Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet explorer gets redirected


  • This topic is locked This topic is locked
2 replies to this topic

#1 blue_jack

blue_jack

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:34 PM

Posted 24 November 2010 - 04:18 PM

My browser keeps getting redirected to search sites. I downloaded TDSKiller ran it and it finds the malicious object Rootkit.Win32.tdss.tdl4 Name \hardDisk0 I reboot and everything is fixed. Then after a few searches on google I get the same thing again. And I am not always going to same site so it leads me to believe I am not really getting rid of this?

Also ran
GooredFix
SuperAntiSpyware
Malwarebytes
Avira AntiVir



Here is dds log


DDS (Ver_10-11-10.01) - NTFSx86
Run by Chad.Surles at 15:09:42.45 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.1497 [GMT -6:00]

AV: Trend Micro OfficeScan Antivirus *On-access scanning enabled* (Updated) {84E37C74-2F95-4F31-9C98-3B4A98F1339E}
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r255264\payload\wdm\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Dell\Reader 2.0\DVMExportService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
c:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\TEMP\XA9717.EXE
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\Dell\Reader 2.0\DellBtrEvent.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Red Gate\SQL Prompt 3\Redgate.SQLPrompt.TrayApp.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\PROGRA~1\MI1933~1\Office12\OUTLOOK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\chad.surles\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\System32\mshta.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Chad\Spyware\TDSSKiller.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Chad\Spyware\Defogger.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Chad\Spyware\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.bing.com/sphome.aspx
uStart Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.bing.com/sphome.aspx
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mi1933~1\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\7.0.517.44\npchrome_frame.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\chad.surles\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [IAStorIcon] c:\program files\intel\intel® rapid storage technology\IAStorIcon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [DellBtrEvent] d:\program files\dell\reader 2.0\DellBtrEvent.exe
mRun: [MsmqIntCert] regsvr32 /s mqrt.dll
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\officescan client\pccntmon.exe" -HideWindow
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sqlpro~1.lnk - c:\program files\red gate\sql prompt 3\Redgate.SQLPrompt.TrayApp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{871df2be-41d2-4334-ac33-839af16fc8fe}\Icon3E5562ED7.ico
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
IE: Edit with X&ML Spy - c:\program files\altova\xmlspy2004\spy.htm
IE: {2222EF56-F49E-4d07-A14E-8D2B08766958} - c:\program files\altova\xmlspy2004\spy.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://loyaltylab.webex.com/client/T27LB/webex/ieatgpc.cab
TCP: {1125D8F8-3546-4318-8E4B-F40978623D39} = 10.3.3.101,10.3.3.102
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\7.0.517.44\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chad~1.sur\applic~1\mozilla\firefox\profiles\ernuofrg.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\chad.surles\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\chad.surles\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\chad.surles\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\mi1933~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-5-22 17072]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-11-10 11608]
R1 DVMIO;DVMIO;d:\program files\dell\reader 2.0\dvmio.sys [2009-7-10 16984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-11-10 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-11-10 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-11-10 60936]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 376608]
R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\dell\reader 2.0\DVMExportService.exe [2009-8-3 327680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\intel\intel® rapid storage technology\IAStorDataMgrSvc.exe [2010-5-22 13336]
R2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-5-22 60928]
R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2009-5-27 202584]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\mssql.3\reporting services\reportserver\bin\ReportingServicesService.exe [2009-5-27 13672]
R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-5-22 59392]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\officescan client\tmxpflt.sys [2009-12-4 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\officescan client\tmpreflt.sys [2009-12-4 36368]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-5-22 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-5-22 113664]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-5-22 33832]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-5-22 167080]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-5-22 125696]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2010-5-22 58600]
R3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-8 136176]
S3 InStorecard AwardEngine Service;InStorecard AwardEngine Service;c:\p4\loyaltysystem\development\instorecard\service\awardengineservice\bin\debug\AwardEngineService.exe [2010-6-9 20480]
S3 InStorecard Bulk File Import DSM 2.0;InStorecard Bulk File Import DSM 2.0;c:\p4\loyaltysystem\development\instorecard\service\bulkfileimportpipelineservice\bin\debug\BulkFileImportPipelineService.exe [2010-6-9 20480]
S3 InStorecard DirectoryListenerService;InStorecard DirectoryListenerService;c:\p4\loyaltysystem\development\instorecard\service\directorylistenerservice\bin\debug\DirectoryListenerService.exe [2010-6-9 16384]
S3 InStorecard DSM 2.0;InStorecard DSM 2.0;c:\p4\loyaltysystem\development\instorecard\service\pipelineservice\bin\debug\PipelineService.exe [2010-6-9 20480]
S3 InStorecard Email Extract Service;InStorecard Email Extract Service;c:\p4\loyaltysystem\development\instorecard\service\emailextractservice\bin\debug\EmailExtractService.exe [2010-6-9 24576]
S3 InStorecard OfferEngine Service;InStorecard OfferEngine Service;c:\p4\loyaltysystem\development\instorecard\service\offerengineservice\bin\debug\OfferEngineService.exe [2010-6-9 24576]
S3 InStorecard RealTime AwardProcessor;InStorecard RealTime AwardProcessor;c:\p4\loyaltysystem\development\instorecard\service\realtimeawardprocessor\bin\debug\RealTimeAwardProcessor.exe [2010-6-9 20480]
S3 InStorecard RealTime DatabaseWriter;InStorecard RealTime DatabaseWriter;c:\p4\loyaltysystem\development\instorecard\service\realtimedatabasewriter\bin\debug\RealTimeDatabaseWriter.exe [2010-6-9 20480]
S3 InStorecard RealTime ShopperLookup;InStorecard RealTime ShopperLookup;c:\p4\loyaltysystem\development\instorecard\service\realtimeshopperlookup\bin\debug\RealTimeShopperLookup.exe [2010-6-9 20480]
S3 InStorecard RSS;InStorecard RSS;c:\p4\loyaltysystem\development\instorecard\service\rssservice\bin\debug\RSSService.exe [2010-6-9 20480]
S3 InStorecard SMTP Email;InStorecard SMTP Email;c:\p4\loyaltysystem\development\instorecard\service\smtpemailservice\bin\debug\SmtpEmailService.exe [2010-6-9 20480]
S3 InStorecard ViewClick Log;InStorecard ViewClick Log;c:\p4\loyaltysystem\development\instorecard\service\viewclicklogservice\bin\debug\ViewClickLogService.exe [2010-6-9 32768]
S3 Loyalty Lab AD Integration Service;Loyalty Lab AD Integration Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.adintegration.service\bin\debug\LoyaltyLab.ADIntegration.Service.exe [2010-6-9 6656]
S3 Loyalty Lab Asynchronous Realtime Shopper Scoring Service;Loyalty Lab Asynchronous Realtime Shopper Scoring Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.asyncrealtimeshopperscoringservice\bin\debug\LoyaltyLab.AsyncRealtimeShopperScoringService.exe [2010-6-9 20480]
S3 Loyalty Lab Bulk Realtime Shopper Scoring Service;Loyalty Lab Bulk Realtime Shopper Scoring Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.bulkrealtimeshopperscoringservice\bin\debug\LoyaltyLab.BulkRealtimeShopperScoringService.exe [2010-6-9 20480]
S3 Loyalty Lab Copy Eligibility Scores to Mart Service;Loyalty Lab Copy Eligibility Scores to Mart Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.copyeligibilityscorestomartservice\bin\debug\LoyaltyLab.CopyEligibilityScoresToMartService.exe [2010-6-9 7680]
S3 Loyalty Lab Copy Shopper Scores To Ops Service;Loyalty Lab Copy Shopper Scores To Ops Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.copyshopperscorestoopsservice\bin\debug\LoyaltyLab.CopyShopperScoresToOpsService.exe [2010-6-9 20480]
S3 Loyalty Lab EventProcessor Queue Listener Service;Loyalty Lab EventProcessor Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.eventprocessor.service\bin\debug\LoyaltyLab.EventProcessor.Service.exe [2010-6-9 20480]
S3 Loyalty Lab FTP Transmission Processor;Loyalty Lab FTP Transmission Processor;c:\p4\loyaltysystem\development\instorecard\service\ftptransmissionprocessor\bin\debug\FTPTransmissionProcessor.exe [2010-6-9 10240]
S3 Loyalty Lab List Import From Profile Service;Loyalty Lab List Import From Profile Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.listimportfromprofile.listimportfromprofileservice\bin\debug\LoyaltyLab.ListImportFromProfile.ListImportFromProfileService.exe [2010-6-9 20480]
S3 Loyalty Lab Logging Queue Listener Service;Loyalty Lab Logging Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.eventprocessor.loggingservice\bin\debug\LoyaltyLab.EventProcessor.LoggingService.exe [2010-6-9 24576]
S3 Loyalty Lab RewardItem Inventory Import Service;Loyalty Lab RewardItem Inventory Import Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.rewarditeminventoryimport.service\bin\debug\LoyaltyLab.RewardItemInventoryImport.Service.exe [2010-6-9 20480]
S3 Loyalty Lab RewardProduct Image Import Remote Service;Loyalty Lab RewardProduct Image Import Remote Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.rewardproductimageimport.remoteservice\bin\debug\LoyaltyLab.RewardProductImageImport.RemoteService.exe [2010-6-9 10752]
S3 Loyalty Lab RewardProduct Image Import Service;Loyalty Lab RewardProduct Image Import Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.rewardproductimageimport.service\bin\debug\LoyaltyLab.RewardProductImageImport.Service.exe [2010-6-9 7168]
S3 Loyalty Lab Send External Registration Email Service;Loyalty Lab Send External Registration Email Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.sendexternalregistrationemailservice\bin\debug\LoyaltyLab.SendExternalRegistrationEmailService.exe [2010-6-9 7680]
S3 Loyalty Lab Send Triggered Message Communication Service;Loyalty Lab Send Triggered Message Communication Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.sendtriggeredmessagecommunicationservice\bin\debug\LoyaltyLab.SendTriggeredMessageCommunicationService.exe [2010-6-9 7680]
S3 Loyalty Lab Triggered Message Service;Loyalty Lab Triggered Message Service;c:\p4\loyaltysystem\development\instorecard\service\eventprocessor\loyaltylab.triggeredmessages.triggeredmessageservice\bin\debug\LoyaltyLab.TriggeredMessages.TriggeredMessageService.exe [2010-6-9 20480]
S3 LoyaltyLab Email Build Service;LoyaltyLab Email Build Service;c:\p4\loyaltysystem\development\instorecard\service\emailbuildservice\bin\debug\EmailBuildService.exe [2010-6-9 20480]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-27 38224]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808]

=============== Created Last 30 ================

2010-11-24 21:02:07 -------- d-----w- c:\docume~1\chad~1.sur\applic~1\webex
2010-11-17 19:52:35 -------- d-----w- c:\docume~1\chad~1.sur\locals~1\applic~1\Red Gate
2010-11-17 19:52:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Red Gate
2010-11-17 19:52:14 -------- d-----w- c:\program files\Red Gate
2010-11-11 15:22:51 -------- d-sh--w- c:\documents and settings\chad.surles\IECompatCache
2010-11-11 15:05:17 -------- d-----w- c:\windows\system32\NtmsData
2010-11-11 15:04:52 -------- d-----w- c:\docume~1\chad~1.sur\applic~1\Avira
2010-11-11 04:55:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-11 04:54:59 -------- d-----w- c:\program files\Avira
2010-11-11 04:54:59 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-11-10 20:23:37 -------- d-----w- c:\docume~1\chad~1.sur\applic~1\SUPERAntiSpyware.com
2010-11-10 20:23:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-11-10 20:23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-27 23:22:33 -------- d-----w- c:\docume~1\chad~1.sur\applic~1\Malwarebytes
2010-10-27 23:22:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 23:22:24 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 23:22:24 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-27 23:22:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-27 22:11:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-27 22:11:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:38:48 1861888 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

============= FINISH: 15:12:26.35 ===============

BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:34 PM

Posted 27 November 2010 - 04:33 PM

Hello blue_jack ,

Posted Image

Let's go about this a different way and see if it will stay gone. :thumbup2:

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to bluejack.exe and try again.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:34 PM

Posted 04 December 2010 - 09:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users