Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Redirect Issue


  • This topic is locked This topic is locked
2 replies to this topic

#1 fltwoway

fltwoway

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:52 PM

Posted 12 December 2010 - 11:51 PM

My desktop has a weird browser redirect infection that I cannot locate or define. I normally use Chrome for browsing and did not notice this issue with IE 8 and Fire Fox until recently. The redirects appear to start if I Google node32 online scan or panda online scan and select from the sort but if I paste the address into the address bar, it will go to the sites and allows the scans to run. I tried the Trend Micro Root Tool Kit removal program and it detects issues and stops the problem but the problem reappears after a reboot. Node32 nor Panda online scans detect a problem. I have nod32 installed on this system. I am attaching the cool-fix log file with this post and hope someone can offer a direction.

ComboFix 10-12-11.06 - Roger Martin 12/12/2010 22:08:56.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.1680 [GMT -5:00]
Running from: c:\users\Roger Martin\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\Data
c:\windows\system32\service
c:\windows\system32\service\04112009_TIS17_SfFniAU.log
c:\windows\system32\service\08012010_TIS17_SfFniAU.log
c:\windows\system32\service\08112009_TIS17_SfFniAU.log
c:\windows\system32\service\09052010_TIS17_SfFniAU.log
c:\windows\system32\service\10112009_TIS17_SfFniAU.log
c:\windows\system32\service\11022010_TIS17_SfFniAU.log
c:\windows\system32\service\18052010_TIS17_SfFniAU.log
c:\windows\system32\service\24122009_TIS17_SfFniAU.log
c:\windows\system32\service\25022010_TIS17_SfFniAU.log
c:\windows\system32\service\26032010_TIS17_SfFniAU.log
c:\windows\system32\service\28112009_TIS17_SfFniAU.log
c:\windows\unist.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
.

2010-12-13 03:27 . 2010-12-13 03:27 -------- d-----w- c:\users\postgres\AppData\Local\temp
2010-12-13 03:27 . 2010-12-13 03:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-13 03:27 . 2010-12-13 03:27 -------- d-----w- c:\users\System Account\AppData\Local\temp
2010-12-13 03:27 . 2010-12-13 03:27 -------- d-----w- c:\users\Rogacus\AppData\Local\temp
2010-12-13 03:27 . 2010-12-13 03:27 -------- d-----w- c:\users\QBDataServiceUser17\AppData\Local\temp
2010-12-13 01:47 . 2010-12-13 01:47 -------- d-----w- C:\Windows Home Server Drivers for Restore
2010-12-10 08:15 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A4EDE43E-2F14-4328-878E-2BB09347CB19}\mpengine.dll
2010-11-30 03:38 . 2010-11-30 03:38 64000 --sha-r- c:\users\Roger Martin\AppData\Roaming\msasn1J.dll
2010-11-30 03:13 . 2010-11-30 15:57 -------- d-----w- c:\program files\At-Large Recorder 2
2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-23 23:27 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-20 17:27 . 2009-08-20 07:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-11-16 16:29 . 2010-12-06 19:11 -------- d-----w- c:\users\Roger Martin\AppData\Roaming\CalorieSmart
2010-11-16 16:29 . 2010-12-06 19:14 -------- d-----w- c:\program files\CalorieSmart
2010-11-14 01:00 . 2010-11-14 01:00 -------- d-----w- c:\program files\iPod
2010-11-14 01:00 . 2010-11-14 01:02 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 15:41 . 2009-11-01 01:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-13 16:35 . 2010-10-29 02:52 53248 ----a-r- c:\users\Rogacus\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-10-13 16:35 . 2010-10-13 16:35 53248 ----a-r- c:\users\Roger Martin\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-30 21:25 . 2010-09-30 21:25 30376 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-30 11:18 . 2010-09-30 11:18 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-23 04:47 . 2010-09-23 04:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 04:32 . 2010-09-23 04:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-23 04:21 . 2010-10-21 18:13 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-09-15 08:50 . 2010-06-24 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-09-14 06:22 . 2010-09-14 06:22 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2010-09-14 06:22 . 2004-11-23 02:52 114688 ----a-w- c:\windows\system32\OpenAL32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\users\Roger Martin\AppData\Roaming\mjusbsp\cdloader2.exe" [2010-10-08 50592]
"NEEB"="c:\users\Roger Martin\AppData\Roaming\msasn1J.dll" [2010-11-30 64000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"Creative SB Monitoring Utility"="sbavmon.dll" [2009-05-25 98816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

c:\users\Roger Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
backup=c:\windows\pss\Audible Download Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Database Server Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Database Server Manager.lnk
backup=c:\windows\pss\QuickBooks Database Server Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Windows Home Server.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Windows Home Server.lnk
backup=c:\windows\pss\Windows Home Server.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Roger Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
path=c:\users\Roger Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
backup=c:\windows\pss\Logitech . Product Registration.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Roger Martin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Remote Control.lnk]
path=c:\users\Roger Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Remote Control.lnk
backup=c:\windows\pss\Remote Control.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-22 22:11 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2010-09-23 08:42 38840 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2009-11-06 20:30 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2010-10-02 20:20 4537280 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-09-22 04:28 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDrvEmulator]
2005-11-05 01:07 49152 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-11-25 03:20 622592 ----a-w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-08-07 22:12 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-10-08 19:00 50592 ----a-w- c:\users\Roger Martin\AppData\Roaming\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 21:51 65536 ----a-w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative SB Monitoring Utility]
2009-05-25 10:51 98816 ----a-w- c:\windows\System32\SBAVMon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2005-10-31 17:51 57344 ------w- c:\program files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-03 00:29 190464 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-11-12 21:39 135664 ----atw- c:\users\Roger Martin\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 18:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 05:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 13:31 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
2009-07-16 20:35 5458704 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2010-05-07 22:35 165208 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 20:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 20:20 13939816 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCSystem]
2005-11-05 01:07 49152 ------w- c:\program files\Creative\Shared Files\Module Loader\DLLML.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SbUsb AudCtrl]
2005-05-26 09:52 128000 ----a-w- c:\windows\System32\sbusbdll.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERDVR]
2008-07-19 15:58 1265730 ----a-w- c:\program files\SuperDVR\SuperDVR\SUPERDVR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-306135885-520817206-1497213344-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 135664]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2006-09-13 128536]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-11-06 288112]
R3 esihdrv;esihdrv;c:\users\ROGERM~1\AppData\Local\Temp\esihdrv.sys [x]
R3 sbusb;Sound Blaster USB Audio Driver;c:\windows\system32\DRIVERS\sbusb.sys [2005-06-10 1694592]
R3 TD3004F60v;TD3004F60v;c:\windows\system32\DRIVERS\TD3004F60v.sys [2009-11-20 24612]
R3 TridVid;PVR-TV UB390-A;c:\windows\system32\DRIVERS\TridVid6010.sys [2008-11-20 254848]
R3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-06-17 20744]
S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2005-03-16 13696]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2009-10-07 239464]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-08-07 143467]
S2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-02-06 92800]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2009-10-07 97128]
S2 postgresql-9.0;postgresql-9.0 - PostgreSQL Server 9.0;C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N postgresql-9.0 -D C:/Program Files/PostgreSQL/9.0/data -w [x]
S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [2009-09-25 93960]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2009-10-07 376680]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2009-06-17 29192]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2009-06-17 25480]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2009-06-04 806272]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-10-20 130640]
S3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2009-10-20 89680]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 02:34]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-29 02:34]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-306135885-520817206-1497213344-1000Core.job
- c:\users\Roger Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 21:39]

2010-12-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-306135885-520817206-1497213344-1000UA.job
- c:\users\Roger Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-12 21:39]

2010-12-13 c:\windows\Tasks\User_Feed_Synchronization-{40FF2EC4-1694-4314-8B79-8A0F04F7CB2B}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: {6FC72608-E561-42F3-A011-D13CEA9C6348} = 192.168.52.55
DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/plugin/downloads/pc/1.4.0.82/WebSlingPlayer.cab
FF - ProfilePath - c:\users\Roger Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ciwwhue7.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Roger Martin\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\Roger Martin\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExt: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\Roger Martin\AppData\Roaming\Mozilla\Firefox\Profiles\ciwwhue7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-LogitechQuickCamRibbon - c:\program files\Logitech\Logitech WebCam Software\LWS.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-12 22:29
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0xD30BEF83
[0] 0x010A4488
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\postgresql-9.0]
"ImagePath"="C:/Program Files/PostgreSQL/9.0/bin/pg_ctl.exe runservice -N \"postgresql-9.0\" -D \"C:/Program Files/PostgreSQL/9.0/data\" -w"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(672)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-12-12 22:49:01
ComboFix-quarantined-files.txt 2010-12-13 03:48

Pre-Run: 481,271,984,128 bytes free
Post-Run: 491,421,954,048 bytes free

- - End Of File - - 54746B4018E6D4A1A681C4F6FC85E236

BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:06:52 AM

Posted 22 December 2010 - 04:40 AM

Hello and welcome to Bleeping Computer :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log



IMPORTANT NOTE: :nono:

ComboFix should not be run without the guidance of a helper. It is a powerful tool and is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private or regular use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Regards,
Georgi :hello:

cXfZ4wS.png


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 29 December 2010 - 05:13 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send a Private Message to any Moderator or the Malware Helper who replied to you here and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users