Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redirect...so frustrating!


  • This topic is locked This topic is locked
20 replies to this topic

#1 jmsegnere

jmsegnere

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 27 September 2010 - 08:37 PM

No matter what I search for in Google, usually the first few results will automatically forward to a random site.

I've tried Spybot S&D, Malwarebytes, Avira, Microsoft Security Essentials...nothing seems to work.

Any help you can provide would be very much appreciated!!

Thanks!
-Jeff

I tried to run GMER, but I received the error: "C:\Windows\system32\config\system: The system cannot find the file specified."
The checkboxes from System to Libraries are grayed out.

Here's the DDS log:


DDS (Ver_10-03-17.01) - NTFSX64
Run by Jeff at 22:14:53.14 on Sun 09/26/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4084.2775 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jeff\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\jeff\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~3.EXE
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [Mobile Connectivity Suite] "c:\program files (x86)\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [IJNetworkScanUtility] c:\program files (x86)\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [iTunesHelper] "c:\program files\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
uPolicies-system: <NO NAME> =
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [nwiz] nwiz.exe /install
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\ylrz4whk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2442061&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files (x86)\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla plugins\npitunes.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jeff\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\jeff\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\users\jeff\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {FADDE3C1-C780-46DE-9F7E-F6DE4D77DE40} - c:\users\jeff\appdata\local\{FADDE3C1-C780-46DE-9F7E-F6DE4D77DE40}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-3-14 54480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [2010-2-4 89600]
R2 MSSQL$ORSQLEXP;SQL Server (ORSQLEXP);c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y60x64.sys [2009-3-13 315008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-5-4 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-5-4 319840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9e8ab6b52cd10;Google Update Service (gupdate1c9e8ab6b52cd10);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-3-14 1038088]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736]

=============== Created Last 30 ================

2010-09-27 02:09:54 214 ----a-w- c:\users\jeff\defogger_reenable
2010-09-26 21:02:39 191272 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-09-24 11:45:16 0 d-----w- c:\program files\Mozilla Plugins
2010-09-24 11:45:15 0 d-----w- c:\program files\iTunesHelper.Resources
2010-09-24 11:44:49 0 d-----w- c:\program files\iTunes.Resources
2010-09-24 11:44:49 0 d-----w- c:\program files\iPod
2010-09-24 11:44:48 0 d-----w- c:\program files\iTunes
2010-09-24 11:44:48 0 d-----w- c:\program files\CD Configuration
2010-09-24 11:41:47 0 d-----w- c:\program files\Bonjour
2010-09-24 11:41:47 0 d-----w- c:\program files (x86)\Bonjour
2010-09-20 01:35:12 0 d-----w- c:\users\jeff\appdata\roaming\Malwarebytes
2010-09-20 01:34:44 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 01:34:44 0 d-----w- c:\programdata\Malwarebytes
2010-09-20 01:34:44 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-18 23:33:21 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-09-18 23:33:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-09-18 07:01:14 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-17 11:51:32 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 19:43:18 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-09-06 21:40:42 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-06 11:17:13 0 d-----w- c:\program files (x86)\ESET
2010-09-06 11:07:25 77312 ----a-w- C:\mbr.exe
2010-09-01 12:32:02 573736 ----a-w- c:\program files\iTunesPhotoProcessor.exe
2010-09-01 12:32:02 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2010-09-01 12:32:00 421160 ----a-w- c:\program files\iTunesHelper.exe
2010-09-01 12:31:58 387368 ----a-w- c:\program files\iTunesAdmin.dll
2010-09-01 12:31:58 173344 ----a-w- c:\program files\iTunesHelper.dll
2010-09-01 12:31:54 9777448 ----a-w- c:\program files\iTunes.exe
2010-09-01 12:31:52 18658592 ----a-w- c:\program files\iTunes.dll
2010-09-01 12:31:50 726304 ----a-w- c:\program files\gnsdk_sdkmanager.dll
2010-09-01 12:31:50 259360 ----a-w- c:\program files\gnsdk_submit.dll
2010-09-01 12:31:50 197920 ----a-w- c:\program files\gnsdk_musicid.dll

==================== Find3M ====================

2010-09-01 12:31:50 111912 ----a-w- c:\program files\ITDetector.ocx
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 22:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 22:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-23 07:13:22 64083 ----a-w- c:\program files\Acknowledgements.rtf
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2009-09-16 17:28:24 1309 ----a-w- c:\program files (x86)\OR11InstSQL.log
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-28 11:47:40 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-16 11:33:00 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
2010-05-16 11:33:00 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:15:50.06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:01:33 PM

Posted 02 October 2010 - 06:42 AM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 02 October 2010 - 07:41 AM

Thank you for your help!

Here's my DDS log. As I noted above, I receive an error when trying to run GMER.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Jeff at 8:36:34.08 on Sat 10/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4084.2642 [GMT -4:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orblauncher.exe
C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\Jeff\Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\isuspm.exe -startup
uRun: [AdobeBridge]
uRun: [Google Update] "c:\users\jeff\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [VirtualCloneDrive] "c:\program files (x86)\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [Adobe_ID0ENQBO] c:\progra~2\common~1\adobe\adobev~1\server\bin\VERSIO~3.EXE
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [Mobile Connectivity Suite] "c:\program files (x86)\htc\htc sync\application launcher\Application Launcher.exe" /startoptions
mRun: [IJNetworkScanUtility] c:\program files (x86)\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [iTunesHelper] "c:\program files\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
uPolicies-system: <NO NAME> =
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [Acronis Scheduler2 Service] "c:\program files (x86)\common files\acronis\schedule2\schedhlp.exe"
mRun-x64: [nwiz] nwiz.exe /install
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [SysTrayApp] c:\program files\idt\wdm\sttray64.exe
mRun-x64: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - c:\users\jeff\appdata\roaming\mozilla\firefox\profiles\ylrz4whk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2442061&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files (x86)\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files (x86)\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla plugins\npitunes.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jeff\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\jeff\appdata\local\huludesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: c:\users\jeff\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {FADDE3C1-C780-46DE-9F7E-F6DE4D77DE40} - c:\users\jeff\appdata\local\{FADDE3C1-C780-46DE-9F7E-F6DE4D77DE40}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-3-14 54480]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 173984]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe [2010-2-4 89600]
R2 MSSQL$ORSQLEXP;SQL Server (ORSQLEXP);c:\program files (x86)\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 StarWindServiceAE;StarWind AE Service;c:\program files (x86)\alcohol soft\alcohol 52\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y60x64.sys [2009-3-13 315008]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-5-4 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-5-4 319840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9e8ab6b52cd10;Google Update Service (gupdate1c9e8ab6b52cd10);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-6-8 133104]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService64.exe [2009-3-14 1038088]
S3 HTCAND64;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 32768]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-3 1255736]

=============== Created Last 30 ================

2010-09-28 11:14:20 255352 ----a-w- c:\windows\syswow64\awrdscdc.ax
2010-09-28 11:14:09 0 d-----w- c:\program files (x86)\Audible
2010-09-27 02:09:54 214 ----a-w- c:\users\jeff\defogger_reenable
2010-09-26 21:02:39 191272 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-09-24 11:45:16 0 d-----w- c:\program files\Mozilla Plugins
2010-09-24 11:45:15 0 d-----w- c:\program files\iTunesHelper.Resources
2010-09-24 11:44:49 0 d-----w- c:\program files\iTunes.Resources
2010-09-24 11:44:49 0 d-----w- c:\program files\iPod
2010-09-24 11:44:48 0 d-----w- c:\program files\iTunes
2010-09-24 11:44:48 0 d-----w- c:\program files\CD Configuration
2010-09-24 11:41:47 0 d-----w- c:\program files\Bonjour
2010-09-24 11:41:47 0 d-----w- c:\program files (x86)\Bonjour
2010-09-20 01:35:12 0 d-----w- c:\users\jeff\appdata\roaming\Malwarebytes
2010-09-20 01:34:44 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-20 01:34:44 0 d-----w- c:\programdata\Malwarebytes
2010-09-20 01:34:44 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-09-18 23:33:21 0 d-----w- c:\program files (x86)\Microsoft Antimalware
2010-09-18 23:33:16 0 d-----w- c:\program files\Microsoft Security Essentials
2010-09-18 07:01:14 2058752 ----a-w- c:\windows\syswow64\iertutil.dll
2010-09-17 11:51:32 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-15 19:43:18 558592 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-08 15:17:46 94208 ----a-w- c:\windows\syswow64\QuickTimeVR.qtx
2010-09-08 15:17:46 69632 ----a-w- c:\windows\syswow64\QuickTime.qts
2010-09-06 21:40:42 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-06 11:17:13 0 d-----w- c:\program files (x86)\ESET
2010-09-06 11:07:25 77312 ----a-w- C:\mbr.exe

==================== Find3M ====================

2010-09-01 12:32:02 573736 ----a-w- c:\program files\iTunesPhotoProcessor.exe
2010-09-01 12:32:02 294688 ----a-w- c:\program files\iTunesOutlookAddIn.dll
2010-09-01 12:32:00 421160 ----a-w- c:\program files\iTunesHelper.exe
2010-09-01 12:31:58 387368 ----a-w- c:\program files\iTunesAdmin.dll
2010-09-01 12:31:58 173344 ----a-w- c:\program files\iTunesHelper.dll
2010-09-01 12:31:54 9777448 ----a-w- c:\program files\iTunes.exe
2010-09-01 12:31:52 18658592 ----a-w- c:\program files\iTunes.dll
2010-09-01 12:31:50 726304 ----a-w- c:\program files\gnsdk_sdkmanager.dll
2010-09-01 12:31:50 259360 ----a-w- c:\program files\gnsdk_submit.dll
2010-09-01 12:31:50 197920 ----a-w- c:\program files\gnsdk_musicid.dll
2010-09-01 12:31:50 111912 ----a-w- c:\program files\ITDetector.ocx
2010-07-29 06:30:34 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-07-27 22:55:50 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:55:50 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-27 22:44:10 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-07-27 22:44:10 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-07-27 14:03:24 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-23 07:13:22 64083 ----a-w- c:\program files\Acknowledgements.rtf
2009-09-16 17:28:24 1309 ----a-w- c:\program files (x86)\OR11InstSQL.log
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-28 11:47:40 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-05-16 11:33:00 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010051620100517\index.dat
2010-05-16 11:33:00 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 8:36:45.33 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 07 October 2010 - 08:35 AM

Hello, jmsegnere.





Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578








Do you get redirected only in Firefox or IE or both? Do you have other computers sharing the same internet connection? If so, do they also get redirected?



Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 07 October 2010 - 10:13 PM

etavares,

Thanks for your help! I appreciate the advice on Ccleaner.
Below is the logfile as you requested. I did not receive any warning message when I ran the scan.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Latitude E6500
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 198):
0x03012000 \SystemRoot\system32\ntoskrnl.exe
0x035EE000 \SystemRoot\system32\hal.dll
0x00BBA000 \SystemRoot\system32\kdcom.dll
0x00C44000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C88000 \SystemRoot\system32\PSHED.dll
0x00C9C000 \SystemRoot\system32\CLFS.SYS
0x00CFA000 \SystemRoot\system32\CI.dll
0x00E13000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EB7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EC6000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F1D000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F26000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F30000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F3D000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F70000 \SystemRoot\System32\drivers\partmgr.sys
0x00F85000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x00FBE000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010D5000 \SystemRoot\System32\drivers\volmgrx.sys
0x01131000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x0113A000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x01146000 \SystemRoot\System32\drivers\mountmgr.sys
0x0122F000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x0134C000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01357000 \SystemRoot\system32\drivers\fltmgr.sys
0x013A3000 \SystemRoot\system32\drivers\fileinfo.sys
0x013B7000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0144C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01160000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01601000 \SystemRoot\system32\drivers\ndis.sys
0x016F3000 \SystemRoot\system32\drivers\NETIO.SYS
0x01753000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x0177E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AF1000 \SystemRoot\system32\DRIVERS\timntr.sys
0x01BA1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01A00000 \SystemRoot\system32\DRIVERS\tdrpman.sys
0x01A94000 \SystemRoot\System32\Drivers\spldr.sys
0x01A9C000 \SystemRoot\system32\DRIVERS\snapman.sys
0x017C8000 \SystemRoot\system32\DRIVERS\sbp2port.sys
0x013C3000 \SystemRoot\System32\drivers\rdyboost.sys
0x01AD7000 \SystemRoot\System32\Drivers\mup.sys
0x01BED000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01073000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x017E5000 \SystemRoot\system32\DRIVERS\disk.sys
0x011BE000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02F64000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F8E000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x02F9B000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x02FC8000 \SystemRoot\System32\Drivers\Null.SYS
0x02FD1000 \SystemRoot\System32\Drivers\Beep.SYS
0x02FD8000 \SystemRoot\System32\drivers\vga.sys
0x02E00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FE6000 \SystemRoot\System32\drivers\watchdog.sys
0x02FF6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02E25000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01BF6000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015EF000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01200000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01211000 \SystemRoot\system32\DRIVERS\tdx.sys
0x011EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03CE5000 \SystemRoot\system32\drivers\afd.sys
0x03D6F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03DB4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03DBD000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03DE3000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03C1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C80000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C8C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C97000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x03CA2000 \SystemRoot\System32\drivers\discache.sys
0x03CB1000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CCF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x010AD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x09E0E000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0A906000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x0A908000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x00DBA000 \SystemRoot\System32\drivers\dxgmms1.sys
0x09836000 \SystemRoot\system32\DRIVERS\e1y60x64.sys
0x09886000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x09893000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x098E9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x098FA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E9B000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x03E00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03E3E000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03E5E000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03E72000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0991E000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x043D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x043E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x043F4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03E90000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x09953000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x09969000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x09979000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0998F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x099B3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x099BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x09800000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00FD3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0981B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x099EE000 \SystemRoot\system32\DRIVERS\VClone.sys
0x00C00000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03E99000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04A1F000 \SystemRoot\system32\DRIVERS\ks.sys
0x04A62000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04A74000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04ACE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04AE3000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x04B5E000 \SystemRoot\system32\DRIVERS\portcls.sys
0x04B9B000 \SystemRoot\system32\DRIVERS\drmk.sys
0x04BBD000 \SystemRoot\system32\drivers\ksthunk.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x04BC3000 \SystemRoot\System32\drivers\Dxapi.sys
0x04BCF000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E2E000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x04BDD000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x04A00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04A1D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02015000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x02064000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x005D0000 \SystemRoot\System32\TSDDD.dll
0x00740000 \SystemRoot\System32\ATMFD.DLL
0x00870000 \SystemRoot\System32\cdd.dll
0x020DC000 \SystemRoot\system32\drivers\luafv.sys
0x020FF000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0x02116000 \SystemRoot\system32\drivers\WudfPf.sys
0x02187000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x0219C000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02000000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0208C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03A95000 \SystemRoot\system32\drivers\HTTP.sys
0x03B5D000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03B7B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03B93000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03A4E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03A71000 \SystemRoot\System32\Drivers\adfs.SYS
0x03BC0000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x04849000 \SystemRoot\system32\drivers\peauth.sys
0x048EF000 \SystemRoot\System32\Drivers\secdrv.SYS
0x048FA000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x04927000 \SystemRoot\System32\drivers\tcpipreg.sys
0x04939000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0720C000 \SystemRoot\System32\DRIVERS\srv.sys
0x072A2000 \SystemRoot\System32\drivers\ipnat.sys
0x0734C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x07365000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x07376000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x073A7000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x073B5000 \SystemRoot\system32\DRIVERS\umpass.sys
0x073BF000 \SystemRoot\system32\DRIVERS\monitor.sys
0x77280000 \Windows\System32\ntdll.dll
0x477B0000 \Windows\System32\smss.exe
0xFF5A0000 \Windows\System32\apisetschema.dll
0xFF940000 \Windows\System32\autochk.exe
0xFF480000 \Windows\System32\msctf.dll
0xFF350000 \Windows\System32\wininet.dll
0xFF300000 \Windows\System32\Wldap32.dll
0x77450000 \Windows\System32\normaliz.dll
0xFF2F0000 \Windows\System32\nsi.dll
0xFF280000 \Windows\System32\gdi32.dll
0x77180000 \Windows\System32\user32.dll
0x77060000 \Windows\System32\kernel32.dll
0xFF100000 \Windows\System32\urlmon.dll
0xFEEF0000 \Windows\System32\ole32.dll
0xFEEC0000 \Windows\System32\imm32.dll
0xFEEB0000 \Windows\System32\lpk.dll
0xFEE10000 \Windows\System32\comdlg32.dll
0xFED30000 \Windows\System32\oleaut32.dll
0xFECE0000 \Windows\System32\ws2_32.dll
0xFEB00000 \Windows\System32\setupapi.dll
0xFEA20000 \Windows\System32\advapi32.dll
0xFE980000 \Windows\System32\clbcatq.dll
0xFE900000 \Windows\System32\shlwapi.dll
0xFE830000 \Windows\System32\usp10.dll
0xFE810000 \Windows\System32\imagehlp.dll
0xFE6E0000 \Windows\System32\rpcrt4.dll
0xFE660000 \Windows\System32\difxapi.dll
0x77440000 \Windows\System32\psapi.dll
0xFD8D0000 \Windows\System32\shell32.dll
0xFD8B0000 \Windows\System32\sechost.dll
0xFD810000 \Windows\System32\msvcrt.dll
0xFD5B0000 \Windows\System32\iertutil.dll
0xFD540000 \Windows\System32\KernelBase.dll
0xFD520000 \Windows\System32\devobj.dll
0xFD4E0000 \Windows\System32\cfgmgr32.dll
0xFD4A0000 \Windows\System32\wintrust.dll
0xFD330000 \Windows\System32\crypt32.dll
0xFD290000 \Windows\System32\comctl32.dll
0xFD280000 \Windows\System32\msasn1.dll
0x753F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 78):
0 System Idle Process
4 System
388 C:\Windows\System32\smss.exe
544 csrss.exe
604 C:\Windows\System32\wininit.exe
620 csrss.exe
652 C:\Windows\System32\services.exe
668 C:\Windows\System32\lsass.exe
676 C:\Windows\System32\lsm.exe
792 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\nvvsvc.exe
896 C:\Windows\System32\svchost.exe
948 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
112 C:\Windows\System32\svchost.exe
564 C:\Windows\System32\svchost.exe
672 C:\Windows\System32\svchost.exe
432 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\stacsv64.exe
1160 C:\Windows\System32\winlogon.exe
1292 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\spoolsv.exe
1644 C:\Windows\System32\nvvsvc.exe
1660 C:\Windows\System32\svchost.exe
1720 C:\Windows\System32\svchost.exe
1796 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1832 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_44a8c6ff8211f2d4\AESTSr64.exe
1864 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1888 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
600 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
1548 C:\Windows\System32\taskhost.exe
1132 C:\Windows\System32\taskeng.exe
2388 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
2432 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2500 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
2612 C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
2880 C:\Windows\explorer.exe
2908 C:\Windows\System32\dwm.exe
2952 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2028 C:\Program Files\DellTPad\Apoint.exe
2380 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
2032 C:\Windows\System32\rundll32.exe
3084 C:\Program Files\IDT\WDM\sttray64.exe
3096 C:\Program Files\DellTPad\ApMsgFwd.exe
3120 C:\Program Files\Microsoft Security Essentials\msseces.exe
3144 C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
3228 C:\Program Files\DellTPad\ApntEx.exe
3288 C:\Program Files\DellTPad\hidfind.exe
3384 C:\Windows\System32\conhost.exe
3600 C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
3732 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3784 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3820 C:\Windows\System32\SearchIndexer.exe
3868 C:\Windows\System32\alg.exe
4084 C:\Windows\System32\svchost.exe
1232 C:\Program Files (x86)\HTC\HTC Sync\Application Launcher\Application Launcher.exe
3592 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
2944 C:\Program Files\iTunesHelper.exe
3308 C:\Program Files\Windows Media Player\wmpnetwk.exe
4228 C:\Program Files (x86)\Orb Networks\Orb\bin\OrbLauncher.exe
4332 C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
4564 C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
4620 C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
4684 C:\Windows\System32\svchost.exe
4884 C:\Program Files (x86)\Orb Networks\Orb\bin\Orb.exe
5056 C:\Program Files (x86)\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
5264 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
5296 C:\Program Files\iPod\bin\iPodService.exe
5404 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
5828 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
5876 C:\Program Files (x86)\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
4076 C:\Program Files (x86)\Java\jre6\bin\jucheck.exe
4952 WUDFHost.exe
1508 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
4916 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1280 C:\Windows\System32\SearchProtocolHost.exe
3744 C:\Windows\System32\SearchFilterHost.exe
5220 C:\Users\Jeff\Downloads\MBRCheck.exe
1212 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST9320421ASG, Rev: SD13

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 08 October 2010 - 05:40 PM

Hello, jmsegnere.

Ok, let's get a scan. I have a hunch what the virus is and MBAM may work.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

Edited by etavares, 08 October 2010 - 05:40 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 08 October 2010 - 07:31 PM

etavares,

Here's the log from MBAM. It didn't find anything.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4782

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10/8/2010 8:10:14 PM
mbam-log-2010-10-08 (20-10-14).txt

Scan type: Quick scan
Objects scanned: 148924
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 09 October 2010 - 05:54 AM

Hello, jmsegnere.

OK, since you're running 64bit our usual tools won't work. Let's run Kapersky. If not, we'll have to manually dig in.

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 12 October 2010 - 08:39 PM

etavares,

Thanks again for your help. Sorry it took me a few days to get back to you!
Here's the Kaspersky log. It did find some things.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, October 12, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, October 11, 2010 18:05:56
Records in database: 4203867
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\

Scan statistics:
Objects scanned: 456783
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 24:41:43


File name / Threat / Threats count
C:\Users\Jeff\AppData\Roaming\Thunderbird\Profiles\ggeaj4ci.default\ImapMail\imap.tufts.edu\INBOX Infected: Trojan-Downloader.Win32.Genome.akdc 2
C:\Users\Jeff\AppData\Roaming\Thunderbird\Profiles\ggeaj4ci.default\ImapMail\imap.tufts.edu\INBOX Infected: Packed.Win32.Krap.x 2
C:\Users\Jeff\AppData\Roaming\Thunderbird\Profiles\ggeaj4ci.default\ImapMail\imap.tufts.edu\INBOX Infected: Trojan.Win32.Patcher.eh 1
C:\Users\Jeff\Downloads\Magic DVD Ripper 5.2.1 Build 6(NEW-with serial key)\Magic DVD Ripper 5.2.1 Build 6.rar Infected: Trojan.Win32.Cosmu.mjj 1

Selected area has been scanned.

Edited by jmsegnere, 12 October 2010 - 08:50 PM.


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 13 October 2010 - 05:17 PM

Hello, jmsegnere.
OK, let's run TDSSKiller and it should find something with your redirects. If not, I'll have several followup questions.

Kapersky was fairly clean. You have 3-5 emails with viruses in them in your inbox. Be careful...we can't remove individual emails. Only open attachments you were expecting from people you know.

With this one, use your judgement. It appears to be a torrent download. Torrents or peer-to-peer file sharing is one of the most common vectors of infection. You can delete this manually if you don't trust it. Please dont' run, unzip or install it until we are done if you choose to keep it.
C:\Users\Jeff\Downloads\Magic DVD Ripper 5.2.1 Build 6(NEW-with serial key)\Magic DVD Ripper 5.2.1 Build 6.rar Infected: Trojan.Win32.Cosmu.mjj 1



Step 1
  1. Download TDSSKiller.exe and save it to your desktop.
  2. Double-click TDSSKiller.exe to run it.
  3. Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  4. Click Start scan and allow it to scan for Malicious objects.
  5. If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  6. If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  7. It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  8. A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  9. If no reboot is required, click on Report. A log file should appear.
  10. Please post the contents of the logfile in your next reply



Step 2

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\userinit.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 13 October 2010 - 07:48 PM

etavares,

Here's the results of the TDSS Scan - nothing was found.

Also, I followed the instructions to show hidden files and ran the jotti scan. Nothing was found on all 19 scanners.

-Jeff

2010/10/13 20:34:42.0171 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/13 20:34:42.0171 ================================================================================
2010/10/13 20:34:42.0171 SystemInfo:
2010/10/13 20:34:42.0171
2010/10/13 20:34:42.0171 OS Version: 6.1.7600 ServicePack: 0.0
2010/10/13 20:34:42.0171 Product type: Workstation
2010/10/13 20:34:42.0171 ComputerName: E6500
2010/10/13 20:34:42.0172 UserName: Jeff
2010/10/13 20:34:42.0172 Windows directory: C:\Windows
2010/10/13 20:34:42.0172 System windows directory: C:\Windows
2010/10/13 20:34:42.0172 Running under WOW64
2010/10/13 20:34:42.0172 Processor architecture: Intel x64
2010/10/13 20:34:42.0172 Number of processors: 2
2010/10/13 20:34:42.0172 Page size: 0x1000
2010/10/13 20:34:42.0172 Boot type: Normal boot
2010/10/13 20:34:42.0172 ================================================================================
2010/10/13 20:34:42.0172 Utility is running under WOW64
2010/10/13 20:34:42.0466 Initialize success
2010/10/13 20:34:53.0108 ================================================================================
2010/10/13 20:34:53.0108 Scan started
2010/10/13 20:34:53.0109 Mode: Manual;
2010/10/13 20:34:53.0109 ================================================================================
2010/10/13 20:34:53.0642 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2010/10/13 20:34:53.0692 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2010/10/13 20:34:53.0746 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2010/10/13 20:34:53.0829 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
2010/10/13 20:34:53.0883 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2010/10/13 20:34:53.0946 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2010/10/13 20:34:53.0982 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2010/10/13 20:34:54.0044 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2010/10/13 20:34:54.0083 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2010/10/13 20:34:54.0159 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2010/10/13 20:34:54.0174 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2010/10/13 20:34:54.0205 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2010/10/13 20:34:54.0235 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2010/10/13 20:34:54.0283 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2010/10/13 20:34:54.0313 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2010/10/13 20:34:54.0362 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2010/10/13 20:34:54.0446 ApfiltrService (8c85c812569df851e7a2159147323dfa) C:\Windows\system32\DRIVERS\Apfiltr.sys
2010/10/13 20:34:54.0496 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2010/10/13 20:34:54.0538 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2010/10/13 20:34:54.0568 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2010/10/13 20:34:54.0673 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/10/13 20:34:54.0707 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2010/10/13 20:34:54.0797 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2010/10/13 20:34:54.0834 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2010/10/13 20:34:54.0880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2010/10/13 20:34:54.0917 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2010/10/13 20:34:54.0943 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2010/10/13 20:34:54.0964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2010/10/13 20:34:54.0988 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2010/10/13 20:34:55.0011 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2010/10/13 20:34:55.0036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2010/10/13 20:34:55.0056 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2010/10/13 20:34:55.0072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2010/10/13 20:34:55.0123 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/10/13 20:34:55.0163 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2010/10/13 20:34:55.0191 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2010/10/13 20:34:55.0221 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2010/10/13 20:34:55.0296 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2010/10/13 20:34:55.0375 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/10/13 20:34:55.0397 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2010/10/13 20:34:55.0432 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2010/10/13 20:34:55.0466 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2010/10/13 20:34:55.0524 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2010/10/13 20:34:55.0556 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2010/10/13 20:34:55.0602 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2010/10/13 20:34:55.0642 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2010/10/13 20:34:55.0670 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2010/10/13 20:34:55.0780 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2010/10/13 20:34:55.0832 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2010/10/13 20:34:55.0945 e1yexpress (0b62741aaff6cba12132d9614abb7fdd) C:\Windows\system32\DRIVERS\e1y60x64.sys
2010/10/13 20:34:56.0075 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2010/10/13 20:34:56.0260 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2010/10/13 20:34:56.0300 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2010/10/13 20:34:56.0340 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2010/10/13 20:34:56.0395 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2010/10/13 20:34:56.0432 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2010/10/13 20:34:56.0465 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2010/10/13 20:34:56.0504 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2010/10/13 20:34:56.0529 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2010/10/13 20:34:56.0564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/10/13 20:34:56.0596 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2010/10/13 20:34:56.0625 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2010/10/13 20:34:56.0649 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2010/10/13 20:34:56.0726 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2010/10/13 20:34:56.0789 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2010/10/13 20:34:56.0853 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2010/10/13 20:34:56.0896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2010/10/13 20:34:56.0935 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/10/13 20:34:56.0958 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2010/10/13 20:34:56.0991 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2010/10/13 20:34:57.0020 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2010/10/13 20:34:57.0090 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2010/10/13 20:34:57.0137 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2010/10/13 20:34:57.0188 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2010/10/13 20:34:57.0224 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2010/10/13 20:34:57.0259 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2010/10/13 20:34:57.0285 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/10/13 20:34:57.0429 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
2010/10/13 20:34:57.0502 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2010/10/13 20:34:57.0590 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2010/10/13 20:34:57.0647 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2010/10/13 20:34:57.0753 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2010/10/13 20:34:57.0866 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/10/13 20:34:57.0937 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2010/10/13 20:34:58.0002 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2010/10/13 20:34:58.0052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2010/10/13 20:34:58.0086 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2010/10/13 20:34:58.0216 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/10/13 20:34:58.0291 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/10/13 20:34:58.0328 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/10/13 20:34:58.0363 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2010/10/13 20:34:58.0427 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2010/10/13 20:34:58.0449 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2010/10/13 20:34:58.0486 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2010/10/13 20:34:58.0529 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2010/10/13 20:34:58.0558 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2010/10/13 20:34:58.0575 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2010/10/13 20:34:58.0634 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2010/10/13 20:34:58.0735 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2010/10/13 20:34:58.0775 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2010/10/13 20:34:58.0815 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2010/10/13 20:34:58.0854 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2010/10/13 20:34:58.0890 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2010/10/13 20:34:58.0911 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2010/10/13 20:34:58.0937 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2010/10/13 20:34:58.0960 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2010/10/13 20:34:59.0046 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2010/10/13 20:34:59.0079 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2010/10/13 20:34:59.0151 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2010/10/13 20:34:59.0170 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2010/10/13 20:34:59.0235 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2010/10/13 20:34:59.0304 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/10/13 20:34:59.0335 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/10/13 20:34:59.0360 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/10/13 20:34:59.0385 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2010/10/13 20:34:59.0402 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2010/10/13 20:34:59.0443 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2010/10/13 20:34:59.0474 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2010/10/13 20:34:59.0493 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2010/10/13 20:34:59.0538 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2010/10/13 20:34:59.0626 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/10/13 20:34:59.0644 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2010/10/13 20:34:59.0673 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2010/10/13 20:34:59.0703 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/10/13 20:34:59.0732 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2010/10/13 20:34:59.0756 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2010/10/13 20:34:59.0782 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2010/10/13 20:34:59.0865 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2010/10/13 20:34:59.0961 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2010/10/13 20:35:00.0005 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2010/10/13 20:35:00.0047 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/10/13 20:35:00.0089 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/10/13 20:35:00.0201 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/10/13 20:35:00.0227 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2010/10/13 20:35:00.0250 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2010/10/13 20:35:00.0280 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2010/10/13 20:35:00.0471 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
2010/10/13 20:35:00.0609 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2010/10/13 20:35:00.0695 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2010/10/13 20:35:00.0723 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2010/10/13 20:35:00.0778 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2010/10/13 20:35:00.0846 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2010/10/13 20:35:01.0092 nvlddmkm (1ddbd3ea0967f135086aad9e4aed9af1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2010/10/13 20:35:01.0354 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2010/10/13 20:35:01.0374 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2010/10/13 20:35:01.0424 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2010/10/13 20:35:01.0487 OA001Ufd (404b0121ae1a75d9a63b6934eb07c258) C:\Windows\system32\DRIVERS\OA001Ufd.sys
2010/10/13 20:35:01.0519 OA001Vid (4b69d156db42b26425ab3b172fa50d92) C:\Windows\system32\DRIVERS\OA001Vid.sys
2010/10/13 20:35:01.0560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/10/13 20:35:01.0599 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2010/10/13 20:35:01.0630 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2010/10/13 20:35:01.0657 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2010/10/13 20:35:01.0684 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2010/10/13 20:35:01.0712 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2010/10/13 20:35:01.0737 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2010/10/13 20:35:01.0767 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2010/10/13 20:35:01.0871 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2010/10/13 20:35:01.0901 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2010/10/13 20:35:01.0944 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2010/10/13 20:35:02.0005 PxHlpa64 (901dba98359966a62a6548596988e931) C:\Windows\system32\Drivers\PxHlpa64.sys
2010/10/13 20:35:02.0061 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2010/10/13 20:35:02.0174 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2010/10/13 20:35:02.0207 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2010/10/13 20:35:02.0234 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2010/10/13 20:35:02.0300 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2010/10/13 20:35:02.0326 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/10/13 20:35:02.0356 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/10/13 20:35:02.0384 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2010/10/13 20:35:02.0409 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2010/10/13 20:35:02.0444 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2010/10/13 20:35:02.0470 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/10/13 20:35:02.0512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2010/10/13 20:35:02.0530 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2010/10/13 20:35:02.0560 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2010/10/13 20:35:02.0600 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2010/10/13 20:35:02.0688 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
2010/10/13 20:35:02.0767 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
2010/10/13 20:35:02.0801 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2010/10/13 20:35:02.0831 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2010/10/13 20:35:02.0860 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2010/10/13 20:35:02.0940 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
2010/10/13 20:35:02.0976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2010/10/13 20:35:03.0017 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2010/10/13 20:35:03.0041 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2010/10/13 20:35:03.0072 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2010/10/13 20:35:03.0112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/10/13 20:35:03.0134 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2010/10/13 20:35:03.0161 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/10/13 20:35:03.0189 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/10/13 20:35:03.0214 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2010/10/13 20:35:03.0244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2010/10/13 20:35:03.0262 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2010/10/13 20:35:03.0342 snapman (8ac15211eb4bf019aab0022781cc8ad0) C:\Windows\system32\DRIVERS\snapman.sys
2010/10/13 20:35:03.0370 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2010/10/13 20:35:03.0471 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
2010/10/13 20:35:03.0565 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\Windows\system32\DRIVERS\srv.sys
2010/10/13 20:35:03.0604 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\Windows\system32\DRIVERS\srv2.sys
2010/10/13 20:35:03.0673 srvnet (fbd09635227a8026c0f7790f604343c6) C:\Windows\system32\DRIVERS\srvnet.sys
2010/10/13 20:35:03.0737 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2010/10/13 20:35:03.0819 STHDA (eb059bc699e6c766857a71087594bcd7) C:\Windows\system32\DRIVERS\stwrt64.sys
2010/10/13 20:35:03.0849 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2010/10/13 20:35:03.0975 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2010/10/13 20:35:04.0067 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/10/13 20:35:04.0102 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2010/10/13 20:35:04.0142 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2010/10/13 20:35:04.0211 tdrpman (ac1fc18d04b92bac16cbd85de2a08a0b) C:\Windows\system32\DRIVERS\tdrpman.sys
2010/10/13 20:35:04.0246 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2010/10/13 20:35:04.0274 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2010/10/13 20:35:04.0300 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2010/10/13 20:35:04.0335 tifsfilter (3e24b7fe52bc455da8d6e2cc2b4ca23f) C:\Windows\system32\DRIVERS\tifsfilt.sys
2010/10/13 20:35:04.0366 timounter (ec4fd4d147985a97e881729e808e6f34) C:\Windows\system32\DRIVERS\timntr.sys
2010/10/13 20:35:04.0434 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/10/13 20:35:04.0474 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2010/10/13 20:35:04.0504 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2010/10/13 20:35:04.0564 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2010/10/13 20:35:04.0620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2010/10/13 20:35:04.0646 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2010/10/13 20:35:04.0687 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2010/10/13 20:35:04.0735 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2010/10/13 20:35:04.0761 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/10/13 20:35:04.0779 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2010/10/13 20:35:04.0847 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2010/10/13 20:35:04.0878 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2010/10/13 20:35:04.0914 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2010/10/13 20:35:04.0951 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2010/10/13 20:35:04.0993 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2010/10/13 20:35:05.0024 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/10/13 20:35:05.0050 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/10/13 20:35:05.0088 VClone (c5e70c4e64666db9d69c9f2fdae22428) C:\Windows\system32\DRIVERS\VClone.sys
2010/10/13 20:35:05.0114 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2010/10/13 20:35:05.0173 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/10/13 20:35:05.0235 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2010/10/13 20:35:05.0266 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2010/10/13 20:35:05.0295 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2010/10/13 20:35:05.0323 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2010/10/13 20:35:05.0357 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2010/10/13 20:35:05.0390 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2010/10/13 20:35:05.0428 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2010/10/13 20:35:05.0484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2010/10/13 20:35:05.0565 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2010/10/13 20:35:05.0594 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/13 20:35:05.0611 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2010/10/13 20:35:05.0664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2010/10/13 20:35:05.0700 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2010/10/13 20:35:05.0765 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2010/10/13 20:35:05.0793 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2010/10/13 20:35:05.0895 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2010/10/13 20:35:05.0937 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2010/10/13 20:35:05.0977 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2010/10/13 20:35:06.0063 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2010/10/13 20:35:06.0091 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/10/13 20:35:06.0168 ================================================================================
2010/10/13 20:35:06.0168 Scan finished
2010/10/13 20:35:06.0168 ================================================================================




#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 14 October 2010 - 05:26 PM

OK, in that case, time for troubleshooting.
  1. Do you have a modem and a router or is it a combination router/modem? (e.g. are there one or two boxes between the wall and your computer?)
  2. Do you have other computers sharing this internet connection? Do you get redirected with them too?
  3. Are you redirected with Internet Explorer, another browser, or all of them?]

EDIT: close BBCode tag

Edited by etavares, 14 October 2010 - 05:26 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 14 October 2010 - 06:34 PM

Hello,

I have a separate modem and router.
I am the only computer on the network, but I could try another laptop if it would help.
I usually use Firefox. Just tried a few searches in IE8, and couldn't get one to redirect. The same searches in Firefox do redirect to other sites.

Thanks,

-Jeff

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:33 PM

Posted 15 October 2010 - 06:44 PM

Hello, jmsegnere.

Just Firefox? That changes things.

Please read and follow all these instructions very carefully.
  1. Please download GooredFix and save it to your Desktop.
  2. Double-click GooredFix.exe to run it.
  3. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 jmsegnere

jmsegnere
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 17 October 2010 - 05:24 PM

etavares,

Here's the log. Things seem to be fixed!! Thanks so much for your help and I apologize if I lead you down the wrong path for a while. Is there anything I can do to prevent this from happening in the future?

Take care,

-Jeff

GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:22 on 17/10/2010 (Jeff)
Firefox version 3.6.10 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{FADDE3C1-C780-46DE-9F7E-F6DE4D77DE40} -> Success!
Deleting C:\Users\Jeff\AppData\Local\{FADDE3C1-C780-46DE-9F7E-F6DE4D77DE40} -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [12:34 19/02/2010]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [23:21 25/09/2009]

C:\Users\Jeff\Application Data\Mozilla\Firefox\Profiles\f2y28gd1.default\extensions\
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [12:10 14/12/2009]

C:\Users\Jeff\Application Data\Mozilla\Firefox\Profiles\ylrz4whk.default\extensions\
activegs@freetoolsassociation.com [02:48 07/10/2010]
{20a82645-c095-46ed-80e3-08825760534b} [19:04 07/05/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [11:25 19/03/2009]

-=E.O.F=-




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users