Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects, Windows Security Alert


  • This topic is locked This topic is locked
2 replies to this topic

#1 jbonna

jbonna

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 29 November 2010 - 01:08 AM

Hello! I have been having problems with malware recently and have not been able to remove it with Trend micro, Ad-Aware or Spybot, and I'm at my wits end.

The redirects can occur any time I click a link but its usually after I use a link from a search engine.

One of the more distinctive redirects is a fake Windows Explorer window titled Windows Security, which performs a fake scan on my system and reports various false infections.

Any help would be greatly appreciated.

Jbonna


DDS (Ver_10-11-27.01) - NTFS_AMD64
Run by Adam at 16:30:30.47 on Mon 11/29/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.2168 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Adam\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Users\Adam\AppData\Roaming\Microsoft\svchost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Users\Adam\AppData\Local\Temp\dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Windows\vsnp2std.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\tsnp2std.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\temp\remove.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Adam\Desktop\wowguide\dds.scr
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bigpond.com/
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - C:\Program Files (x86)\Celebrity Toolbar\tbhelper.dll
mWinlogon: Userinit=userinit.exe
uWinlogon: Shell=explorer.exe,C:\Users\Adam\AppData\Roaming\Microsoft\Windows\shell.exe
uWindows: Load=C:\Users\Adam\AppData\Local\Temp\dwm.exe
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: CMySite Class: {d62ec836-bf1e-4cac-81be-fb9179835d8e} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - C:\Program Files (x86)\Celebrity Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [<NO NAME>]
uRun: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
uRun:

[?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

?????????????????????????????????????????????????????????????????????????????????????????????????????????????5??????????????????????????????????????????

4??????????????????????8???]

C:\Users\Adam\AppData\Local\Temp\?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

5??????????????????????????????????????????4??????????????????????8???
uRun: [svchost] C:\Users\Adam\AppData\Roaming\Microsoft\svchost.exe
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [tsnp2std] C:\Windows\tsnp2std.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
mRun: [svchost] C:\Users\Adam\AppData\Roaming\Microsoft\svchost.exe
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download with GetRight - C:\Program Files (x86)\GetRight\GRdownload.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: Open with GetRight Browser - C:\Program Files (x86)\GetRight\GRbrowse.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
TCP: {BB64BC49-E7BE-42BD-98B3-4F0698284707} = 61.9.133.193,61.9.211.33
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: mhtb - {669A2A3A-F19C-452D-800D-1240299756C1} - C:\Program Files (x86)\Celebrity Toolbar\mhxpcomi.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
mRun-x64: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
mRun-x64: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
mRun-x64: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [snp2std] C:\Windows\vsnp2std.exe
mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\4z5a9nq6.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://search.myheritage.com/
FF - prefs.js: keyword.URL - hxxp://search.myheritage.com/?orig=ds&q=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows

Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2010-11-27 69152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1375992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2009-7-14 239648]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2009-3-4 158744]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2009-3-4 706584]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2009-3-4 680984]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 17440]
R3 LVUVC64;Logitech Webcam 200(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S2 gupdate1ca017e8da70200;Google Update Service (gupdate1ca017e8da70200);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-7-11 133104]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2009-3-4 158744]
S3 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2009-7-29 19432]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs

Shared\Service\AL6Licensing.exe [2009-7-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs

Shared\Service\CTAELicensing.exe [2009-7-10 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2009-3-4 706584]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2009-3-4 141848]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2009-3-4 141848]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2009-3-4 680984]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-11-6 25832]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\System32\drivers\ccdcmbox64.sys [2010-2-26 25088]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2010-2-26 12288]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2010-2-26 173056]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\System32\drivers\ccdcmbx64.sys [2010-2-26 19456]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24\RivaTuner64.sys [2009-2-26 19952]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2009-10-16 50176]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-10 93184]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-28 08:56:43 -------- d-----w- C:\Users\Adam\AppData\Local\Trend Micro
2010-11-28 08:33:03 761 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin
2010-11-28 08:33:03 761 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin
2010-11-28 08:27:58 -------- d-----w- C:\PROGRA~3\Trend Micro
2010-11-28 08:27:12 -------- d-----w- C:\Program Files\Trend Micro
2010-11-28 02:06:21 15880 ----a-w- C:\Windows\System32\lsdelete.exe
2010-11-27 14:57:57 153 ----a-w- C:\Users\Adam\AppData\Roaming\Microsoft\gb_69576.bat
2010-11-27 08:55:34 69152 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2010-11-27 08:55:33 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2010-11-27 08:53:54 -------- d-----w- C:\Users\Adam\AppData\Local\Sunbelt Software
2010-11-27 08:53:33 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-27 08:53:03 -------- d-----w- C:\Program Files (x86)\Lavasoft
2010-11-27 08:50:17 133432520 ----a-w- C:\Users\Adam\Ad-AwareInstall.exe
2010-11-26 14:07:36 120832 ----a-w- C:\Users\Adam\AppData\Roaming\Microsoft\svchost.exe
2010-11-26 13:08:31 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{32872513-7ECB-4958-B37E-9FDF5B7BFD94}\mpengine.dll
2010-11-24 22:27:16 133632 ----a-w- C:\Users\Adam\AppData\Roaming\Microsoft\Windows\shell.exe
2010-11-24 06:52:34 -------- d-----w- C:\e05d2ec3b574de34f7
2010-11-24 06:05:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-24 06:05:38 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2010-11-23 21:26:54 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-23 21:26:54 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-11 10:30:28 -------- d-sh--w- C:\Users\Adam\Phone Browser
2010-11-10 08:48:57 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 08:48:57 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-11-08 15:59:57 75264 ----a-w- C:\Windows\System32\WUDFSvc.dll
2010-11-08 15:59:57 681472 ----a-w- C:\Windows\System32\WUDFx.dll
2010-11-08 15:59:57 44544 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2010-11-08 15:59:57 226816 ----a-w- C:\Windows\System32\WUDFHost.exe
2010-11-08 15:59:57 182784 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2010-11-08 15:59:57 172544 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2010-11-08 15:59:57 112128 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2010-11-02 09:16:01 654928 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2010-11-02 09:16:01 42064 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2010-11-02 09:16:01 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2010-10-31 06:26:40 -------- d-----w- C:\Program Files\Ventrilo

==================== Find3M ====================

2010-10-18 23:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-20 12:14:32 316416 ----a-w- C:\Windows\System32\msshsq.dll
2010-09-20 09:25:01 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2010-09-10 16:37:06 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-10 15:52:05 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-06 16:24:40 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:23:14 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:59:19 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 15:59:19 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 15:57:48 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 13:44:39 461824 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 13:44:17 144896 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-06 13:44:14 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-31 15:41:42 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 15:21:34 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 13:18:42 2751488 ----a-w- C:\Windows\System32\win32k.sys

============= FINISH: 16:31:01.61 ===============

BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:33 PM

Posted 05 December 2010 - 07:23 AM

Hi jbonna, and welcome to Bleeping Computer.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:07:33 PM

Posted 17 December 2010 - 09:15 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, just send me a PM (Send message from my profile) with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users