 2010-06-08 17:30 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-06 17:41 . 2010-06-06 17:41 -------- d-----w- c:\windows\system32\Wat
2010-06-06 17:17 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-06 17:16 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-06-06 17:16 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-06 17:16 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-06 17:16 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-06 17:16 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-06 17:16 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-06-06 17:16 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-06 17:15 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-06 17:15 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-06 17:15 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-06 17:14 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-06 17:14 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 04:52 . 2010-01-23 05:50 -------- d-----w- c:\users\Mike\AppData\Roaming\LimeWire
2010-06-30 04:51 . 2010-01-23 05:43 -------- d-----w- c:\users\Mike\AppData\Roaming\uTorrent
2010-06-30 04:28 . 2010-01-27 12:49 -------- d-----w- c:\program files\LogMeIn
2010-06-29 18:22 . 2010-01-23 02:59 27240 ----a-w- c:\users\Mike\AppData\Roaming\nvModes.dat
2010-06-27 12:21 . 2010-01-31 19:41 -------- d-----w- c:\program files\JDownloader
2010-06-25 14:06 . 2010-03-01 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 12:09 . 2010-03-02 02:30 -------- d-----w- c:\programdata\avg9
2010-06-25 11:51 . 2010-01-24 15:16 -------- d-----w- c:\programdata\NOS
2010-06-25 04:45 . 2010-01-24 00:37 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 03:48 . 2010-01-24 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 03:47 . 2010-01-23 02:30 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-19 01:23 . 2010-01-26 04:44 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-06-06 20:04 . 2010-01-24 21:29 -------- d-----w- c:\users\Mike\AppData\Roaming\U3
2010-06-06 17:41 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-06 17:11 . 2010-01-23 02:48 111152 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 04:19 . 2010-05-26 02:31 256 ----a-w- c:\windows\system32\pool.bin
2010-05-26 02:31 . 2010-05-26 02:31 -------- d-----w- c:\users\Mike\AppData\Roaming\Research In Motion
2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\programdata\Research In Motion
2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\program files\Research In Motion
2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-21 18:14 . 2010-01-23 02:11 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 16:55 . 2010-05-07 16:55 255472 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-21 319280]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Google Update"="c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-28 135664]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-20 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-20 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iReboot 2.0.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2010-5-30 239104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyMusic"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-08 31504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-23 691696]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-06-25 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-25 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-06-25 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-25 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-25 243024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-08 142928]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-08 41744]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-25 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-25 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2010-05-30 27136]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-06-25 122448]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-06-25 30288]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-06-25 20560]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-08 111312]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984943813-255783444-3679666866-1001Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 23:57]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984943813-255783444-3679666866-1001UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\em8i4cfq.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - component: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\em8i4cfq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Mike\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5864)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Stardock\ObjectDock\ObjectDock.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-06-30 00:57:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-30 04:57

Pre-Run: 45,496,508,416 bytes free
Post-Run: 47,640,236,032 bytes free

- - End Of File - - 68A724D22AE79F5F1D65E92F553C2E1A


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2010 - 12:10 AM

hello

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
CODE
:filefind
wuauclt.exe
ctfmon.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

TDSSKiller:
  • Please Download TDSSKiller.zip and save it on your desktop.
  • extract (unzip) its contents to your Desktop.
  • double-click the TDSSKiller Folder on your desktop.
  • right-click on TDSSKiller.exe and click Copy then Paste it directly on to your Desktop.
  • Highlight and copy the text in the codebox below.
CODE
"%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"
  • Click Start, click Run... and paste the text above into the Open: line and click OK.
  • If malicious services or files have been detected, the utility will prompt to reboot the PC in order to complete the disinfection procedure. Please reboot when prompted.
  • After reboot, the driver will delete malicious registry keys and files as well as remove itself from the services list.
  • a log file should be created on your C: drive named something like TDSSKiller 2.1.1 Dec 20 2009 02:40:02
  • To find the log click Start then Computer then ( C:).
  • Please post the contents of that log in your next reply

Let me have these two reports


Gringo

Edited by gringo_pr, 30 June 2010 - 12:10 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 lemmegetatthat

lemmegetatthat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 30 June 2010 - 12:12 AM

here ya go

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 01:11 on 30/06/2010 by Mike (Administrator - Elevation successful)

========== filefind ==========

Searching for "wuauclt.exe"
C:\Windows\ERDNT\cache\wuauclt.exe --a--- 47104 bytes [04:55 30/06/2010] [01:14 14/07/2009] B0DA80FF42A0819D162A86612896AAF2
C:\Windows\System32\wuauclt.exe --a--- 47104 bytes [00:14 14/07/2009] [01:14 14/07/2009] B0DA80FF42A0819D162A86612896AAF2
C:\Windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.3.7600.16385_none_3086c9dad36a69b3\wuauclt.exe --a--- 47104 bytes [00:14 14/07/2009] [01:14 14/07/2009] B0DA80FF42A0819D162A86612896AAF2

Searching for "ctfmon.exe"
C:\Windows\ERDNT\cache\ctfmon.exe --a--- 8704 bytes [04:55 30/06/2010] [01:14 14/07/2009] 4A3CDCEF8ED41B221F3DBEF5792FB52D
C:\Windows\System32\ctfmon.exe --a--- 8704 bytes [23:26 13/07/2009] [01:14 14/07/2009] 4A3CDCEF8ED41B221F3DBEF5792FB52D
C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe --a--- 8704 bytes [23:26 13/07/2009] [01:14 14/07/2009] 4A3CDCEF8ED41B221F3DBEF5792FB52D

-=End Of File=-


Forgot the TDSS

01:13:45:002 2584 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
01:13:45:002 2584 ================================================================================
01:13:45:002 2584 SystemInfo:

01:13:45:002 2584 OS Version: 6.1.7600 ServicePack: 0.0
01:13:45:002 2584 Product type: Workstation
01:13:45:003 2584 ComputerName: MIKE-PC
01:13:45:004 2584 UserName: Mike
01:13:45:004 2584 Windows directory: C:\Windows
01:13:45:004 2584 Processor architecture: Intel x86
01:13:45:004 2584 Number of processors: 2
01:13:45:004 2584 Page size: 0x1000
01:13:45:006 2584 Boot type: Normal boot
01:13:45:006 2584 ================================================================================
01:13:45:448 2584 Initialize success
01:13:45:448 2584
01:13:45:449 2584 Scanning Services ...
01:13:46:380 2584 Raw services enum returned 482 services
01:13:46:391 2584
01:13:46:392 2584 Scanning Drivers ...
01:13:46:948 2584 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
01:13:46:988 2584 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
01:13:47:036 2584 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
01:13:47:061 2584 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
01:13:47:089 2584 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
01:13:47:111 2584 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
01:13:47:151 2584 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
01:13:47:266 2584 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
01:13:47:288 2584 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
01:13:47:309 2584 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
01:13:47:327 2584 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
01:13:47:339 2584 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
01:13:47:353 2584 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
01:13:47:372 2584 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
01:13:47:391 2584 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
01:13:47:413 2584 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
01:13:47:436 2584 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
01:13:47:456 2584 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
01:13:47:478 2584 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
01:13:47:496 2584 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
01:13:47:519 2584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
01:13:47:551 2584 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
01:13:47:594 2584 Avgfwfd (26a4640a8f16f8ce39b93329c83bb15a) C:\Windows\system32\DRIVERS\avgfwd6x.sys
01:13:47:708 2584 AVGIDSDriverw7x (9e6b5bc75fd68b0d56a6f68a2d967241) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys
01:13:47:754 2584 AVGIDSErHrw7x (25d906e3419ec2e7813d0627dd054032) C:\Windows\system32\Drivers\AVGIDSwx.sys
01:13:47:766 2584 AVGIDSFilterw7x (57b9a71774c9e334dc8ef97657ff18a1) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys
01:13:47:774 2584 AVGIDSShimw7x (c996c03d160137938a122a951305d645) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys
01:13:47:827 2584 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
01:13:47:856 2584 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
01:13:47:875 2584 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
01:13:47:899 2584 AvgTdiX (22e3b793c3e61720f03d3a22351af410) C:\Windows\system32\Drivers\avgtdix.sys
01:13:47:947 2584 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
01:13:47:975 2584 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:13:48:044 2584 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
01:13:48:070 2584 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
01:13:48:087 2584 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
01:13:48:103 2584 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
01:13:48:124 2584 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
01:13:48:144 2584 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
01:13:48:174 2584 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
01:13:48:201 2584 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
01:13:48:224 2584 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:13:48:245 2584 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
01:13:48:265 2584 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
01:13:48:336 2584 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
01:13:48:358 2584 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
01:13:48:377 2584 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
01:13:48:412 2584 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
01:13:48:454 2584 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
01:13:48:476 2584 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
01:13:48:550 2584 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
01:13:48:580 2584 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
01:13:48:611 2584 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:13:48:645 2584 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
01:13:48:698 2584 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
01:13:48:729 2584 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
01:13:48:748 2584 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
01:13:48:789 2584 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
01:13:48:825 2584 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
01:13:48:877 2584 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
01:13:48:975 2584 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
01:13:49:030 2584 ElbyCDIO (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys
01:13:49:062 2584 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
01:13:49:089 2584 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
01:13:49:110 2584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
01:13:49:136 2584 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
01:13:49:155 2584 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
01:13:49:178 2584 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
01:13:49:194 2584 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
01:13:49:220 2584 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
01:13:49:252 2584 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
01:13:49:282 2584 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
01:13:49:307 2584 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
01:13:49:351 2584 FTDIBUS (f8c2888b12253d8390c94887ffb699f2) C:\Windows\system32\drivers\ftdibus.sys
01:13:49:396 2584 FTSER2K (f0ca4e7bc5af32080069c2df83ba6690) C:\Windows\system32\drivers\ftser2k.sys
01:13:49:444 2584 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
01:13:49:473 2584 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
01:13:49:503 2584 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
01:13:49:557 2584 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
01:13:49:588 2584 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:13:49:613 2584 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
01:13:49:641 2584 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
01:13:49:665 2584 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
01:13:49:693 2584 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
01:13:49:734 2584 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys
01:13:49:752 2584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
01:13:49:782 2584 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
01:13:49:809 2584 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
01:13:49:821 2584 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
01:13:49:847 2584 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
01:13:49:863 2584 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
01:13:49:878 2584 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
01:13:49:903 2584 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
01:13:49:924 2584 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:13:49:949 2584 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
01:13:49:986 2584 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
01:13:50:010 2584 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
01:13:50:032 2584 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
01:13:50:062 2584 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
01:13:50:092 2584 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:13:50:113 2584 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
01:13:50:163 2584 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
01:13:50:215 2584 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
01:13:50:267 2584 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
01:13:50:294 2584 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
01:13:50:387 2584 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
01:13:50:450 2584 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
01:13:50:505 2584 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
01:13:50:546 2584 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
01:13:50:577 2584 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
01:13:50:606 2584 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
01:13:50:635 2584 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
01:13:50:663 2584 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
01:13:50:683 2584 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
01:13:50:717 2584 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
01:13:50:747 2584 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
01:13:50:771 2584 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
01:13:50:793 2584 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
01:13:50:817 2584 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
01:13:50:832 2584 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
01:13:50:851 2584 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
01:13:50:869 2584 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
01:13:50:897 2584 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
01:13:50:935 2584 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:13:50:961 2584 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:13:50:991 2584 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:13:51:014 2584 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
01:13:51:031 2584 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
01:13:51:057 2584 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
01:13:51:080 2584 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
01:13:51:098 2584 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
01:13:51:124 2584 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
01:13:51:135 2584 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
01:13:51:153 2584 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
01:13:51:174 2584 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
01:13:51:193 2584 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
01:13:51:203 2584 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
01:13:51:223 2584 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
01:13:51:243 2584 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
01:13:51:273 2584 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
01:13:51:311 2584 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
01:13:51:337 2584 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
01:13:51:361 2584 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
01:13:51:381 2584 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
01:13:51:399 2584 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
01:13:51:417 2584 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
01:13:51:437 2584 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
01:13:51:463 2584 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
01:13:51:485 2584 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
01:13:51:501 2584 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
01:13:51:522 2584 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
01:13:51:579 2584 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
01:13:51:626 2584 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
01:13:51:706 2584 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys

Edited by lemmegetatthat, 30 June 2010 - 12:16 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2010 - 01:58 AM

Greetings

I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

CODE
File::
c:\windows\system32\user32F.dll


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"
    In your next post I need the following
    1. report from Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now after running the script?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 lemmegetatthat

lemmegetatthat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 30 June 2010 - 07:06 AM

My searches look good now, haven't been redirected yet. computer seems fine. Any problems with this log?

ComboFix 10-06-29.04 - Mike 06/30/2010 7:54.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3263.1939 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\windows\system32\user32F.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\user32F.dll

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.

2010-06-30 12:00 . 2010-06-30 12:00 -------- d-----w- c:\users\Mike\AppData\Local\temp
2010-06-30 12:00 . 2010-06-30 12:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-30 12:00 . 2010-06-30 12:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-30 11:52 . 2010-06-30 11:53 -------- d-----w- C:\32788R22FWJFW
2010-06-29 13:16 . 2010-06-29 13:16 1039712 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-27 13:08 . 2010-06-27 14:36 -------- d-----w- c:\users\Mike\AppData\Roaming\BID
2010-06-27 13:08 . 2010-06-27 13:08 -------- d-----w- c:\program files\Bulk Image Downloader
2010-06-25 14:06 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-25 14:06 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-25 12:09 . 2010-06-25 12:09 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-06-25 12:09 . 2010-06-25 12:09 25168 ----a-w- c:\windows\system32\drivers\AVGIDSwx.sys
2010-06-25 12:09 . 2010-06-25 12:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-25 12:09 . 2010-06-25 12:09 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-25 12:09 . 2010-06-25 12:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-25 12:09 . 2010-06-25 12:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-25 12:09 . 2010-06-30 00:39 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-25 12:09 . 2010-06-25 12:09 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-06-25 04:11 . 2010-06-25 04:11 -------- d-----w- c:\program files\EASEUS
2010-06-23 07:00 . 2009-11-25 16:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 07:00 . 2009-11-25 16:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 07:00 . 2009-11-25 16:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 07:00 . 2009-11-25 16:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 07:00 . 2009-11-25 16:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 00:33 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 00:33 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 00:33 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-22 22:56 . 2010-03-30 19:29 206144 ----a-w- c:\windows\system32\ftd2xx.dll
2010-06-22 22:56 . 2010-03-30 19:28 58184 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2010-06-22 22:56 . 2010-03-30 19:28 120136 ----a-w- c:\windows\system32\ftbusui.dll
2010-06-22 22:56 . 2010-03-30 19:27 197952 ----a-w- c:\windows\system32\FTLang.dll
2010-06-22 22:56 . 2010-03-30 19:26 72520 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2010-06-22 22:56 . 2010-03-30 19:25 52552 ----a-w- c:\windows\system32\ftserui2.dll
2010-06-22 13:46 . 2010-06-22 13:46 -------- d-----w- c:\users\Mike\AppData\Local\GHISLER
2010-06-22 13:42 . 2010-06-26 16:24 -------- d-----w- C:\remotecoding
2010-06-22 13:42 . 2010-06-22 13:42 -------- d-----w- C:\totalcmd
2010-06-22 13:42 . 2010-06-22 13:42 -------- d-----w- c:\users\Mike\AppData\Roaming\GHISLER
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\UC.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\RAR.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\LHA.PIF
2010-06-22 13:42 . 2010-06-17 11:55 545 ----a-w- c:\windows\ARJ.PIF
2010-06-21 22:58 . 2010-06-21 22:58 -------- d-----w- c:\users\Mike\AppData\Roaming\TeamViewer
2010-06-21 22:58 . 2010-06-21 22:58 -------- d-----w- c:\program files\TeamViewer
2010-06-21 22:51 . 2010-06-22 23:28 -------- d-----w- c:\users\Mike\.VirtualBox
2010-06-21 22:51 . 2010-06-08 17:30 142928 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-21 22:51 . 2010-06-08 17:30 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-21 22:51 . 2010-06-21 22:51 -------- dc----w- c:\windows\system32\DRVSTORE
2010-06-21 22:51 . 2010-06-21 22:51 -------- d-----w- c:\program files\Oracle
2010-06-21 22:50 . 2010-06-21 22:50 -------- d-----w- c:\users\Mike\AppData\Local\LogMeIn
2010-06-21 22:50 . 2010-06-21 22:50 -------- d-----w- c:\programdata\LogMeIn
2010-06-21 22:50 . 2010-06-02 20:06 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2010-06-21 22:50 . 2010-06-02 20:06 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-21 22:50 . 2010-06-02 20:06 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-21 22:50 . 2010-01-27 16:22 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2010-06-21 22:50 . 2010-06-02 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-20 18:30 . 2010-06-20 18:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-06-20 18:30 . 2010-06-30 04:52 -------- d-----w- c:\users\Mike\AppData\Roaming\skypePM
2010-06-20 18:28 . 2010-06-30 04:58 -------- d-----w- c:\users\Mike\AppData\Roaming\Skype
2010-06-20 18:27 . 2010-06-20 18:27 -------- d-----r- c:\program files\Skype
2010-06-20 18:27 . 2010-06-20 18:27 -------- d-----w- c:\program files\Common Files\Skype
2010-06-20 18:27 . 2010-06-20 18:27 -------- d-----w- c:\programdata\Skype
2010-06-20 15:35 . 2010-06-20 17:20 -------- d-----w- c:\users\Mike\AppData\Local\NeoSmart_Technologies
2010-06-20 15:35 . 2010-06-20 15:39 -------- d-----w- c:\program files\NeoSmart Technologies
2010-06-09 04:59 . 2010-03-05 07:42 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 04:59 . 2010-05-01 14:49 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-06-09 04:59 . 2010-05-21 05:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-06-09 04:59 . 2010-05-27 07:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 04:59 . 2010-05-27 03:49 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-06-08 17:30 . 2010-06-08 17:30 31504 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-06-08 17:30 . 2010-06-08 17:30 111312 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-06-08 17:30 . 2010-06-08 17:30 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-08 17:30 . 2010-06-08 17:30 133648 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-06-06 17:41 . 2010-06-06 17:41 -------- d-----w- c:\windows\system32\Wat
2010-06-06 17:17 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-06-06 17:16 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-06-06 17:16 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-06-06 17:16 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-06-06 17:16 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-06 17:16 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-06 17:16 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-06-06 17:16 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-06-06 17:15 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-06-06 17:15 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-06-06 17:15 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-06-06 17:14 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-06-06 17:14 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 11:52 . 2010-01-23 05:43 -------- d-----w- c:\users\Mike\AppData\Roaming\uTorrent
2010-06-30 04:52 . 2010-01-23 05:50 -------- d-----w- c:\users\Mike\AppData\Roaming\LimeWire
2010-06-30 04:28 . 2010-01-27 12:49 -------- d-----w- c:\program files\LogMeIn
2010-06-29 18:22 . 2010-01-23 02:59 27240 ----a-w- c:\users\Mike\AppData\Roaming\nvModes.dat
2010-06-27 12:21 . 2010-01-31 19:41 -------- d-----w- c:\program files\JDownloader
2010-06-25 14:06 . 2010-03-01 00:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-25 12:09 . 2010-03-02 02:30 -------- d-----w- c:\programdata\avg9
2010-06-25 11:51 . 2010-01-24 15:16 -------- d-----w- c:\programdata\NOS
2010-06-25 04:45 . 2010-01-24 00:37 -------- d-----w- c:\program files\Microsoft.NET
2010-06-25 03:48 . 2010-01-24 17:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 03:47 . 2010-01-23 02:30 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-19 01:23 . 2010-01-26 04:44 -------- d-----w- c:\program files\Avidemux 2.5
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Portable Devices
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-06-06 20:08 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-06-06 20:04 . 2010-01-24 21:29 -------- d-----w- c:\users\Mike\AppData\Roaming\U3
2010-06-06 17:41 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-06-06 17:11 . 2010-01-23 02:48 111152 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-26 04:19 . 2010-05-26 02:31 256 ----a-w- c:\windows\system32\pool.bin
2010-05-26 02:31 . 2010-05-26 02:31 -------- d-----w- c:\users\Mike\AppData\Roaming\Research In Motion
2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\programdata\Research In Motion
2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\program files\Research In Motion
2010-05-26 02:30 . 2010-05-26 02:30 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-05-21 18:14 . 2010-01-23 02:11 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-07 16:55 . 2010-05-07 16:55 255472 ----a-w- c:\users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-21 319280]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Google Update"="c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-28 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-20 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-20 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-23 149280]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-01-13 37888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-03 640376]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iReboot 2.0.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2010-5-30 239104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyMusic"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-06-08 31504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-06 1343400]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-23 691696]
S0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwx.sys [2010-06-25 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-25 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-06-25 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-25 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-25 243024]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-06-08 142928]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-06-08 41744]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-25 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-25 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2010-05-30 27136]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-01-27 12856]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-05-21 173352]
S3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2010-06-25 122448]
S3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2010-06-25 30288]
S3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2010-06-25 20560]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-06-08 100496]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-06-08 111312]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD23
*Deregistered* - klmd23

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 18:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984943813-255783444-3679666866-1001Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 23:57]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1984943813-255783444-3679666866-1001UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\em8i4cfq.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
FF - component: c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\em8i4cfq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\users\Mike\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-06-30 08:03:24
ComboFix-quarantined-files.txt 2010-06-30 12:03
ComboFix2.txt 2010-06-30 04:57

Pre-Run: 47,680,548,864 bytes free
Post-Run: 47,622,647,808 bytes free

- - End Of File - - AC0E6D35D4BC77C6ED03974216BCD209


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 30 June 2010 - 01:52 PM

Hello

These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs
    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs

    Adobe Reader 9.3

    and click on remove

Update Adobe Reader
    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
      Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. Log From ESET Online Scanner
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 lemmegetatthat

lemmegetatthat
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:09:04 PM

Posted 30 June 2010 - 11:24 PM

Everything seems fine on the computer. all of sites are loading correctly. I stopped the online scanner because it didnt find anything on my C: drive and it began to scan my terabyte external hdd which would have took hours.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4262

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

6/30/2010 10:26:47 PM
mbam-log-2010-06-30 (22-26-47).txt

Scan type: Quick scan
Objects scanned: 129762
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=46646d370b7cd44bb45661d100d2d9b8
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-07-01 04:19:08
# local_time=2010-07-01 12:19:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1031 16777213 100 92 0 9537735 0 0
# compatibility_mode=5893 16776574 100 94 0 29497578 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=118964
# found=2
# cleaned=0
# scan_time=5162
H:\Music\Incomplete\CORRUPT-0-Laura Branigan - Self Control.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
H:\Music\Music Zilla DL\setup.exe a variant of Win32/Adware.ErrorRepair application 00000000000000000000000000000000 I



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 01 July 2010 - 03:05 AM

Hello

If H:// is your external drive then you should scan it and see how many songs are infected, you cvan start by deleting this song CORRUPT-0-Laura Branigan - Self Control.mp3

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.

The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:DeFogger:
    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    Your Emulation drivers are now re-enabled.
:Uninstall ComboFix:
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files

:Make your Internet Explorer more secure:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.
:Make Firefox more secure::Turn On Automatic Updates:
    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and useing often.
please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here:

Gringo

Edited by gringo_pr, 01 July 2010 - 03:06 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 04 July 2010 - 01:37 AM

Since the issue is resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users