Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google-Analytics Redirect Virus...HELP!


  • Please log in to reply
1 reply to this topic

#1 brockidd

brockidd

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:26 AM

Posted 23 July 2010 - 11:36 PM

Referred from here: http://www.bleepingcomputer.com/forums/t/333805/google-analyitics-redirect/ ~ OB

About a week ago I became infected with a virus that when I type something in on Google and click on one of the links, it opens a new tab (sometimes it doesn't open a new tab and just redirects me on the current one) and redirects me to a website with ads. It is really annoying. Sometimes after a couple tries it will actual send me to the right website. Usually I just copy and paste the website into the address bar, but even then sometimes I get redirected. I use Mozilla Firefox, but now every couple hours Internet Explorer (which I never use) pops up with an ad. Also, sometimes Firefox and Internet Explorer will just randomly pop Up and go to Google. I quickly exit out of them but they come back later. The Google Redirect and the Internet Explorer Pop Ups are the only noticeable problems right now, but it may also be effecting my internet connectivity and how fast my computer is, but it might be a coincidence. My computer sometimes says it can't load the page, and then I try to refresh and the next time sometimes it will work and others it still won't. My computer also seems to be running slower. I currently have the full version of AVG and Malwarebyte's but they have turned up nothing after full scans. This is getting really annoying. If anyone has had a similar experience or just knows how to get rid of this virus, please help me. I don't know too much about computers, so you'll have to be specific. Thanks.



DDS (Ver_10-03-17.01) - NTFSX64
Run by Brock at 22:49:11.74 on Fri 07/23/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4027.2009 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG9\avgam.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Adobe\Audition 1.5\Audition.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Brock\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Movie Maker 2.6\MOVIEMK.exe
C:\Users\Brock\Downloads\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Brock\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files (x86)\search settings\SearchSettings.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files (x86)\search settings\SearchSettings.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [Google Update] "c:\users\brock\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [My] c:\users\brock\desktop\Windows 7 Keygen.exe
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SearchSettings] c:\program files (x86)\search settings\SearchSettings.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files (x86)\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office10\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://clearchannelradio.webex.com/client/T26LSP49EP12/webex/ieatgpc1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Windows Mobile-based device management] %WINDIR%\WindowsMobile\wmdcBase.exe
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\brock\appdata\roaming\mozilla\firefox\profiles\dtwkdofs.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files (x86)\search settings\ff\components\SearchSettingsFF.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\nphssb.dll
FF - plugin: c:\users\brock\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\brock\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\brock\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\brock\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\brock\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\wat\npWatWeb.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-7-20 27216]
R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-7-20 56008]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-5-24 55280]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-7-20 29976]
R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-7-20 269904]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-7-20 35536]
R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-7-20 317520]
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 27136]
R2 Application Updater;Application Updater;c:\program files (x86)\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-20 308136]
R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-7-20 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-20 5897808]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2010-6-15 30520]
R2 MBAMService;MBAMService;c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe [2010-7-19 304464]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-7-20 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-7-20 35920]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-19 24664]
R3 NETw5s64;Intel« Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-7-20 430152]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2010-3-2 1038088]
S3 netw5v64;Intel« Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-13 1255736]

=============== Created Last 30 ================

2010-07-24 03:45:43 0 ----a-w- c:\users\brock\defogger_reenable
2010-07-20 19:16:41 0 d-----w- c:\program files\iPod
2010-07-20 19:16:40 0 d-----w- c:\program files\iTunes
2010-07-20 19:16:40 0 d-----w- c:\program files (x86)\iTunes
2010-07-20 18:10:58 0 d-----w- c:\program files (x86)\Trend Micro
2010-07-20 14:57:48 579952 ----a-w- c:\windows\system32\dsNcSmartCardProv.dll
2010-07-20 14:57:48 405360 ----a-w- c:\windows\system32\dsNcCredProv.dll
2010-07-20 14:04:07 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-20 14:04:05 27216 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys
2010-07-20 14:04:03 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2010-07-20 14:04:01 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-20 14:03:55 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-07-20 14:03:54 35536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2010-07-20 14:03:53 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-20 14:03:48 0 d-----w- c:\programdata\AVG Security Toolbar
2010-07-20 14:02:52 29976 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys
2010-07-20 14:02:50 0 d-----w- c:\programdata\avg9
2010-07-20 03:59:44 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-07-20 03:59:29 0 d-----w- c:\program files\Synaptics
2010-07-20 03:43:59 61288 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-07-20 03:42:30 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-07-20 03:42:30 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-07-20 03:42:21 20 ----a-w- c:\windows\└°┼á
2010-07-20 03:42:21 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-07-20 03:42:07 0 d-----w- c:\program files (x86)\Microsoft
2010-07-20 03:41:38 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-07-20 03:34:15 0 d-----w- c:\users\brock\appdata\roaming\Malwarebytes
2010-07-20 03:34:03 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-20 03:34:03 0 d-----w- c:\programdata\Malwarebytes
2010-07-20 03:34:03 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-20 03:30:01 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-07-20 03:28:31 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-07-20 03:27:43 0 d-----w- c:\program files\IDT
2010-07-20 03:27:41 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2010-07-20 03:27:41 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2010-07-20 03:27:41 162816 ----a-w- c:\windows\system32\AESTAC64.dll
2010-07-20 03:27:40 90624 ----a-w- c:\windows\system32\AESTCo64.dll
2010-07-20 03:27:40 564224 ----a-w- c:\windows\system32\idt64mp1.exe
2010-07-20 03:27:40 487424 ----a-w- c:\windows\sttray64.exe
2010-07-20 03:27:40 3774 ----a-w- c:\windows\system32\bltinmic.ico
2010-07-20 03:27:40 3774 ----a-w- c:\windows\system32\2hps.ico
2010-07-20 03:27:40 3348480 ----a-w- c:\windows\system32\stlang64.dll
2010-07-20 03:27:40 15222 ----a-w- c:\windows\system32\nbspkrs.ico
2010-07-20 03:27:40 12772352 ----a-w- c:\windows\system32\idtcpl64.cpl
2010-07-20 03:27:39 0 d-----w- c:\windows\system32\SRSLabs
2010-07-14 18:13:47 144384 ----a-w- c:\windows\system32\cdd.dll
2010-07-13 20:11:24 0 d-----w- c:\program files (x86)\POOL
2010-07-13 18:05:14 36864 ----a-w- c:\windows\syswow64\MD5.ocx
2010-07-13 18:05:14 110592 ----a-w- c:\windows\syswow64\glxpbuttonz.ocx
2010-07-13 18:05:14 0 d-----w- c:\program files (x86)\Windows7_Key_Changer
2010-07-07 22:32:51 0 d-----w- c:\program files (x86)\Epson Software
2010-06-29 22:12:30 0 d-----w- c:\users\brock\appdata\roaming\Facebook
2010-06-24 08:01:28 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-24 08:01:28 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-24 08:01:28 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:01:28 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:01:28 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:01:28 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-24 08:01:28 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-24 08:01:28 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 08:01:28 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-24 08:01:28 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

==================== Find3M ====================

2010-06-15 21:54:06 19256 ----a-w- c:\windows\system32\HPMDPCoInst10.dll
2010-06-15 21:53:58 30008 ----a-w- c:\windows\system32\drivers\hpdskflt.sys
2010-06-15 21:53:52 30520 ----a-w- c:\windows\system32\hpservice.exe
2010-06-15 21:53:48 19256 ----a-w- c:\windows\system32\accelerometerdll.DLL
2010-06-15 21:53:42 41272 ----a-w- c:\windows\system32\drivers\Accelerometer.sys
2010-06-11 03:37:46 344064 ----a-w- c:\windows\syswow64\dsGinaLoaderX64.dll
2010-06-11 03:27:08 32768 ----a-w- c:\windows\system32\drivers\dsNcAdpt.sys
2010-05-28 03:32:56 320560 ----a-w- c:\windows\system32\drivers\SynTP.sys
2010-05-28 03:29:42 107816 ----a-w- c:\windows\syswow64\SynTPCOM.dll
2010-05-28 03:29:36 147752 ----a-w- c:\windows\system32\SynTPCo4.dll
2010-05-28 03:29:32 214824 ----a-w- c:\windows\system32\SynTPAPI.dll
2010-05-28 03:29:28 210216 ----a-w- c:\windows\syswow64\SynCtrl.dll
2010-05-28 03:29:26 265000 ----a-w- c:\windows\system32\SynCtrl.dll
2010-05-28 03:29:26 173352 ----a-w- c:\windows\syswow64\SynCOM.dll
2010-05-28 03:29:24 396584 ----a-w- c:\windows\system32\SynCOM.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-25 22:32:51 64744 ----a-w- c:\users\brock\appdata\roaming\GDIPFONTCACHEV1.DAT
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-18 21:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 21:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 21:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 21:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-09 09:46:00 961024 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:45:57 552960 ----a-w- c:\windows\system32\msdri.dll
2010-05-09 09:14:55 641536 ----a-w- c:\windows\syswow64\CPFilters.dll
2010-05-06 12:42:05 1225216 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-06 12:41:55 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-06 12:41:53 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-06 12:41:53 5970944 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-06 12:41:49 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-06 12:41:49 10984448 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-01 15:07:05 3122176 ----a-w- c:\windows\system32\win32k.sys
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-03-02 22:52:08 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-03-02 20:30:12 245760 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:50:33.21 ===============

Attached Files


Edited by Orange Blossom, 24 July 2010 - 12:00 AM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 31 July 2010 - 10:42 AM

Hello brockidd

Welcome to BleepingComputer smile.gif
==========================
You appear to have a pirated version of Windows I suggest because it is illegal, to reformat and reinstall a legitimate version of windows.
This will remove the infection plus get you back up and running legally.
With this being a cracked version of Windows you will not be able to apply the patches from Microsoft needed to fill the exploit holes.

Let me know what you want to do.

Edited by kahdah, 31 July 2010 - 10:43 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users