Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Xbash Malware Deletes Databases on Linux, Mines for Coins on Windows

Featured Deal: Get 98% off the 2018 CompTIA Certification Training Bundle: Lifetime Access Deal

Photo

Google Search Redirections

Started by splttingatms , Sep 04 2010 10:50 AM

  • This topic is locked This topic is locked
3 replies to this topic

#1 splttingatms

splttingatms

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:03:36 PM

Posted 04 September 2010 - 10:50 AM

Hi,

My computer has been acting funny lately. When I click on a google search result, I am redirected to ad sites. I tried running GMER but was unsuccessful and got this message "C:\Windows\system32\config\system: The system cannot find the file specified." I looked it up and it is related to me having Windows 7 64bit. I previously ran Malwarebytes before deciding to post to this forum, I have a log of that if needed. Anyways I have copied the dds log. Thanks for the help.

DDS
DDS (Ver_09-09-29.01) - NTFSx86 MINIMAL
Run by splttingatms at 0:54:03.77 on Fri 09/03/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3884.3210 [GMT -5:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\splttingatms\Desktop\dds.com
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = 62.111.131.66:8080
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [AppVodBurner]
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [HControlUser] c:\program files (x86)\asus\atk hotkey\HControlUser.exe
mRun: [ATKMEDIA] c:\program files (x86)\asus\atk media\DMedia.exe
mRun: [ATKOSD2] c:\program files (x86)\asus\atkosd2\ATKOSD2.exe
mRun: [BCSSync] "c:\program files (x86)\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files (x86)\google\gmail notifier\gnotify.exe
dRun: [flakqvpd] c:\windows\system32\config\systemprofile\appdata\local\fpsrbbtvo\slqxvlishdw.exe
StartupFolder: c:\users\spltti~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\autoho~2.lnk - c:\program files (x86)\autohotkey\AutoHotkey.exe
StartupFolder: c:\users\spltti~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\splttingatms\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\spltti~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\flux.lnk - c:\users\splttingatms\local settings\apps\f.lux\flux.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {ABF824CB-7640-42E7-83A2-295BC8B3E522} = 208.67.222.222,208.67.220.220
TCP: 3757E6E69727160313 = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\syswow64\nvinit.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\spltti~1\appdata\roaming\mozilla\firefox\profiles\803to7ex.default\
FF - component: c:\users\splttingatms\appdata\roaming\mozilla\firefox\profiles\803to7ex.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\splttingatms\appdata\roaming\mozilla\firefox\profiles\803to7ex.default\extensions\optout@dubfire.net\lib\winnt\ff3\AbineComponent.dll
FF - plugin: c:\progra~2\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\splttingatms\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\splttingatms\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\splttingatms\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\etd.sys --> c:\windows\system32\drivers\ETD.sys [?]
R3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\hecix64.sys --> c:\windows\system32\drivers\HECIx64.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys --> c:\windows\system32\drivers\vwififlt.sys [?]
S2 ASMMAP64;ASMMAP64;c:\program files\atkgfnex\ASMMAP64.sys [2010-5-19 14904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DroidExplorerService;DroidExplorer Service;c:\program files\droid explorer\DroidExplorer.Service.exe [2010-8-1 253440]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-5-19 135664]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe [2010-8-19 1604200]
S2 SeaPort;SeaPort;c:\program files (x86)\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2010-5-19 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\amustor.sys --> c:\windows\system32\drivers\AmUStor.SYS [?]
S3 cpudrv64;cpudrv64;c:\program files (x86)\systemrequirementslab\cpudrv64.sys [2009-12-18 17864]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys --> c:\windows\system32\drivers\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files (x86)\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 Impcd;Impcd;c:\windows\system32\drivers\impcd.sys --> c:\windows\system32\drivers\Impcd.sys [?]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\intcdaud.sys --> c:\windows\system32\drivers\IntcDAud.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c62x64.sys --> c:\windows\system32\drivers\L1C62x64.sys [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\mpnwmon.sys --> c:\windows\system32\drivers\MpNWMon.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-30 19544]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\drivers\sisg664.sys --> c:\windows\system32\drivers\SiSG664.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\watadminsvc.exe --> c:\windows\system32\wat\WatAdminSvc.exe [?]
S4 AFBAgent;AFBAgent;"c:\windows\system32\fbagent.exe" --> c:\windows\system32\FBAgent.exe [?]

=============== Created Last 30 ================

2010-09-02 22:37 <DIR> --d----- c:\users\spltti~1\appdata\roaming\Malwarebytes
2010-09-02 22:37 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 22:36 <DIR> --d----- c:\programdata\Malwarebytes
2010-09-02 22:36 <DIR> --d----- c:\progra~3\Malwarebytes
2010-09-02 22:36 <DIR> --d----- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-02 07:59 <DIR> --d----- c:\users\spltti~1\appdata\roaming\SUPERAntiSpyware.com
2010-09-02 07:59 <DIR> --d----- c:\programdata\SUPERAntiSpyware.com
2010-09-02 07:59 <DIR> --d----- c:\progra~3\SUPERAntiSpyware.com
2010-09-02 07:59 <DIR> --d----- c:\programdata\!SASCORE
2010-09-02 07:59 <DIR> --d----- c:\progra~3\!SASCORE
2010-09-01 08:03 <DIR> --d----- c:\programdata\FilerFrog
2010-09-01 08:03 <DIR> --d----- c:\progra~3\FilerFrog
2010-08-31 21:37 <DIR> --d----- c:\users\spltti~1\appdata\roaming\Realtime Soft
2010-08-30 23:53 <DIR> --d----- c:\programdata\Windows Genuine Advantage
2010-08-30 23:31 165,376 a------- c:\windows\system32\unrar.dll
2010-08-30 23:31 38 a------- c:\windows\avisplitter.ini
2010-08-30 23:31 232,448 a------- c:\windows\system32\mp3fhg.acm
2010-08-30 23:31 217,088 a------- c:\windows\system32\yv12vfw.dll
2010-08-30 23:31 151,552 a------- c:\windows\system32\ac3acm.acm
2010-08-30 23:31 790,528 a------- c:\windows\system32\xvidcore.dll
2010-08-30 23:31 134,144 a------- c:\windows\system32\xvidvfw.dll
2010-08-30 23:31 108,032 a------- c:\windows\system32\ff_vfw.dll
2010-08-30 23:31 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2010-08-30 23:31 <DIR> --d----- c:\program files (x86)\K-Lite Codec Pack
2010-08-27 23:17 <DIR> --d----- c:\users\spltti~1\appdata\roaming\ooVoo Details
2010-08-24 18:26 571,904 a------- c:\windows\system32\oleaut32.dll
2010-08-22 18:42 <DIR> --d-h--- c:\program files (x86)\InstallJammer Registry
2010-08-22 18:42 <DIR> --d----- c:\users\spltti~1\appdata\roaming\Gmote
2010-08-22 18:42 <DIR> --d----- c:\program files (x86)\GmoteServer
2010-08-22 13:35 <DIR> --d----- c:\program files (x86)\SystemRequirementsLab
2010-08-19 00:09 <DIR> --d----- c:\windows\system32\NV
2010-08-19 00:08 <DIR> --d----- c:\program files (x86)\NVIDIA Corporation
2010-08-13 20:26 <DIR> --d----- C:\sqlite
2010-08-11 21:54 <DIR> --d----- c:\users\spltti~1\appdata\roaming\DroidExplorer
2010-08-10 23:12 <DIR> --d--r-- C:\Sandbox
2010-08-09 02:37 <DIR> --d----- c:\users\splttingatms\dwhelper

==================== Find3M ====================

2010-07-29 01:30 82,944 a------- c:\windows\system32\iccvid.dll
2010-07-20 05:39 127,868 a------- c:\windows\system32\igcompkrng575.bin
2010-07-20 05:39 104,796 a------- c:\windows\system32\igfcg575m.bin
2010-07-20 05:36 4,966,400 a------- c:\windows\system32\igdumd32.dll
2010-07-20 05:34 571,904 a------- c:\windows\system32\igdumdx32.dll
2010-07-20 05:31 4,410,880 a------- c:\windows\system32\igd10umd32.dll
2010-07-20 05:19 11,041,280 a------- c:\windows\system32\ig4icd32.dll
2010-07-20 05:09 23,552 a------- c:\windows\system32\igfxexps32.dll
2010-07-20 05:09 228,352 a------- c:\windows\system32\igfxdv32.dll
2010-07-07 00:52 135,168 a------- c:\windows\apppatch\apppatch64\AcXtrnal.dll
2010-07-07 00:52 347,648 a------- c:\windows\apppatch\apppatch64\AcLayers.dll
2010-06-30 01:35 411,368 a------- c:\windows\system32\deployJava1.dll
2010-06-30 01:25 978,432 a------- c:\windows\system32\wininet.dll
2010-06-19 01:33 3,955,080 a------- c:\windows\system32\ntkrnlpa.exe
2010-06-19 01:33 3,899,784 a------- c:\windows\system32\ntoskrnl.exe
2010-06-19 01:23 37,376 a------- c:\windows\system32\rtutils.dll
2010-06-16 00:48 224,256 a------- c:\windows\system32\schannel.dll
2010-06-08 01:02 1,233,920 a------- c:\windows\system32\msxml3.dll
2010-06-07 18:37 2,097,152 ----hr-- C:\U30Jc.BIN
2009-12-24 07:38 131,368 a------- c:\programdata\FullRemove.exe
2009-12-24 07:38 131,368 a------- c:\progra~3\FullRemove.exe
2009-07-14 00:37 291,294 a------- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 00:37 291,294 a------- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 00:37 31,548 a------- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 00:37 31,548 a------- c:\windows\inf\perflib\0409\perfc.dat
2009-07-13 23:54 174 a--sh--- c:\program files (x86)\desktop.ini
2009-07-13 20:00 291,294 a------- c:\windows\inf\perflib\0000\perfi.dat
2009-07-13 20:00 291,294 a------- c:\windows\inf\perflib\0000\perfh.dat
2009-07-13 20:00 31,548 a------- c:\windows\inf\perflib\0000\perfd.dat
2009-07-13 20:00 31,548 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 15:44 9,633,792 a--shr-- c:\windows\fonts\StaticCache.dat
2009-07-13 20:39 398,848 a--sh--- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-13 20:14 396,800 a--sh--- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 0:55:16.87 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:36 PM

Posted 11 September 2010 - 10:24 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3.let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 splttingatms

splttingatms
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:03:36 PM

Posted 12 September 2010 - 12:53 AM

Hello I have already fixed the issue. I'm not sure how to delete this topic. Thanks for the reply.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:36 PM

Posted 12 September 2010 - 01:01 AM

don't worry I will just close it and thank you for letting me know


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·